dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
3772

Sanguin
@qwest.net

Sanguin

Anon

[Malware] Multiple Infections

I'm hoping this machine isn't too far gone to recover. I uninstalled Norton 360 (was causing problems with my system) and TM (expired) today and I can install AVG if needed, but I wasn't sure if I needed to get my system clean before installing a new AV.

MBAM log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Paul :: PAUL-PC [administrator]

10/1/2013 9:52:10 AM
mbam-log-2013-10-01 (09-52-10).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 446273
Time elapsed: 23 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 91
HKCR\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (Adware.Agent) -> Quarantined and deleted successfully.
HKCR\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (Adware.Agent) -> Quarantined and deleted successfully.
HKCR\PricePeep.PricePeepBho.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKCR\PricePeep.PricePeepBho (Adware.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (Adware.Agent) -> Quarantined and deleted successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\SWEETIE.IEToolbar.1 (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\SWEETIE.IEToolbar (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Toolbar3.SWEETIE.1 (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Toolbar3.SWEETIE (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCR\AppID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\CLSID\{2A28729E-2280-4986-BDB4-EC2623EAFBA4} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\Interface\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\CLSID\{FDCC62B4-8059-4FCF-8B69-BD2EC413A6F2} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDCC62B4-8059-4FCF-8B69-BD2EC413A6F2} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDCC62B4-8059-4FCF-8B69-BD2EC413A6F2} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDCC62B4-8059-4FCF-8B69-BD2EC413A6F2} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FDCC62B4-8059-4FCF-8B69-BD2EC413A6F2} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FDCC62B4-8059-4FCF-8B69-BD2EC413A6F2} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDCC62B4-8059-4FCF-8B69-BD2EC413A6F2} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\SelectionLinks.SelectionLinksBHO.1 (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\SelectionLinks.SelectionLinksBHO (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCR\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCR\PricePeep.PricePeepBho.1 (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCR\PricePeep.PricePeepBho (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1 (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LessTabs (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCR\CLSID\{3178A392-8963-471E-B7A2-969CB58D6496} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8A2BBD3A-2130-4882-B198-863271F320DE} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCR\Interface\{39E6096A-E5CA-483A-A05C-AA967F48FD1C} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3178A392-8963-471E-B7A2-969CB58D6496} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3178A392-8963-471E-B7A2-969CB58D6496} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3178A392-8963-471E-B7A2-969CB58D6496} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3178A392-8963-471E-B7A2-969CB58D6496} (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\priam_bho.DLL (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.

Registry Values Detected: 10
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGHELPERAPP.EXE (PUP.Optional.SweetIM) -> Data: 1 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGTOOLBARPROXY.DLL (PUP.Optional.SweetIM) -> Data: 1 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: http://www1.delta-search.com/?affID=119351&tt=gc_&babsrc=HP_ss&mntrId=A80AA41731A92EE3 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Quarantined and deleted successfully.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> Quarantined and deleted successfully.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {2E6AF1B8-BB63-11E2-B811-A41731A92EE3} -> Quarantined and deleted successfully.
HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Data: 6447 -> Quarantined and deleted successfully.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {2E6AF1B8-BB63-11E2-B811-A41731A92EE3} -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN42180284573937173&UM=2&ctid=CT3286042) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.SweetPacks) -> Bad: (http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={2E6AF1B8-BB63-11E2-B811-A41731A92EE3}) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 37
C:\Users\Paul\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\Chrome (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\IE32 (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Firefox (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\IE (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Updater (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.

Files Detected: 203
C:\Program Files (x86)\PricePeep\pricepeep.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
C:\Program Files (x86)\OApps\SelectionLinks.dll (PUP.FaceThemes) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PricePeep\pricepeep.dll (PUP.Optional.PricePeep.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Yontoo\OptChrome.exe (PUP.Optional.OptChrome.A) -> Quarantined and deleted successfully.
C:\ProgramData\DnsBasic\dnsbasic112.exe (Adware.OneStep) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\bin\SPHook32.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\bin\SPRunner.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\bin\uninstall.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\mgHelperGC.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\nsd7C72.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\UpdUninstall.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\Chrome_Setup (1).exe (PUP.Optional.Ibryte) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\Chrome_Setup.exe (PUP.Optional.Ibryte) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\Extreme_Flash_Player_Setup.exe (PUP.Optional.Ibryte) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\FlashPlayer (1).exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\FlashPlayer.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\FlashPlayer_V.77219792c.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\google-chrome_V.154231512c.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\google-chrome_V.89572963c.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\google-chrome_V.89573887c.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\google-chrome_V.89577012c.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\google-chrome_V.89577245c.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\PCHS_PCC32_EN_ID399 (1).exe (PUP.Optional.PCCleaner.A) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\PCHS_PCC32_EN_ID399.exe (PUP.Optional.PCCleaner.A) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\Setup (1).exe (PUP.Optional.Ibryte) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\setup (2).exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\setup (3).exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\setup (4).exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\setup.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\Paul\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\bin\SPHook32.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\bin\SPRunner.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\bin\uninstall.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\a17b4e.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\David\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Pauline\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\terms-of-service.rtf (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\Uninstall.exe (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses\buildcrx-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses\Info-ZIP-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses\nsJSON-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\3rd Party Licenses\UAC-license.txt (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll (PUP.Optional.Lesstabs) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\uninstall.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\IE\favicon.ico (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\onstart.js (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_blank.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.

(end)
More logs to follow....

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

lilhurricane

Numquam oblita

[Malware] Re: Multiple Infections

said by Sanguin :

More logs to follow....

We'll be waiting

Sanguin
@qwest.net

Sanguin

Anon

AdwCleaner Log:
# AdwCleaner v3.006 - Report created 01/10/2013 at 11:55:19
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Paul - PAUL-PC
# Running from : C:\Users\Paul\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Users\Paul\AppData\Local\Conduit
Folder Deleted : C:\Users\Paul\AppData\Local\DefineExt
Folder Deleted : C:\Users\Paul\AppData\Local\Supreme Savings
Folder Deleted : C:\Users\Paul\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Paul\AppData\Local\Wajam
Folder Deleted : C:\Users\Paul\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Paul\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Paul\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Paul\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Paul\AppData\Roaming\Conduit
Folder Deleted : C:\Users\Paul\AppData\Roaming\DSite
Folder Deleted : C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Deleted : C:\Users\David\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Pauline\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Folder Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Folder Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
File Deleted : C:\END
File Deleted : C:\Users\Paul\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Windows\System32\Tasks\BrowserProtect
File Deleted : C:\Windows\Tasks\DSite.job

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gpaiibklhaneknloaoccoidbaffjjlnb
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKCU\Software\aede88bc6de541
Key Deleted : HKLM\SOFTWARE\aede88bc6de541
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3286042
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298569
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B5FC24D2-2DB1-4603-88BD-6E2E551138F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\Supreme Savings
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [13092 octets] - [01/10/2013 11:54:55]
AdwCleaner[S0].txt - [12345 octets] - [01/10/2013 11:55:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12406 octets] ##########
Sanguin

Sanguin to lilhurricane

Anon

to lilhurricane
Checkup log:
Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
[color=red]Windows Security Center service is not running! This report may not be accurate![/color]
Norton 360
Trend Micro Client/Server Security Agent Antivirus
[color=red]Antivirus out of date![/color]
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 21
Java 7 Update 25
[color=red]Java version out of Date![/color]
Adobe Reader XI
Google Chrome 29.0.1547.66
Google Chrome 29.0.1547.76
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Malwarebytes Anti-Malware mbam.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 6%
[u]````````````````````End of Log``````````````````````[/u]
Sanguin

Sanguin to lilhurricane

Anon

to lilhurricane
OTL.Txt
136,716 bytes
OTL log
Sanguin

Sanguin to lilhurricane

Anon

to lilhurricane
Extras Log:
OTL Extras logfile created on: 10/1/2013 12:04:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Paul\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.36 Gb Available Physical Memory | 79.64% Memory free
15.97 Gb Paging File | 13.98 Gb Available in Paging File | 87.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 930.74 Gb Total Space | 856.11 Gb Free Space | 91.98% Space Free | Partition Type: NTFS

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software Installer
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{100E94A6-F85A-E828-9EE3-C1DD14706B6A}" = AMD Catalyst Install Manager
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{237E305C-B625-466A-88CE-1E121BF4FDB1}" = Send To Neat
"{2EECD5EF-5095-467C-B80C-4AB3096EFD60}" = SPBA 5.9
"{30C2392C-C7D6-4FE2-9617-05D2C6E9D3EE}" = Wave Infrastructure Installer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3DCDFCDB-4D96-4CF0-9BB3-C91DAE9073F3}" = PC-CCID
"{4E60E212-3177-4B16-BCB3-616CCC52357D}" = Upek Touchchip Fingerprint Reader
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer
"{5F5CBF39-BD29-43C8-B63A-B9758F0FD090}" = EMBASSY Client Core
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}" = Intel(R) Network Connections 16.8.45.00
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6AC87FB3-ACFC-4416-890C-8976D5A9B371}" = Trusted Drive Manager
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7206B668-FEE0-455B-BB1F-9B5A2E0EC94A}" = Custom
"{7AA348CE-190E-416B-839E-68E33CFEB580}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{7EA2D88A-C8B7-4102-8644-0A437B6FC143}" = Neat Mobile Scanner Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}" = Neat ADF Scanner 2008 Driver
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{91CE5F03-3A2A-4268-935A-04944F058AE9}" = Gemalto
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DAED4FC-2B0E-4F3F-8141-F2ABF02CCFCB}" = BioAPI Framework
"{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}" = Neat ADF Scanner Driver
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Data Protection | Access
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D021AEE9-18D2-1F56-46DA-CD72CA3E97F0}" = ccc-utility64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}" = Neat Mobile Scanner (Silver) Driver
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}" = Neat Mobile Scanner 2008 Driver
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E9A97832-83B6-42B6-BAC6-492E344C2561}" = NTRU TCG Software Stack
"{F4D304D9-7647-4253-957E-44286B8631F4}" = HP Unified IO
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F839C6BD-E92E-48FA-9CE6-7BFAF94F7096}" = DellAccess
"0B1DCCBA5BC4F4EEFC1C4D6AC8B27D2393A38E9B" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssaeunic) USB (02/05/2010 5.14.0.0)
"0E7272CE1AFA7996DFC0F8B0B359D995AA4DB9A1" = Windows Driver Package - Motorola (motport) Ports (06/08/2012 5.0.0.0)
"1094B5BC21E9E962B506E05A69705228F8A5273A" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssadserd) Ports (05/13/2011 5.28.2.1)
"1189BFED67524133874A995F6EE63DC76C2083C1" = Windows Driver Package - LG Electronics, Inc. Net (03/07/2012 3.7.0.0)
"12C994695E7E2B88AD95A9735C24954239BEAE17" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (sscdmdm) Modem (11/11/2010 5.16.0.2)
"14AE004B19BD3BB393FF6268715C15E1F14216E8" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssaemdm) Modem (02/05/2010 5.14.0.0)
"1D537EE1DAD90A300DC0325C62C72E6ACF2D2D65" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssceserd) Ports (10/09/2009 5.02.0.0)
"1F35118DF730077690CF2BAEBDAC57D2138F7E44" = Windows Driver Package - Motorola (motusbdevice) USB (06/08/2012 1.1.3.0)
"2301BE174B73BC5F63B7CAD6932299F0929C08B2" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. WPD (08/31/2012 2.9.505.0831)
"26B4A31470CDCEEEA1A53E4A59FAB923B43A110E" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssudmdm) Modem (08/31/2012 2.9.505.0831)
"37C6E863D718F6363FBAC33FBAAA927F5DC2A43E" = Windows Driver Package - LG Electronics Inc. (AndGps) Ports (11/30/2010 2.2.0.0)
"38207DB32AC6A59CE6075F5AAE1448040FAC76DB" = Windows Driver Package - LG Electronics Inc. (AndDiag) Ports (11/30/2010 2.2.0.0)
"3DC1E396CEBB6BD7F49EA3CE751E35B9CDCC0972" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (sscdbus) USB (11/11/2010 5.16.0.2)
"3E885DDD8DE7247FEBCE2F5FEF86A3664DF51FEC" = Windows Driver Package - Motorola (bqusbser) Ports (02/24/2009 1.1.0.0)
"3F162CA9EF5A33FF16B97554663A71E35053783E" = Windows Driver Package - LG Electronics Inc (ANDModem) Modem (11/30/2010 2.2.0.0)
"4478FD8A17EBB830FFCEB0711D2F0FB5FE045A09" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. Net (08/31/2012 2.9.505.0831)
"46D28B033482A13C68B1777C399248A0FE510D1A" = Windows Driver Package - Motorola (bqusbser) Modem (02/24/2009 1.1.0.0)
"473A826891238E0A7004C32246D77CFDEDF4A65E" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssadbus) USB (05/13/2011 5.28.2.1)
"4D55218052428488AFE6BA93FABC783E658657A7" = Windows Driver Package - LG Electronics Inc. (Andbus) USB (11/30/2010 2.2.0.0)
"5A454C002BB9011E261D0C1B7E846CD23A1D1806" = Windows Driver Package - LG Electronics, Inc. WPD (03/07/2012 3.7.0.0)
"5BAD868F0BB659A66CAB11EB79E98ECCA707FAAE" = Windows Driver Package - Android-Sync.com (WinUSB) AndroidUsbDeviceClass (05/01/2013 13.0.0501.00000)
"603A5E6148EA90E9E55AEAE6A3415D542C6633F8" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssudobex) Ports (08/31/2012 2.9.505.0831)
"65A0EC5C997DEB2CCF16DAB60F7FD025088FA983" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssadmdm) Modem (05/13/2011 5.28.2.1)
"75005F34035E512FEEBCAE8E47C427F0D5B95E92" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssaend5) Net (02/05/2010 5.14.0.0)
"7972D4F247E02C0849331540773B9ABFA384B182" = Windows Driver Package - LG Electronics Inc. (Andbus) USB (11/30/2010 2.2.0.0)
"8328654005D05C83C119D86532E4C3EA03DD4067" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssuddmgr) Ports (08/31/2012 2.9.505.0831)
"8CDE6EEFC346A059EC210060FC7B7DAA8279D584" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssaebus) USB (02/05/2010 5.14.0.0)
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"97541C74689007984DD12A4E0B349E2F96A66C2F" = Windows Driver Package - LG Electronics, Inc. Net (03/07/2012 3.7.0.0)
"9F5D55CA59818FDD3D5CEB25BE1B0FCF5393EFEF" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (sscemdm) Modem (10/09/2009 5.02.0.0)
"A185B27219B7757BA7055C38FA3E10B588031413" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (dg_ssudbus) USB (08/31/2012 2.9.505.0831)
"A3F0461CF2623C40BC42C38D4C0E7319E5C458CA" = Windows Driver Package - LG Electronics Inc. (AndDiag) Ports (11/30/2010 2.2.0.0)
"A43025A72B6CC28CB38B93867B2740C581E3B100" = Windows Driver Package - LG Electronics Inc (ANDModem) Modem (11/30/2010 2.2.0.0)
"AE94D92D11D453B29C8587BB640E52F5BB0FCF4A" = Windows Driver Package - Android-Sync.com (WinUSB) AndroidUsbDeviceClass (03/30/2013 13.0.0330.00000)
"BC0FC97093ED911878848F7852D617BA23E42F68" = Windows Driver Package - LG Electronics Inc. (AndGps) Ports (11/30/2010 2.2.0.0)
"BDE134075C5EB079E606351CBB25D6785210D594" = Windows Driver Package - LG Electronics, Inc. (andnetndis) Net (03/07/2012 3.7.0.0)
"C33CF0FB0990B3538506509270602B0B5D644E49" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (sscdserd) Ports (11/11/2010 5.16.0.2)
"CC16886829EBCBDE3BFDAE395E74FACD43F1386F" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. Net (05/13/2011 5.28.2.1)
"CCleaner" = CCleaner
"D0D70453248CA2C23E4C653B7F8C2E27B2047C81" = Windows Driver Package - Motorola (motccgp) USB (06/08/2012 3.3.0.0)
"D36EE4906646B97CE2BD22721B14257AC200360E" = Windows Driver Package - Motorola (usbser) Ports (03/30/2012 1.0.0.0)
"DW WLAN Card Utility" = DW WLAN Card Utility
"E4F147629ED19D861019F10EE74074C3077C3FBD" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssudserd) Ports (08/31/2012 2.9.505.0831)
"E670C2A33F5DE62100C1BF6291C8DBBCE5457692" = Windows Driver Package - LG Electronics, Inc. (andnetndis) Net (03/07/2012 3.7.0.0)
"EC59CFD8B4CBED0A412E4B22DAB4C565DE2E79D5" = Windows Driver Package - Motorola (motmodem) Modem (06/08/2012 5.0.0.0)
"ECE68E19FAAEB5C5ACC855B195FBCB21217053BE" = Windows Driver Package - SAMSUNG Electronics Co., Ltd. (sscebus) USB (10/09/2009 5.02.0.0)
"EE7300AD4427B38D8BB9A77F148002562AF11EA9" = Windows Driver Package - Motorola (motandroidusb) USB (06/08/2012 1.2.13.0)
"F0EE2BD961E485B5B5AE20058D7FEC68F3C0DE1D" = Windows Driver Package - Motorola (Motousbnet) Net (06/08/2012 2.6.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSetDX" = Intel(R) Network Connections 16.8.45.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01709BCA-8553-4B46-8A75-DBCCAC95DD62}" = Hoyle Card Games 2012
"{04566294-A6B6-4462-9721-031073EB3694}" = Dell Client System Update
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C779D9C-FD0F-4A53-86BE-3D53E58B2900}" = HPLJUTCore
"{1125FC8E-975D-47BD-943D-0DFE0E2358B9}" = hppM351_M451LaserJetService
"{14CF9AF8-10A6-4FA7-9E57-D22DBD644C77}" = HP Unified IO
"{15CA73D8-3C82-4BAE-86CD-945BF9620516}" = HP LJ300-400 color M351-M451
"{180D6813-95E0-415C-B58A-5B9493DE2DDA}" = hppLaserJetService
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E5C7043-09C5-4974-A69F-A5271FD82BBC}" = PlayMemories Home
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210DD1FC-AAF8-4357-25FE-89E699BDB62E}" = CCC Help Greek
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{25E11B5A-4817-4296-A260-235AE77B1708}" = hpStatusAlertsM351_M451
"{266E41AB-D928-4AF2-A8E4-B24E31F5758C}" = ASUS RT-AC66U Wireless Router Utilities
"{26A24AE4-039D-4CA4-87B4-2F83217021F0}" = Java 7 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{27B201A5-A73B-1E7E-0C62-978A1B4A6696}" = CCC Help Danish
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29725F9E-027A-22DC-7B17-9413A5C5E51C}" = CCC Help Polish
"{2E1BA46C-A45B-F2C8-1197-0CEB4EB77F70}" = CCC Help Hungarian
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{2F739B19-3A61-40E3-8014-A9BB228E49DB}" = ASUS Wireless Router RT-AC66U Manuals
"{32C0FD10-8FB4-427E-A16F-ED57C9343CF0}" = InstanceFinder
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3528D412-5EEA-AAEA-AF64-9ADEE903D7D5}" = CCC Help English
"{383FCD28-9484-48AC-9397-C8FCD9D8F76E}" = Catalyst Control Center - Branding
"{39D555D6-3DB9-B304-042B-185E5FEBEF97}" = Catalyst Control Center InstallProxy
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3D8BC028-6977-2124-8314-A480AFD53C20}" = CCC Help Korean
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5AF1A5-68C6-63B6-9550-B0BBDEFCA76F}" = CCC Help Chinese Standard
"{40B415DD-63CB-7269-F7F8-BD2A06792785}" = CCC Help French
"{4587AD12-30F6-F902-299B-BD8428E7F090}" = Catalyst Control Center
"{46A99EAE-98DA-4BE5-94C3-D41BA4C266DA}" = hpStatusAlerts
"{48614A34-564D-1F2B-7D2E-8814113BDEA8}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A47438B-3146-4B9E-94A5-1EEAE3C36C53}" = Tableau Reader 8.0
"{4B055C77-BC0F-623F-5A73-F7D5012987DB}" = CCC Help Finnish
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4DB573AF-032C-482F-A262-F30DF9A65CC5}" = Team Developer 6.0 Deployment
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54ED5964-9FEF-C9F8-F5D7-2663AFFD0C13}" = CCC Help Czech
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}" = HPLJDXPHelper
"{601DAC8F-4594-11E2-A2E7-B8AC6F97B88E}" = Google Earth Pro
"{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}" = hpbDSService
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6930AC06-C380-421E-91FE-9CA29D21D83E}" = hppToolboxProxyM351
"{703BB500-F54C-4F33-9D3C-D7A28CEAFBCF}" = toolkit32for64bit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{751F6C35-7A18-EAB6-AD50-ADAA4C5DD103}" = Catalyst Control Center Profiles Desktop
"{768012C6-AB93-3FDE-C3F6-6C0606948568}" = CCC Help Italian
"{78C07322-CA1D-98B6-14CE-476F125081B2}" = CCC Help Swedish
"{7DE49DE7-5B57-4AD9-9AD8-ACDD0DC07FD9}_is1" = AgStar
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{850C7BC5-8CBC-4635-552E-C0AD6A0EA01E}" = Catalyst Control Center Graphics Previews Common
"{8B8EE744-5D73-3AAC-52FB-43517C1CFA0B}" = CCC Help Spanish
"{8C0600A3-E772-4FC8-A67D-ED110E69665C}" = Wave Crypto Runtime 2.0.7.0 x86
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9416A209-B8AD-4FE5-A893-3BDA6E9BDEC5}" = HP Product FWUpdater
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{99432E4C-1189-4887-9D75-DAA796015FFD}" = Neat Core Files
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3A232F-57E6-595E-1F77-637AFF16580C}" = CCC Help Thai
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A282AFAB-F862-FF2E-44FB-22AA15E54AAA}" = CCC Help Chinese Traditional
"{A69EAF80-2710-6AD2-8515-2C27CE1B5802}" = CCC Help Turkish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{AE72A9DF-CF98-6D61-841E-32EBD9A2A74E}" = CCC Help Portuguese
"{B148E192-F289-4297-85BF-70E2A422EB25}_is1" = Android-Sync v1.026
"{B15E6BBB-6AB4-3B2B-54AE-A1B874FA5469}" = CCC Help German
"{B64E0B43-A452-4B25-93DD-E5C6645A534A}" = ToolboxProxy
"{BD019D8F-25B9-49D6-B301-07AFF65E35DD}" = HPLaserJet300-400ColorM351-M451Series_HelpLearnCenter_SI
"{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}" = BlackBerry Desktop Software 7.1
"{BF2198EB-503D-4E0B-89FB-509AADD6D545}" = hpbM351M451DSService
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6A344E9-6D72-560C-4A5E-93E6CA0EDDF7}" = CCC Help Russian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D10D4895-3630-B0A7-B575-7D1735E588A7}" = CCC Help Norwegian
"{D1BD700E-92C1-4F3E-B934-0140440B336A}" = CardScan 7.0.5
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E25710A1-F024-4BAF-898C-32703F047737}" = HPLJUTM351-M451
"{E3D5CBA4-1B99-4E8B-A46E-01B08E78D81C}" = CardScan for Outlook
"{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}" = LJDXPHelperUI
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C7FDC9-0B49-A5EC-7987-3C17D7045462}" = CCC Help Japanese
"{F838C3DD-5785-4F19-AD0F-BD532C8A31F4}" = HTC Sync Manager
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FBFD7411-739D-B207-5B40-59EF15873810}" = Catalyst Control Center Localization All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"Borland Database Engine_is1" = Borland Database Engine 5.2
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HTC_WModemDriver" = WModem Driver Installer
"InstallShield_{4DB573AF-032C-482F-A262-F30DF9A65CC5}" = Team Developer 6.0 Deployment
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Neat" = Neat
"Norton PC Checkup_is1" = Norton PC Checkup
"Office14.SingleImage" = Microsoft Office Professional 2010
"Printfil_is1" = Printfil 4.0-3 3 OEM FoodOrigins
"Sendori" = Sendori
"sl-cb" = SelectionLinks
"The Weather Channel App" = The Weather Channel App
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"WinLiveSuite" = Windows Live Essentials

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 9/5/2013 11:32:38 AM | Computer Name = Paul-PC | Source = SendoriService | ID = 99
Description = In the enable methodObject reference not set to an instance of an
object.

Error - 9/5/2013 11:32:39 AM | Computer Name = Paul-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/5/2013 11:58:12 AM | Computer Name = Paul-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 9/5/2013 11:58:16 AM | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TWCApp.exe, version: 7.5.3.0, time stamp:
0x51c84ddd Faulting module name: Sendori.dll, version: 2.2.1.5, time stamp: 0x5073643e
Exception
code: 0xc0000005 Fault offset: 0x00007046 Faulting process id: 0x1a44 Faulting application
start time: 0x01ceaa4dde0502a8 Faulting application path: C:\Program Files (x86)\The
Weather Channel\The Weather Channel App\TWCApp.exe Faulting module path: C:\Windows\system32\Sendori.dll
Report
Id: f9736adb-1643-11e3-beb2-000af704718e

Error - 9/6/2013 1:37:17 PM | Computer Name = Paul-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/6/2013 1:38:06 PM | Computer Name = Paul-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 9/6/2013 1:38:24 PM | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TWCApp.exe, version: 7.5.3.0, time stamp:
0x51c84ddd Faulting module name: Sendori.dll, version: 2.2.1.5, time stamp: 0x5073643e
Exception
code: 0xc0000005 Fault offset: 0x0000838e Faulting process id: 0xd10 Faulting application
start time: 0x01ceab27ac41d773 Faulting application path: C:\Program Files (x86)\The
Weather Channel\The Weather Channel App\TWCApp.exe Faulting module path: C:\Windows\system32\Sendori.dll
Report
Id: 20f7ec01-171b-11e3-84b3-000af704718e

Error - 9/6/2013 2:00:37 PM | Computer Name = Paul-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/6/2013 2:41:20 PM | Computer Name = Paul-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 9/6/2013 2:41:21 PM | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TWCApp.exe, version: 7.5.3.0, time stamp:
0x51c84ddd Faulting module name: Sendori.dll, version: 2.2.1.5, time stamp: 0x5073643e
Exception
code: 0xc0000005 Fault offset: 0x00007046 Faulting process id: 0xb00 Faulting application
start time: 0x01ceab2ae61a2743 Faulting application path: C:\Program Files (x86)\The
Weather Channel\The Weather Channel App\TWCApp.exe Faulting module path: C:\Windows\system32\Sendori.dll
Report
Id: ec1a8007-1723-11e3-a928-000af704718e

[ Broadcom Wireless LAN Events ]
Error - 9/6/2013 1:37:27 PM | Computer Name = Paul-PC | Source = WLAN-Tray | ID = 0
Description = 10:37:27, Fri, Sep 06, 13 Error - Unable to set enhanced country code

Error - 9/6/2013 2:01:17 PM | Computer Name = Paul-PC | Source = WLAN-Tray | ID = 0
Description = 11:01:17, Fri, Sep 06, 13 Error - Unable to set enhanced country code

Error - 9/7/2013 12:01:06 PM | Computer Name = Paul-PC | Source = WLAN-Tray | ID = 0
Description = 09:01:06, Sat, Sep 07, 13 Error - Unable to set enhanced country code

Error - 9/8/2013 1:28:54 PM | Computer Name = Paul-PC | Source = WLAN-Tray | ID = 0
Description = 10:28:54, Sun, Sep 08, 13 Error - Unable to set enhanced country code

Error - 9/9/2013 12:52:07 PM | Computer Name = Paul-PC | Source = WLAN-Tray | ID = 0
Description = 09:52:07, Mon, Sep 09, 13 Error - Unable to set enhanced country code

Error - 9/10/2013 12:46:23 PM | Computer Name = Paul-PC | Source = WLAN-Tray | ID = 0
Description = 09:46:23, Tue, Sep 10, 13 Error - Unable to set enhanced country code

Error - 9/11/2013 12:08:19 PM | Computer Name = Paul-PC | Source = WLAN-Tray | ID = 0
Description = 09:08:19, Wed, Sep 11, 13 Error - Unable to set enhanced country code

Error - 9/11/2013 12:17:10 PM | Computer Name = Paul-PC | Source = WLAN-Tray | ID = 0
Description = 09:17:10, Wed, Sep 11, 13 Error - Unable to set enhanced country code

Error - 9/30/2013 2:22:55 PM | Computer Name = Paul-PC | Source = WLAN-Tray | ID = 0
Description = 11:22:55, Mon, Sep 30, 13 Error - Unable to get current user admin
status

[ SendoriLogs Events ]
Error - 10/1/2013 12:08:31 PM | Computer Name = Paul-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 10/1/2013 12:13:31 PM | Computer Name = Paul-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 10/1/2013 12:18:31 PM | Computer Name = Paul-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 10/1/2013 12:23:31 PM | Computer Name = Paul-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

[ System Events ]
Error - 6/19/2013 1:41:16 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
following error: %%1053

Error - 6/19/2013 1:41:39 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7034
Description = The DefaultTabSearch service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/20/2013 2:10:38 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 6/20/2013 2:11:12 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Computer
Backup (MyPC Backup) service to connect.

Error - 6/20/2013 2:11:12 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
following error: %%1053

Error - 6/20/2013 2:11:26 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7034
Description = The DefaultTabSearch service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/20/2013 4:43:09 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 6/20/2013 4:43:40 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Computer
Backup (MyPC Backup) service to connect.

Error - 6/20/2013 4:43:40 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
following error: %%1053

Error - 6/20/2013 4:43:52 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7034
Description = The DefaultTabSearch service terminated unexpectedly. It has done
this 1 time(s).
Sanguin

Sanguin to lilhurricane

Anon

to lilhurricane
ESET did find some things and fixed them, but it had me reboot the computer (I think it was ESET that caused the reboot) and now I'm not sure where the log is at. Are those kept around somewhere?
Sanguin

Sanguin

Anon

I also forgot to mention that the Windows Security Center service won't start up. It throws an error if I try to do it manually.

lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone

lilhurricane to Sanguin

Numquam oblita

to Sanguin
said by Sanguin :

I'm not sure where the log is at. Are those kept around somewhere?

Log files should be located at C:\Program Files\EsetOnlineScanner\log.txt - even if the app was uninstalled

---or for 64bit Windows: C:\Program Files\ESET Online Scanner\log.txt

Copy and paste that log into your next reply, along with a description of any remaining problems

Sanguin
@qwest.net

Sanguin

Anon

Thanks, here it is:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d2d0ed34cc74bc4e9b041a28cbff009a
# engine=15323
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-01 06:40:05
# local_time=2013-10-01 11:40:05 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 29 6741364 11928234 0 0
# scanned=195263
# found=5
# cleaned=5
# scan_time=3992
sh=28B29A0AA2F451EC3837933CE5B1BD353CF0DF3E ft=1 fh=d9a532cac918a019 vn="MSIL/Adware.StrongVault.A application (cleaned by deleting - quarantined)" ac=C fn="C:\AI_RecycleBin\{1BDC1625-7F86-477B-8490-7E86B5F6E6F3}\3\Strongvault\StrongVaultApp.exe"
sh=28B29A0AA2F451EC3837933CE5B1BD353CF0DF3E ft=1 fh=d9a532cac918a019 vn="MSIL/Adware.StrongVault.A application (cleaned by deleting - quarantined)" ac=C fn="C:\AI_RecycleBin\{D54DDA6D-5F32-4238-9A1B-EE893F484C5B}\3\Strongvault\StrongVaultApp.exe"
sh=15977FEE4E2177992185505D5D36448AC89086EF ft=1 fh=c71c0011977e947d vn="a variant of Win32/AdWare.OneStep.CL application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\DnsBasic\dnsbasic.dll"
sh=443564CF2783A21B33E9241CBBAA3703C3AED39D ft=1 fh=f82cf47f67a3f09d vn="a variant of Win32/Adware.iBryte.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Paul\Downloads\downloadmanager_Setup (1).exe"
sh=44F0B38D4ECEC681245B11D6E7A62F723C207AA6 ft=1 fh=21d7bc981d0dbb16 vn="a variant of Win32/Adware.iBryte.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Paul\Downloads\downloadmanager_Setup.exe"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

1 recommendation

LoPhatPhuud to Sanguin

MVM

to Sanguin
Please download Junkware Removal Tool to your desktop.
»www.bleepingcomputer.com ··· al-tool/

1. Shut down your protection software now to avoid potential conflicts.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double- clicking, right-mouse click JRT.exe and select "Run as Administrator".
3. The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

6. Post the contents of JRT.txt into your next message.

Sanguin
@qwest.net

Sanguin

Anon

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Ultimate x64
Ran by Paul on Wed 10/02/2013 at 17:03:16.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\otshot

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4095140257-976446707-2899445453-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3552D63B-BC7E-4DFA-BA78-E5831325A78F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5A237B8F-094A-483A-BB4D-3A4D1D34D382}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D9D4BC59-ACCD-43F0-AD63-7CD55BD7949E}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\Paul\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Users\Paul\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\Paul\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\otshot"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/02/2013 at 17:06:33.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

1 recommendation

LoPhatPhuud to Sanguin

MVM

to Sanguin
There certainly was a lot of "junk" on this computer, and some is still there.

Whether I recommend reformat/reinstall or not will be determined by the result of the next step. If there are any signs of a rootkit, then my only recommendation will be reformat/reinstall.

The logs so far don't show any, but they are good at hiding.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.



  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.



  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  • Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If 'Suspicious' objects are detected, Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.



-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.


Sanguin
@qwest.net

Sanguin

Anon

I attached the log file. Looks like it is clear of rootkits, hopefully.

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud to Sanguin

MVM

to Sanguin
The TDSS Killer log was clean. So far no signs of a compromised OS so we can continue cleaning.

First:
I want to remove any leftovers from previous AV products. Run the removal tools for Norton and Trend Micro. You'll find the download links, etal, at the following links:

»support.norton.com/sp/en ··· le_en_us

»esupport.trendmicro.com/ ··· 551.aspx

Second:
Use Add/Remove Programs (Program Features) to uninstall the following:
Sendori
SelectionLinks

Third:
At this point it wise to install an AV if the computer will be online other than just for downloading any programs need for cleaning.

You can install the product of your choice or use MSE from Microsoft.

Fourth:
Run OTL again, and post or attach the log in this thread. Not that there will not be a new Extras log.

Sanguin
@qwest.net

Sanguin

Anon

By the way, the error code starting up the Windows Security Center is 0x80070424. Some searching has some people suggesting the zero access rootkit. I assume we've ruled that out with the Rootkit scan we did earlier?
Sanguin

Sanguin to LoPhatPhuud

Anon

to LoPhatPhuud
OTL.Txt
143,100 bytes
OTL Log attached. AVG is now installed.

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

1 recommendation

LoPhatPhuud to Sanguin

MVM

to Sanguin
I had you run TDSS Killer not so much to check for the TDLx variety of rootkits, as to check the OS files for corruption. The result was negative.

There are many reasons why you could be getting the error message from Windows Security Center. I am aware of a few patches via Microsoft FixIts that may apply.

Microsoft is the preferred source for a solution and after we are done here, I recommend posting in the appropriate Microsoft Answers Forum for a solution.

Now back to business here. Only a few items of cleanup remain, then we can cleanup.

First:
Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, copy and paste the contents of the following box:


:OTL
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Once you see a message box "Fix complete! Click OK to open the fix log."
[*]Click the OK button
[*]The log will open in Notepad (your default text editor).
{*]Save the log. Post a copy of that log in your next reply.


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Second:
Advise what issues, if any, still remain unresolved other than the Windows Security Center error.

Sanguin
@qwest.net

Sanguin

Anon

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bart
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: David
->Temp folder emptied: 304587 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Paul
->Temp folder emptied: 99146081 bytes
->Temporary Internet Files folder emptied: 17720993 bytes
->Java cache emptied: 170371 bytes
->Google Chrome cache emptied: 28238753 bytes
->Flash cache emptied: 669 bytes

User: Pauline
->Temp folder emptied: 76844 bytes
->Temporary Internet Files folder emptied: 128 bytes

User: Public

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15965325 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 87943 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 648 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 452211542 bytes
RecycleBin emptied: 1535640 bytes

Total Files Cleaned = 587.00 mb

[EMPTYFLASH]

User: All Users

User: Bart

User: David

User: Default

User: Default User

User: Paul
->Flash cache emptied: 0 bytes

User: Pauline

User: Public

User: TEMP

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10042013_082240

Files\Folders moved on Reboot...
C:\Users\Paul\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.
C:\Windows\temp\wbxtra_10032013_110229.wbt moved successfully.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Sanguin

Sanguin to LoPhatPhuud

Anon

to LoPhatPhuud
Everything seems to be running mostly fine at this point. The only issue I've noticed is a very long login process where I put in my password on the login screen, then it goes to a black screen for about 2 minutes.

LoPhatPhuud
MVM
join:2002-01-06
Albuquerque, NM

LoPhatPhuud to Sanguin

MVM

to Sanguin
OK, then let's cleanup. We've the most we can here. For the Windows Security Center, post in the appropriate forum at Microsoft Answers.
»answers.microsoft.com/en-us

Be sure to supply a link to this thread so they can use it.

Cleaning Up:

Delete TFC:
  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete AdwCleaner:
  • Double click the AdwCleaner icon on your Desktop
  • Press the 'Uninstall' button

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL Cleanup procedure, we will provide separate removal instructions.

Sanguin
@qwest.net

Sanguin

Anon

Ok, thanks for your assistance!