Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan? SysWOW64/rundll32 impersonator?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan? SysWOW64/rundll32 impersonator?

Unread postby Zynthiel » June 25th, 2014, 2:10 pm

Hello, I have noticed my computer's cpu usage has gone up whenever a program called "rundll32.exe" is running. At times, its taking up 25-50% of CPU and normally, I read that there's only suppose to be two rundll32's at once. So, I checked the file path and It led me to a folder called "SysWOW64". I've ran out of ideas on how to further try and eliminate this virus or whatever it is as I am not technical person. I wish I can elaborate more, but that is all I have observed. Please help and Thanks in advance!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.55.2
Run by jack at 10:56:38 on 2014-06-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.849 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Gyazo\GyStation.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\jack\AppData\Local\Akamai\netsession_win.exe
C:\Users\jack\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://speedial.com/?f=1&a=spd_ir_14_22 ... 576135&ir=
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5w4701v356
mStart Page = hxxp://speedial.com/?f=1&a=spd_ir_14_22 ... 576135&ir=
uProxyOverride = <local>;localhost;*.local
uURLSearchHooks: {9565115d-c7d6-46d3-bd63-b67b481a4368} - <orphaned>
uURLSearchHooks: {51a86bb3-6602-4c85-92a5-130ee4864f13} - <orphaned>
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - <orphaned>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll
BHO: {CD292324-974F-4224-D074-CACA427AA030} - <orphaned>
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Swag Bucks Toolbar: {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll
uRun: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe
uRun: [Akamai NetSession Interface] "C:\Users\jack\AppData\Local\Akamai\netsession_win.exe"
uRun: [uTorrent] "C:\Users\jack\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Google Update] "C:\Users\jack\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleChromeAutoLaunch_855D992E5E0301D5902D627292A8C69B] "C:\Users\jack\AppData\Local\Google\Chrome SxS\Application\chrome.exe" --no-startup-window
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
uRun: [GoogleChromeAutoLaunch_790AC30E8F2B478C5DE05AA86194D867] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/Mi ... b56986.cab
TCP: NameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{AC236C49-CE18-4971-B79F-1BBBFD0262C5} : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{AC236C49-CE18-4971-B79F-1BBBFD0262C5}\4554C4553503436313D223E24374 : DHCPNameServer = 192.168.1.254 75.153.176.9
TCP: Interfaces\{AC236C49-CE18-4971-B79F-1BBBFD0262C5}\C696C697 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\optimi~1\optpro~2.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://speedial.com/?f=1&a=spd_ir_14_22 ... 576135&ir=
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jack\AppData\Roaming\Mozilla\Firefox\Profiles\jztv8gxs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}&CUI=UN11204657112359530
FF - prefs.js: browser.startup.homepage - hxxp://speedial.com/?f=1&a=spd_ir_14_22 ... 576135&ir=
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 530&UM=&q=
FF - prefs.js: browser.search.selectedEngine - Speedial
FF - ExtSQL: 2014-06-23 15:38; {fa95f577-07cb-4470-ac90-e843f5f83c52}; C:\Users\jack\AppData\Roaming\Mozilla\Firefox\Profiles\jztv8gxs.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}
FF - ExtSQL: 2014-06-23 15:38; iuhzfg6-rf@uaombtbib.edu; C:\Users\jack\AppData\Roaming\Mozilla\Firefox\Profiles\jztv8gxs.default\extensions\iuhzfg6-rf@uaombtbib.edu
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - a01615f800000000000000ff5a240d71
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15979
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.620:22:06
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tsp=5022
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
.
.
.
FF - user.js: extensions.nspdlsd.aflt - spd_ir_14_22_ch
FF - user.js: extensions.nspdlsd.instlRef - 142905_b
FF - user.js: extensions.nspdlsd.cr - 1086576135
FF - user.js: extensions.nspdlsd.cd - 2XzuyEtN2Y1L1QzuyB0AyBzytCzytD0DtB0EtAyBtCyD0FzztN0D0Tzu0SzzzztBtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDtDtAzzzytCtB0FtGzytB0FyBtGyEyE0BzztG0FtAyBtCtGyCyEtAtDzz0B0ByDtC0DyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtAzyyC0E0A0DyDtGtD0ByCzytGtD0DyD0CtGyDyD0DyBtGtD0AtDyEyByBzz0BtAtDtB0C2Q
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-6-21 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-6-21 189936]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2011-5-28 25312]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-6-21 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-6-21 378944]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2011-5-28 26624]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R2 70e6ca8c;Optimizer Pro Crash Monitor;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-6-21 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-6-21 80816]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-5-13 2228048]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-4-15 377616]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-22 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-22 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-18 15125280]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-3-26 3560288]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-6-9 243232]
R2 WSWNA1100;WSWNA1100;C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2011-5-28 278528]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2011-5-28 1827328]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-9 50208]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-1-20 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-11-18 39200]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-21 46808]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-2 5174392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 Update Whilokii;Update Whilokii;"C:\Program Files (x86)\Whilokii\updateWhilokii.exe" --> C:\Program Files (x86)\Whilokii\updateWhilokii.exe [?]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-8-20 245760]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-3 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2011-5-28 954368]
S3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2007-5-9 16032]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-2-1 305520]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2012-9-23 18360]
S3 p2pfilter;p2pfilter;C:\Program Files (x86)\p2pover\p2pfilter.sys [2005-5-10 4524]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-22 19456]
S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\drivers\RzMaelstromVAD.sys [2013-11-21 40696]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
S3 tapSF0901;Spotflux TAP Device Driver;C:\Windows\System32\drivers\tapSF0901.sys [2013-3-7 38664]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-22 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-21 1255736]
S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem --> C:\Windows\System32\xsherlock.xem [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-06-25 04:11:07 1031560 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F7015FA5-4577-494F-B3B4-2EAA196883A0}\gapaengine.dll
2014-06-25 04:10:03 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{692B4A67-E9AA-436A-8188-2D61A1F9FA2C}\mpengine.dll
2014-06-25 03:51:00 10779000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-25 03:25:19 -------- d-----w- C:\Windows\SysWow64\catroot
2014-06-25 03:21:34 -------- d-----w- C:\Windows\SysWow64\0409
2014-06-25 03:09:39 -------- d-----w- C:\Users\jack\AppData\Roaming\dll-files.com
2014-06-25 03:09:32 -------- d-----w- C:\ProgramData\Logs
2014-06-25 03:09:29 -------- d-----w- C:\Program Files (x86)\Dll-Files.com Fixer
2014-06-25 02:08:45 -------- d-----w- C:\Windows\SysWow64\wbem\Logs
2014-06-25 00:07:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-24 23:55:08 -------- d-----w- C:\ProgramData\RogueKiller
2014-06-23 22:38:46 -------- d-sh--w- C:\Users\jack\AppData\Local\EmieUserList
2014-06-23 22:38:46 -------- d-sh--w- C:\Users\jack\AppData\Local\EmieSiteList
2014-06-22 21:59:28 -------- d-----w- C:\Users\jack\AppData\Local\Packages
2014-06-22 21:59:13 -------- d-----w- C:\ProgramData\tperfeecttCOuapon
2014-06-21 06:40:26 -------- d-----w- C:\ProgramData\d7eb12423d4129ba
2014-06-11 17:20:14 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-11 17:20:10 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-03 22:44:40 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2014-06-01 01:48:28 -------- d-----w- C:\Users\jack\AppData\Local\DeSmuME
2014-06-01 01:39:50 -------- d-----w- C:\Users\jack\AppData\Roaming\Optimizer Pro
2014-06-01 01:35:14 -------- d-----w- C:\Users\jack\AppData\Roaming\Speedial
2014-06-01 01:33:30 -------- d-----w- C:\Program Files (x86)\Speedial
2014-06-01 01:33:02 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
.
==================== Find3M ====================
.
2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-14 03:10:04 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 03:10:04 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-14 03:09:33 17938608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-15 03:13:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 11:00:27.06 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 20/11/2010 1:57:09 PM
System Uptime: 25/06/2014 10:39:14 AM (1 hours ago)
.
Motherboard: Acer | | Aspire X3400
Processor: AMD Athlon(tm) II X2 220 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 213.98 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&47E29E2&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&47E29E2&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP461: 15/06/2014 1:19:49 AM - Windows Update
RP462: 18/06/2014 1:12:29 PM - Windows Update
RP463: 22/06/2014 10:52:02 AM - Windows Update
RP464: 23/06/2014 4:14:14 PM - avast! Free Antivirus Setup
RP465: 24/06/2014 8:28:03 PM - Restore Operation
RP466: 24/06/2014 9:08:37 PM - Windows Update
.
==== Installed Programs ======================
.
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader 9.2 MUI
Adobe Shockwave Player 11.6
Advertising Center
Akamai NetSession Interface
AOL Messaging Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
µTorrent
avast! Free Antivirus
AVG 2012
Bandisoft MPEG-1 Decoder
Battle.net
Bonjour
CamStudio
CCleaner
Combat Arms
Counter-Strike: Global Offensive
D3DX10
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Defraggler
Delta Chrome Toolbar
Delta toolbar
DragonNest
Elsword version v2.1128.3.1
Facebook Messenger 2.1.4814.0
Facebook Video Calling 2.0.0.447
Fistful of Frags
Fraps
Freemore Audio Video Suite 3.2.2
Game Dev Tycoon version 1.3.9
GeForce Experience NvStream Client Components
Google Chrome
Google Chrome Canary
Google Update Helper
Gyazo 2.0.1
Haali Media Splitter
Happy Cloud Client
Hearthstone
HL-2270DW
Hotkey Utility
Identity Card
ImagXpress
inSSIDer 3
iTunes
Java 7 Update 55
Java Auto Updater
Java SE Development Kit 7 Update 25 (64-bit)
Junk Mail filter update
League of Legends
Logitech Desktop Messenger
Logitech Print Service
LogMeIn Hamachi
Mabinogi
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.75.0.1300
MapleStory
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Mouse and Keyboard Center
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Word MUI (English) 2013
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
MyWinLocker
MyWinLocker Suite
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NETGEAR WNA1100 wireless USB 2.0 adapter
Nexon Game Manager
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 331.65
NVIDIA Control Panel 335.23
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA GeForce Experience 1.7.1
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 9.3.21
NVIDIA Update 9.3.21
NVIDIA Virtual Audio 1.2.9
Optimizer Pro v3.2
Origin
osu!
Outils de vérification linguistique 2013 de Microsoft Office - Français
Overwolf
Paint.NET v3.5.8
Pando Media Booster
PC Connectivity Solution
PunkBuster Services
QuickTime
RaidCall
Razer Synapse 2.0
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Rumble Fighter
Samsung Kies
Samsung Mobile phone USB driver Drive Software
Samsung PC Studio 3 USB Driver Installer
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Lync 2013 (KB2881013) 64-Bit Edition
Security Update for Microsoft Office 2013 (KB2878316) 64-Bit Edition
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
SHIELD Streaming
Shredder
Skype Click to Call
Skype™ 6.16
Sony Media Manager 2.2
Sony Vegas 7.0
Speccy
Speedial
SuddenAttack
Swag Bucks Toolbar
swMSM
System Requirements Lab CYRI
TeamSpeak 3 Client
TeamViewer 8
Unity Web Player
Update for Microsoft Excel 2013 (KB2881014) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2850074) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition
Update for Microsoft Office 2013 (KB2878313) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880476) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition
Update for Microsoft Office 2013 (KB2880991) 64-Bit Edition
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2881018) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2880458) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2881000) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2726952) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
Update for Microsoft Word 2013 (KB2881005) 64-Bit Edition
Villagers and Heroes
Visual Studio 2008 x64 Redistributables
Welcome Center
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR 5.00 beta 7 (64-bit)
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
25/06/2014 10:58:14 AM, Error: Service Control Manager [7034] - The Optimizer Pro Crash Monitor service terminated unexpectedly. It has done this 1 time(s).
25/06/2014 10:43:24 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
25/06/2014 10:43:24 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
25/06/2014 10:43:24 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
25/06/2014 10:41:24 AM, Error: Service Control Manager [7000] - The Update Whilokii service failed to start due to the following error: The system cannot find the file specified.
25/06/2014 10:41:00 AM, Error: Service Control Manager [7003] - The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.
24/06/2014 9:10:02 PM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
24/06/2014 8:59:06 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
24/06/2014 8:58:45 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JASON-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AC236C49-CE18-4971-B79F-1BBBFD0262C5}. The master browser is stopping or an election is being forced.
24/06/2014 8:54:01 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
24/06/2014 8:50:59 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
24/06/2014 7:31:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
24/06/2014 7:27:33 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
24/06/2014 7:27:33 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/06/2014 7:26:43 PM, Error: Service Control Manager [7000] - The PnkBstrA service failed to start due to the following error: The system cannot find the file specified.
24/06/2014 7:26:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
24/06/2014 7:26:08 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/06/2014 7:24:18 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
24/06/2014 7:24:16 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\c:\windows\erdnt\subs\system' was corrupted and it has been recovered. Some data might have been lost.
24/06/2014 7:23:41 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
24/06/2014 7:23:07 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
24/06/2014 7:10:01 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
24/06/2014 7:08:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
24/06/2014 6:07:05 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
24/06/2014 6:05:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
24/06/2014 6:05:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
24/06/2014 6:05:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
24/06/2014 6:05:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
24/06/2014 6:05:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv6
24/06/2014 6:05:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service LMIGuardianSvc with arguments "" in order to run the server: {D4258A22-CF85-489D-83AE-49FCD0DFAD29}
24/06/2014 6:04:54 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
24/06/2014 6:03:29 PM, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully..
24/06/2014 6:03:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042d Error description: The service did not start due to a logon failure. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
24/06/2014 6:03:28 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
24/06/2014 6:03:28 PM, Error: Service Control Manager [7038] - The NisSrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
24/06/2014 6:03:28 PM, Error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: Incorrect function.
24/06/2014 6:03:28 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: Incorrect function.
24/06/2014 6:03:28 PM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: A system shutdown is in progress.
24/06/2014 6:03:28 PM, Error: Service Control Manager [7000] - The Microsoft Network Inspection service failed to start due to the following error: The service did not start due to a logon failure.
24/06/2014 6:03:28 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
24/06/2014 6:03:28 PM, Error: RasMan [20033] - Remote Access Connection Manager failed to start because it could not register with the local security authority. Try restarting the Remote Access Connection Manager service. If the problem persists, contact the system administrator. Incorrect function.
24/06/2014 6:03:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
24/06/2014 6:03:27 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/06/2014 6:03:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WSWNA1100 service to connect.
24/06/2014 6:03:23 PM, Error: Service Control Manager [7000] - The WSWNA1100 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/06/2014 6:03:21 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
23/06/2014 3:23:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LMIGuardianSvc service to connect.
23/06/2014 3:23:43 PM, Error: Service Control Manager [7000] - The LMIGuardianSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
23/06/2014 3:23:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Function Discovery Resource Publication service to connect.
23/06/2014 3:23:05 PM, Error: Service Control Manager [7000] - The Function Discovery Resource Publication service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
22/06/2014 7:29:52 PM, Error: Service Control Manager [7031] - The TeamViewer 8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.
22/06/2014 7:29:05 PM, Error: Service Control Manager [7034] - The Skype Click to Call Updater service terminated unexpectedly. It has done this 1 time(s).
22/06/2014 10:41:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MSSQL$SONY_MEDIAMGR service to connect.
22/06/2014 10:41:48 AM, Error: Service Control Manager [7000] - The MSSQL$SONY_MEDIAMGR service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
Zynthiel
Regular Member
 
Posts: 19
Joined: June 24th, 2014, 11:04 pm
Advertisement
Register to Remove

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Gary R » June 26th, 2014, 1:00 pm

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Gary R » June 26th, 2014, 1:25 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Zynthiel

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


OK, first of all ... rundll32.exe ... is a System file for Windows, which is used by 3rd party programs to run .dll type files. Because of this there will often be many instances of it running at the same time.

Your version of Windows is 64 bit, and on 64 bit systems there are two folders from which this file can run ... SysWow64 ... which launches 32 bit applications, and ... System32 ... from where 64 bit applications are run.

In other words, what you're seeing is perfectly normal.

You do however look like you have an infection, which needs removing, and there are a number of other issues on your computer which need addressing.

First ....

Your logs show you have 3 Anti-Virus programs installed ...

AVG
AVAST
Microsoft Security Essentials


This is a recipe for disaster. More programs does not mean more security, in fact it means the very opposite. The programs will clash with each other, since they use the same System resources, at the same time, in the same way.

So, what I need you to do is ...

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

AVG 2012
avast! Free Antivirus
µTorrent
Java 7 Update 55
Optimizer Pro v3.2


Use of P2P/torrent programs is the quickest way to contract an infection that I know. In return for our help this forum insists on their removal.

Outdated Java versions are easily exploited.

Computer "optimisers" are the biggest waste of time and money I know of, they do NOTHING to improve your computer's performance, and will often cause a great many more problems than they resolve. If your computer is running slowly, then one of these programs will NOT help it run faster in any measurable way.

Reboot your computer once all thse programs have been uninstalled.

Next ...

Before we start removing the infection I've seen in your logs, I'd like you to run a further scan for me ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R0].txt.

DO NOT ATTEMPT TO "CLEAN" ANYTHING THAT ADWCLEANER MAY FIND AT THIS POINT.

Summary of the logs I need from you in your next post:
  • AdwCleaner[R0].txt


Check the log after you've posted it to make sure it's all present, if any of the log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Zynthiel » June 26th, 2014, 2:27 pm

Hi Gary R,

Thank you for taking the time to address my problem. I have a few questions however,
-The link to the registry backup says that I cannot access it for some reason.
-Do you want the copy/paste version of the log or an attachment?

Also, I have uninstalled the programs and will scan later as I am not home later on. I will await your next intstructions!

Thank you again.
Zynthiel
Regular Member
 
Posts: 19
Joined: June 24th, 2014, 11:04 pm

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Gary R » June 26th, 2014, 3:31 pm

OK, this is the download link for TCRB ... http://www.bleepingcomputer.com/downloa ... ry-backup/

  • Click on the download now button to download the installer.
  • Double click on the installer file and allow TCRB to install on your computer.
  • Once installed ...
    • launch the program by clicking on it.
    • Click on the Backup Registry tab to select it.
    • Click on the Backup Now button and allow the program to backup your computer.
    • When finished you should see a message saying something like ... Successful! 12/12 Registry Files Backed up ... the number of files may vary.
  • Close the program, you've now backed up your Registry.

As far as the ADWCleaner log goes, if it's reasonably short, then just copy/paste it. However if it's long then attach it.

If you need to know how just ask.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Zynthiel » June 26th, 2014, 10:54 pm

Sorry, this is what I was talking about. It doesnt allow me any access for some reason.

http://gyazo.com/a1ef4895ec6fe35295e69843833d5906

As for the AdwCleaner log, I will attach it as it is somewhat long.
You do not have the required permissions to view the files attached to this post.
Zynthiel
Regular Member
 
Posts: 19
Joined: June 24th, 2014, 11:04 pm

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Gary R » June 27th, 2014, 12:15 am

OK, looks like your infection is preventing you from accessing Bleeping Computers, most probably because it's a very well known malware removal site.

So, lets see if we can download TCRB direct from the manufacturers and hopefully bypass the block that way

This is s a direct download from the Tweaking.com page ....... http://www.tweaking.com/content/page/re ... ackup.html ...... give any of the top (installer) group a try, if none of them work (we know the Bleeping Computer one doesn't) then we'll try something else.

Oh, by the way, your ADWCleaner log confirms that you're infected with what I thought you were, so once we've got a backup of your Registry, we'll get started removing your infection. It shouldn't take too long if all goes well.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Zynthiel » June 27th, 2014, 12:20 am

Well, I downloaded a setup for a registry setup from Tweaking.com, cause the link sent me to the main page. Is that the right one?
Zynthiel
Regular Member
 
Posts: 19
Joined: June 24th, 2014, 11:04 pm

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Gary R » June 27th, 2014, 12:21 am

Please read my last post again, I've changed it a little since you read it, including the link. To be honest I didn't expect you to respond so quickly.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Zynthiel » June 27th, 2014, 12:30 am

Oh haha, Is the infection anything serious?
Zynthiel
Regular Member
 
Posts: 19
Joined: June 24th, 2014, 11:04 pm

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Gary R » June 27th, 2014, 12:34 am

Define serious.

It's serious enough for you not to want it on your computer. Technically it's not very sophisticated, but that doesn't mean it's not a PITA to get rid of if you don't do it right.

Were you able to create a backup ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Zynthiel » June 27th, 2014, 12:36 am

Well, Like serious as in, the degree of consequences if left untreated. And I finished the backing up.
Zynthiel
Regular Member
 
Posts: 19
Joined: June 24th, 2014, 11:04 pm

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Gary R » June 27th, 2014, 1:01 am

If left it will continue to mess up your browsing experience, cause reduced security on your machine, which will in all probability lead to further infection, and will report your browsing habits to people with rather dubious intent.

OK, now you've got a backup we can proceed.

First ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s0].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad. (don't include Code: Select all)
Code: Select all
C:\Program Files (x86)\Optimizer Pro
uStart Page = hxxp://speedial.com/?f=1&a=spd_ir_14_22 ... 576135&ir=
uURLSearchHooks: {9565115d-c7d6-46d3-bd63-b67b481a4368} - <orphaned>
uURLSearchHooks: {51a86bb3-6602-4c85-92a5-130ee4864f13} - <orphaned>
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - <orphaned>
BHO: {42D79B50-CC4A-4A8E-860F-BE674AF053A2} - <orphaned>
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll
BHO: {CD292324-974F-4224-D074-CACA427AA030} - <orphaned>
TB: Swag Bucks Toolbar: {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwag.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll
uRun: [uTorrent] "C:\Users\jack\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
AppInit_DLLs= c:\progra~2\optimi~1\optpro~2.dll
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q= {searchTerms}&CUI=UN11204657112359530
FF - prefs.js: browser.startup.homepage - hxxp://speedial.com/?f=1&a=spd_ir_14_22 ... 576135&ir=
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 530&UM=&q=
FF - prefs.js: browser.search.selectedEngine - Speedial
FF - ExtSQL: 2014-06-23 15:38; {fa95f577-07cb-4470-ac90-e843f5f83c52}; C:\Users\jack\AppData\Roaming\Mozilla\Firefox\Profiles\jztv8gxs.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - a01615f800000000000000ff5a240d71
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15979
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.620:22:06
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tsp=5022
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.nspdlsd.aflt - spd_ir_14_22_ch
FF - user.js: extensions.nspdlsd.instlRef - 142905_b
FF - user.js: extensions.nspdlsd.cr - 1086576135
FF - user.js: extensions.nspdlsd.cd - 2XzuyEtN2Y1L1QzuyB0AyBzytCzytD0DtB0EtAyBtCyD0FzztN0D0Tzu0SzzzztBtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDtDtAzzzytCtB0FtGzytB0FyBtGyEyE0BzztG0FtAyBtCtGyCyEtAtDzz0B0ByDtC0DyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtAzyyC0E0A0DyDtGtD0ByCzytGtD0DyD0CtGyDyD0DyBtGtD0AtDyEyByBzz0BtAtDtB0C2Q
S2 Update Whilokii;Update Whilokii;"C:\Program Files (x86)\Whilokii\updateWhilokii.exe" --> C:\Program Files (x86)\Whilokii\updateWhilokii.exe [?]
C:\Program Files (x86)\Whilokii
2014-06-01 01:39:50 -------- d-----w- C:\Users\jack\AppData\Roaming\Optimizer Pro
2014-06-01 01:35:14 -------- d-----w- C:\Users\jack\AppData\Roaming\Speedial
2014-06-01 01:33:30 -------- d-----w- C:\Program Files (x86)\Speedial
2014-06-01 01:33:02 -------- d-----w- C:\Program Files (x86)\Optimizer Pro

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Next ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • AdwCleaner[s0].txt
  • fixlog.txt
  • search.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Zynthiel » June 27th, 2014, 1:26 pm

So I did the first part of the instructions, and did the clean/got the log. But was I suppose to download another program??

# AdwCleaner v3.213 - Report created 27/06/2014 at 10:12:14
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : jack - JACK-PC
# Running from : C:\Users\jack\Downloads\adwcleaner_3.213.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : update whilokii

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\ApptoU
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\tperfeecttCOuapon
Folder Deleted : C:\ProgramData\tpperfeacotcoupon
Folder Deleted : C:\Program Files (x86)\Babylon
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Delta
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Program Files (x86)\Speedial
Folder Deleted : C:\Program Files (x86)\Swag_Bucks
Folder Deleted : C:\Program Files (x86)\Common Files\Spigot
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Users\jack\AppData\Local\apn
Folder Deleted : C:\Users\jack\AppData\Local\Conduit
Folder Deleted : C:\Users\jack\AppData\Local\PackageAware
Folder Deleted : C:\Users\jack\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\jack\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\jack\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\jack\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\jack\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\jack\AppData\LocalLow\Swag_Bucks
Folder Deleted : C:\Users\jack\AppData\LocalLow\wincoreimband
Folder Deleted : C:\Users\jack\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\jack\AppData\Roaming\Babylon
Folder Deleted : C:\Users\jack\AppData\Roaming\Delta
Folder Deleted : C:\Users\jack\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\jack\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\jack\AppData\Roaming\Speedial
Folder Deleted : C:\Users\jack\AppData\Roaming\Systweak
Folder Deleted : C:\Users\jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\jack\Documents\Optimizer Pro
Folder Deleted : C:\Users\jack\AppData\Roaming\Mozilla\Firefox\Profiles\jztv8gxs.default\Smartbar
Folder Deleted : C:\Users\jack\AppData\Roaming\Mozilla\Firefox\Profiles\jztv8gxs.default\Extensions\staged\{fa95f577-07cb-4470-ac90-e843f5f83c52}
Folder Deleted : C:\Users\jack\AppData\Roaming\Mozilla\Firefox\Profiles\jztv8gxs.default\Extensions\ffxtlbr@delta.com
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Users\jack\AppData\Roaming\Mozilla\Firefox\Profiles\jztv8gxs.default\bprotector_prefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\jack\AppData\Roaming\Mozilla\Firefox\Profiles\jztv8gxs.default\searchplugins\bingp.xml
File Deleted : C:\Users\jack\AppData\Roaming\Mozilla\Firefox\Profiles\jztv8gxs.default\searchplugins\BitGuard.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\jack\AppData\Roaming\Mozilla\Firefox\Profiles\jztv8gxs.default\user.js
File Deleted : C:\Windows\System32\Tasks\BitGuard
File Deleted : C:\Windows\Tasks\Speedial.job
File Deleted : C:\Windows\System32\Tasks\Speedial

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Deleted : HKLM\SOFTWARE\Classes\d
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\tperfectCoupone.tperfectCoupone
Key Deleted : HKLM\SOFTWARE\Classes\tperfectCoupone.tperfectCoupone.1.3
Key Deleted : HKCU\Software\a6dfdfb539ba49
Key Deleted : HKLM\SOFTWARE\a6dfdfb539ba49
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_microsoft-powerpoint_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_microsoft-powerpoint_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF604944-B98A-2DE5-79E7-9168A43DAAFA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF604944-B98A-2DE5-79E7-9168A43DAAFA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF604944-B98A-2DE5-79E7-9168A43DAAFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{85675E8E-5807-456E-8005-29ECDFB5AA98}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{560876D9-55F1-4139-A9F0-11D1033B6B00}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0F593990-F105-48C1-A381-7390B2B5D697}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EF604944-B98A-2DE5-79E7-9168A43DAAFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF604944-B98A-2DE5-79E7-9168A43DAAFA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Speedial
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\mediabarim
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Swag_Bucks
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Swag_Bucks
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Speedial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swag_Bucks Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17126

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v20.0.1 (en-US)

[ File : C:\Users\jack\AppData\Roaming\Mozilla\Firefox\Profiles\jztv8gxs.default\prefs.js ]

Line Deleted : user_pref("CT2260173.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT2260173.1000082.muteState", "off");
Line Deleted : user_pref("CT2260173.1000234.TWC_TMP_country", "CA");
Line Deleted : user_pref("CT2260173.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx

\"}");
Line Deleted : user_pref("CT2260173.1000234.TWC_TMP_city", "BURNABY");
Line Deleted : user_pref("CT2260173.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT2260173.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT2260173.1000234.TWC_region", "OT");
Line Deleted : user_pref("CT2260173.countryCode", "CA");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2260173");
Line Deleted : user_pref("CT2260173.1000234.TWC_country", "CANADA");
Line Deleted : user_pref("CT2260173.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT2260173.1000234.TWC_location", "Burnaby, Canada");
Line Deleted : user_pref("CT2260173.1000234.TWC_locId", "CAXX0051");
Line Deleted : user_pref("CT2260173.1000234.TWC_temp_dis", "c");
Line Deleted : user_pref("CT2260173.toolbarCurrentServerTime", "7-8-2013");
Line Deleted : user_pref("CT2260173.lastVersion", "10.16.9.506");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("CT2260173.1000234.TWC_wind_dis", "kmh");
Line Deleted : user_pref("browser.search.defaultenginename", "Swag Bucks Customized Web Search");
Line Deleted : user_pref("CT2260173.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT2260173.Facebook_Mode.enc", "Mg==");
Line Deleted : user_pref("CT2260173.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"11°C\",\"temperatureClear\":\"11°C\",\"highTemperature\":\"11°C\",\"lowTemperature\":\"7°C\",

\"feelsLike\":\"11°C\",\[...]
Line Deleted : user_pref("CT2260173.defaultSearch", "true");
Line Deleted : user_pref("CT2260173.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1375852113778");
Line Deleted : user_pref("CT2260173.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.Facebook_User_Locale.enc", "ZW4=");
Line Deleted : user_pref("CT2260173.FirstTime", "true");
Line Deleted : user_pref("CT2260173.installId", "dm");
Line Deleted : user_pref("CT2260173.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2260173.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT2260173.enableAlerts", "always");
Line Deleted : user_pref("CT2260173.originalSearchEngine", "Google");
Line Deleted : user_pref("CT2260173.SBmemberInfo.enc",

"eyJzdGF0dXMiOjEsInNidHYiOnRydWUsImRhaWx5U2IiOiIwIiwiYWxsb3dTaG9wRWFybiI6dHJ1ZSwiaGFzUHJmbCI6ZmFsc2UsInNCcyI6IjEwIiwibWVtYmVySUQiOjcwOTM1NTksImZOYW1lIjoiSmFja3k[...]
Line Deleted : user_pref("CT2260173.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT2260173.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT2260173.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?

ctid=CT2260173&octid=CT2260173&SearchSource=15&CUI=UN11204657112359530&SSPV=&Lay=1&UM=\"}");
Line Deleted : user_pref("smartbar.machineId", "TBRFI4EBGQ/GSO7X3PCPA5LIJ1LVXP6TFBZTOKG5359+LX1FN+8VUUUNROD2AIEB7Q+6B6BYPA6FNNFL4SX8SG");
Line Deleted : user_pref("CT2260173.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN11204657112359530&q=");
Line Deleted : user_pref("CT2260173.UserID", "UN11204657112359530");
Line Deleted : user_pref("CT2260173.serviceLayer_services_searchAPI_lastUpdate", "1375852113956");
Line Deleted : user_pref("CT2260173.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2260173.autoDisableScopes", -1);
Line Deleted : user_pref("CT2260173.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Ahome\",\"EB_MAIN_FRAME_TITLE\":\"Mozilla%20Firefox%20Start%20Page\",

\"EB_TOOLBAR_SUB_DOMAIN\":\"h[...]
Line Deleted : user_pref("CT2260173.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT2260173.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT2260173.search.searchCount", "2");
Line Deleted : user_pref("CT2260173.embeddedsData", "[{\"appId\":\"128848965243869715\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,

\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2260173.search.searchAppId", "128848965243869715");
Line Deleted : user_pref("CT2260173.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT2260173.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2260173.fixUrls", true);
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("CT2260173.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT2260173.openUninstallPage", "true");
Line Deleted : user_pref("CT2260173.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT2260173.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("CT2260173.fullUserID", "UN11204657112359530.UP.20130815130142");
Line Deleted : user_pref("CT2260173.openThankYouPage", "true");
Line Deleted : user_pref("CT2260173.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc",

"cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...]
Line Deleted : user_pref("CT2260173.hxxp___www_swagbucks_com.APP_WIN_FEATURES.enc", "c2F2ZWxvY2F0aW9uPTAsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWNsaWNr");
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("CT2260173.installDate", "9/2/2013 15:04:03");
Line Deleted : user_pref("CT2260173.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT2260173.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.keyword", "true");
Line Deleted : user_pref("CT2260173.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT2260173.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT2260173.originalHomepage", "www.youtube.com");
Line Deleted : user_pref("CT2260173.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2260173.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN11204657112359530&UM=&q=");
Line Deleted : user_pref("CT2260173.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=5022");
Line Deleted : user_pref("CT2260173.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2260173\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SwagBucks.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Swag Bucks\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364189380282");
Line Deleted : user_pref("CT2260173.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_services_Configuration_lastUpdate", "1400216106958");
Line Deleted : user_pref("CT2260173.serviceLayer_services_appTracking_lastUpdate", "1400216107142");
Line Deleted : user_pref("CT2260173.serviceLayer_services_appsMetadata_lastUpdate", "1400216106904");
Line Deleted : user_pref("CT2260173.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1375852113909");
Line Deleted : user_pref("CT2260173.serviceLayer_services_location_lastUpdate", "1375852113960");
Line Deleted : user_pref("CT2260173.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360812777274");
Line Deleted : user_pref("CT2260173.serviceLayer_services_login_10.15.0.562_lastUpdate", "1365648035275");
Line Deleted : user_pref("CT2260173.serviceLayer_services_login_10.15.2.523_lastUpdate", "1369105318733");
Line Deleted : user_pref("CT2260173.serviceLayer_services_login_10.16.2.509_lastUpdate", "1375852113651");
Line Deleted : user_pref("CT2260173.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1375852113870");
Line Deleted : user_pref("CT2260173.serviceLayer_services_serviceMap_lastUpdate", "1375852113231");
Line Deleted : user_pref("CT2260173.serviceLayer_services_setupAPI_lastUpdate", "1364110596085");
Line Deleted : user_pref("CT2260173.serviceLayer_services_toolbarContextMenu_lastUpdate", "1375852114324");
Line Deleted : user_pref("CT2260173.serviceLayer_services_toolbarSettings_lastUpdate", "1400216107070");
Line Deleted : user_pref("CT2260173.serviceLayer_services_translation_lastUpdate", "1375852113947");
Line Deleted : user_pref("CT2260173.settingsINI", true);
Line Deleted : user_pref("CT2260173.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2260173.showToolbarPermission", "false");
Line Deleted : user_pref("CT2260173.smartbar.CTID", "CT2260173");
Line Deleted : user_pref("CT2260173.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2260173.smartbar.homepage", "true");
Line Deleted : user_pref("CT2260173.smartbar.toolbarName", "Swag Bucks ");
Line Deleted : user_pref("CT2260173.startPage", "true");
Line Deleted : user_pref("CT2260173.toolbarBornServerTime", "10-2-2013");
Line Deleted : user_pref("CT2260173.toolbarLoginClientTime", "Sun Mar 24 2013 23:33:13 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT2260173_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1400216095861,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=13&CUI=UN11204657112359530");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Swag Bucks Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN11204657112359530&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=020213&q=");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Swag Bucks Customized Web Search");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT2260173");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}&CUI=UN11204657112359530");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://speedial.com/?

f=1&a=spd_ir_14_22_ch&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzytD0DtB0EtAyBtCyD0FzztN0D0Tzu0SzzzztBtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1St[...]
Line Deleted : user_pref("ct2260173.UserID", "UN11204657112359530");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.id", "a01615f800000000000000ff5a240d71");
Line Deleted : user_pref("extensions.delta.instlDay", "15979");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.620:22:06");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&CUI=UN11204657112359530&UM=&q=");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=13&CUI=UN11204657112359530");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?

ctid=CT2260173&SearchSource=2&CUI=UN11204657112359530&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT2260173");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT2260173");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://ca.msn.com/?pc=UP21&ocid=UP21DHP&dt=020213");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=020213&q=");
Line Deleted : user_pref("smartbar.originalSearchEngine", "Bing ");
Line Deleted : user_pref("CT2260173.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("browser.search.selectedEngine", "Speedial");

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\jack\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={2356DEE6-C607-45A0-BDE3-EDC63787956E}&mid=27379ee0297d47d695c0d16f6ba4ff70-

8d4a4225eb15855ef04d98bc824f4d80314a2b8d&lang=en&ds=AVG&pr=pr&d=2011-10-21%2021:21:41&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://plusnetwork.com/?sp=addr&q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx? ... 67830C7&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://slirsredirect.search.aol.com/red ... 706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20110623125424494&tb_oid=23-06

-2011&tb_mrud=03-07-2011
Deleted [Search Provider] : hxxp://speedial.com/results.php?f=4&q={searchTerms}

&a=spd_ir_14_22_ch&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzytD0DtB0EtAyBtCyD0FzztN0D0Tzu0SzzzztBtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDtDtAzzzytCtB0FtGzytB0FyBtGyEyE0BzztG0

FtAyBtCtGyCyEtAtDzz0B0ByDtC0DyCtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtAzyyC0E0A0DyDtGtD0ByCzytGtD0DyD0CtGyDyD0DyBtGtD0AtDyEyByBzz0BtAtDtB0C2Q&cr=1086576135&ir=
Deleted [Search Provider] : hxxp://start.facemoods.com/?a=adknlg&s={searchTerms}&f=4
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^A4F&apn_dtid=^ADK004^YY^CA&apn_uid=BB02C798-52DC-4300-

968A-2220CFB37D93&apn_sauid=EFEC4535-2B30-4EC3-97AB-92ECD8E32995&
Deleted [Search Provider] : hxxp://websearch.shaw.ca/shaw/ws/result ... a=ie-tb-cd
Deleted [Search Provider] : hxxp://start.facemoods.com/?a=adknlg&s={searchTerms}&f=4
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A01600FF5A240D71&affID=119357&tsp=5022
Deleted [Search Provider] : hxxp://www.plusnetwork.com/?sp=caddr&q={searchTerms}
Deleted [Search Provider] : hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=108844&mntrId=a01615f80000000000000626f258d968
Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=cr ... =1&sr=0&q={searchTerms}
Deleted [Homepage] : hxxp://www.searchgol.com/?babsrc=HP_ss& ... 7&tsp=5022
Deleted [Extension] : bakijjialdiiboeaknfpmflphhmljfkd

*************************

AdwCleaner[R0].txt - [41087 octets] - [26/06/2014 19:50:10]
AdwCleaner[R1].txt - [41148 octets] - [27/06/2014 10:09:33]
AdwCleaner[S0].txt - [40625 octets] - [27/06/2014 10:12:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [40686 octets] ##########
Zynthiel
Regular Member
 
Posts: 19
Joined: June 24th, 2014, 11:04 pm

Re: Trojan? SysWOW64/rundll32 impersonator?

Unread postby Gary R » June 27th, 2014, 1:34 pm

Sorry, my mistake, I forgot we were using DDS as your scanner. I thought I'd asked you to DL and run another tool, seems I hadn't.

OK, can you do the following for me ....

  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 388 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware