Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware and Pop-Ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware and Pop-Ups

Unread postby maximusdowns » May 13th, 2015, 5:08 pm

To whom it may concern,

My computer is experiencing massive malware. The symptoms are constant popups and programs automatically starting that I did not install. They eat up my computer memory and make it so that it is barely usable. I ran FRST and generated the FRST.txt and Addition.txt files. The FRST.txt is too large to post in the message box. Per the instructions of the website I have attached the FRST.txt file. If there is a preferred method other than this to communicate the file, please advise. Here is the Addition.txt file:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by Max at 2015-05-08 18:42:52
Running from C:\Users\Max\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3369700690-3850376273-3648611264-500 - Administrator - Disabled)
Guest (S-1-5-21-3369700690-3850376273-3648611264-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3369700690-3850376273-3648611264-1003 - Limited - Enabled)
Max (S-1-5-21-3369700690-3850376273-3648611264-1001 - Administrator - Enabled) => C:\Users\Max

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveState Komodo Edit 8.5.4 (HKLM-x32\...\{E65B87D8-30C4-4FB0-8C24-AFD64950A881}) (Version: 8.5.4 - ActiveState Software Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AnySend (HKLM-x32\...\ASPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION!
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
BlockAndSurf (HKLM-x32\...\0BB5A864-B491-0C48-FE83-83E19A81C14D) (Version: - BlockAndSurf-software) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BubbleSound (HKLM\...\BubbleSound) (Version: 1.0 - BubbleSound) <==== ATTENTION!
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Chart Subtraction (HKLM-x32\...\wincheck) (Version: 1.0.0.0 - Chart Subtraction)
CinemaPlus-3.2cV27.04 (HKLM-x32\...\CinemaPlus-3.2cV27.04) (Version: 1.36.01.22 - Cinema PlusV27.04) <==== ATTENTION
CloudScout Parental Control version 1.3 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.3 - www.CloudGuard.me) <==== ATTENTION
Command LAN (HKLM-x32\...\ConvertAd) (Version: 1.0.0.0 - Command LAN) <==== ATTENTION
Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version: - Compete Inc.) <==== ATTENTION
Consumer Input Update Helper (x32 Version: 1.3.25.307 - Compete Inc.) Hidden <==== ATTENTION
Crossbrowse (HKLM-x32\...\Crossbrowse) (Version: 39.5.2171.95 - The Crossbrowse Authors) <==== ATTENTION!
FlashBeat (HKLM-x32\...\FlashBeat) (Version: - ) <==== ATTENTION!
GamesDesktop 025.493 (HKLM-x32\...\gmsd_us_493_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
GUPlayer (remove only) (HKLM-x32\...\GUPlayer) (Version: - )
Infonaut 1.10.0.14 (HKLM-x32\...\Infonaut_1.10.0.14) (Version: 1.10.0.14 - Infonaut)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Lights Cinema 1.3betaV16.04 (HKLM-x32\...\Lights Cinema 1.3betaV16.04) (Version: 1.36.01.22 - Cinema PlusV16.04)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
MSS version 1.02 (HKLM-x32\...\{365C5DC2-679A-4A5D-B40B-5096A49087A8}_is1) (Version: 1.02 - )
MyPC Backup (HKLM-x32\...\OLBPre) (Version: - MyPC Backup) <==== ATTENTION
News Alert (HKLM-x32\...\BreakingNewsAlert) (Version: 2.7.64 - Useful Technology)
OneSoftPerDay 025.1014 (HKLM-x32\...\ospd_us_1014_is1) (Version: - ONESOFTPERDAY)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.3.1.7 - PCUtilities Software Limited) <==== ATTENTION
Papas Pizzeria (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION
PepperZip 2.0 (HKLM-x32\...\PepperZip) (Version: 2.0 - PepperWare Co.Ltd.) <==== ATTENTION
PriceLeSs (HKLM-x32\...\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}) (Version: - ) <==== ATTENTION
Quick Ref 1.10.0.12 (HKLM-x32\...\QuickRef_1.10.0.12) (Version: 1.10.0.12 - Quick Ref) <==== ATTENTION!
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SafeGuard (HKLM-x32\...\SafeGuard) (Version: 1.0.2.45 - SafeGuard)
SDU version 3.8 (HKLM-x32\...\{A23B547D-36B0-4B85-B68A-AADF6C9A723B}_is1) (Version: 3.8 - )
Search module (HKLM-x32\...\Search module) (Version: - Goobzo)
Search Module Plus (HKLM-x32\...\Search Module Plus) (Version: - Goobzo)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.22.26.1 - Client Connect LTD) <==== ATTENTION
shopperz 2.0.0.457 (HKLM\...\{5081D2D4-1637-404c-B74F-50526718257D}_is1) (Version: 2.0.0.457 - shopperz) <==== ATTENTION
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION
Software Version Updater (HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WAN Telephone System (HKLM-x32\...\igsc) (Version: 1.0.0.0 - WAN Telephone System)
Web Bar 2.0.5527.25142 (HKLM\...\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1) (Version: 2.0.5527.25142 - Web Bar Media) <==== ATTENTION!
Wide Area Network Cyan Magenta Yellow Black (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Wide Area Network Cyan Magenta Yellow Black)
WinPrograms (HKLM-x32\...\WebWatcherInstall) (Version: - )
WinPrograms (HKLM-x32\...\WinPrograms) (Version: - )
WSE_Taplika (HKLM-x32\...\WSE_Taplika) (Version: - WSE_Taplika) <==== ATTENTION!
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)
youtubeadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
YTDownloader (HKLM-x32\...\YTDownloader) (Version: - YTDownloader) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

03-04-2015 20:20:40 Windows Update
11-04-2015 13:10:25 Scheduled Checkpoint
14-04-2015 20:17:53 Windows Update
21-04-2015 05:13:45 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {08325276-8D21-41CC-8899-0ECFF4243760} - System32\Tasks\Installer_geforce => C:\Users\Max\AppData\Local\Installer\Installgeforce_5348\DCytdkietut_tutdk_setup.exe [2015-05-08] ()
Task: {118F322B-7EB0-42F4-A42B-A486AE0987D4} - System32\Tasks\88e2d631-cef4-4b3b-959f-542c0d09b78a-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-5.exe [2015-04-27] (Cinema PlusV27.04) <==== ATTENTION
Task: {1FA9B445-350F-4835-BF2C-96AF95425380} - System32\Tasks\SysHealth_Controller_Mon => C:\WINDOWS\SysFilesController\SysFiles_backup.exe [2015-04-14] ()
Task: {22BFBADB-0EDF-4ACD-929C-738D55B49BC5} - System32\Tasks\avaavaevy => C:\Users\Max\AppData\Local\avaavaevy\avaavaevy.exe [2015-04-12] () <==== ATTENTION
Task: {25F4624A-5E02-4FC2-849C-651C18964FDB} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-04-16] (ConsumerInput) <==== ATTENTION
Task: {35DB4975-C9FE-4426-825A-478EF2510D46} - System32\Tasks\SMW_UpdateTask_Time_3134393136333034302d23787845322a5b3434322d57 => Wscript.exe //B "C:\ProgramData\SearchModulePlus\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {389410C7-397E-4EC4-9B17-E03F997868F5} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe [2015-05-08] (Goobzo) <==== ATTENTION
Task: {3B00FEA5-0535-4A1B-BA5D-B1073D2621B7} - System32\Tasks\3cbeff34-7ffd-46c4-8208-b17f0452902a-1-7 => C:\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-1-7.exe [2015-04-16] (Cinema PlusV16.04) <==== ATTENTION
Task: {3DF3D58B-A67E-4D8B-A4B9-925801587DD9} - System32\Tasks\88e2d631-cef4-4b3b-959f-542c0d09b78a-4 => C:\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-4.exe [2015-04-27] (Cinema PlusV27.04) <==== ATTENTION
Task: {42625468-6C7A-4750-B778-1DF66BCE37D8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {4450DD31-BBE3-4245-9874-4DDC82D278F4} - System32\Tasks\NetEngine => C:\ProgramData\NetEngine\bin\D10\netengine.exe [2015-05-08] () <==== ATTENTION
Task: {45CE87FF-3B4F-482A-AB8B-FC161C90290D} - System32\Tasks\WebBarLaunchTask => C:\Program Files\WebBar\wbsvc.exe [2015-02-18] (Web Bar Media)
Task: {53580A58-E892-4F88-9B0D-5A628EF58968} - System32\Tasks\3cbeff34-7ffd-46c4-8208-b17f0452902a-1-6 => C:\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-1-6.exe [2015-04-16] (Cinema PlusV16.04) <==== ATTENTION
Task: {578EE582-7222-4E19-9504-C327F1587FEE} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-04-16] (ConsumerInput) <==== ATTENTION
Task: {5A0F9FCA-6AF3-49C0-8BC5-0E0DFAC32CCE} - System32\Tasks\Inst_Rep => C:\Users\Max\AppData\Local\Installer\Install_18256\DCytdkietut_tutdk_setup.exe [2015-05-08] ()
Task: {5C077C66-CDAF-4194-9A58-5F56EE2A758A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {5E1108CC-B5F4-4408-B7E0-E326E247299A} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.84\OptProLauncher.exe [2015-04-22] () <==== ATTENTION
Task: {5FF35EF8-6D15-4142-AC6D-56932ACA1076} - System32\Tasks\LKVYT => C:\Users\Max\AppData\Roaming\LKVYT.exe [2015-04-16] (Cinema PlusV16.04) <==== ATTENTION
Task: {63EF171F-C123-437E-A670-5CAE712A55B1} - System32\Tasks\CIMT_daily_S-1-5-21-3369700690-3850376273-3648611264-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-04-16] () <==== ATTENTION
Task: {683E56B8-60CC-405C-AABE-AB4541659A46} - System32\Tasks\KCXOIF => C:\ProgramData\e29c40da53af42a3895e10c22c3d76c2\e29c40da53af42a3895e10c22c3d76c2.exe [2015-04-17] ()
Task: {68A8FEA5-C698-4719-9D53-848A32EF868D} - System32\Tasks\3cbeff34-7ffd-46c4-8208-b17f0452902a-10_user => C:\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-10.exe [2015-04-16] (Cinema PlusV16.04) <==== ATTENTION
Task: {691B35C8-3301-4848-A522-EECA18C017DF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {6B371B9D-DE0B-432A-ACDE-846094D996E7} - System32\Tasks\gtaUpt => C:\Program Files\shopperz\zaeed.bat [2015-03-11] ()
Task: {71973511-334E-4A5A-998C-3A31D522AD4E} - System32\Tasks\XBNK => C:\Users\Max\AppData\Roaming\XBNK.exe [2015-04-16] (Cinema PlusV16.04) <==== ATTENTION
Task: {749570B1-796B-476C-B4E8-F8F89CF24E6F} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe [2015-04-27] () <==== ATTENTION
Task: {761E9CBB-B539-47C7-AB79-6E95C5DF3E51} - System32\Tasks\Wse_taplika => C:\Users\Max\AppData\Roaming\Wse_taplika\UpdateProc\UpdateTask.exe [2015-04-27] () <==== ATTENTION
Task: {7B13B1BA-03E2-49FA-9A67-93041B98F21C} - System32\Tasks\CloudHIDEAWAY => C:\Program Files (x86)\CloudScout Parental Control\CloudHIDEAWAY.exe [2015-03-08] ()
Task: {7CA556BF-3A8A-4CEB-B69C-6435DE8019DE} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-04-27] () <==== ATTENTION
Task: {880E7CC5-36C0-44E7-87CC-BA550116CBF8} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {8984CCE4-F86D-4938-AA33-72661817CF0C} - System32\Tasks\3cbeff34-7ffd-46c4-8208-b17f0452902a-5_user => C:\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-5.exe [2015-04-16] (Cinema PlusV16.04) <==== ATTENTION
Task: {8B25951E-3EC5-4527-AE08-AD1F2EC3F1FC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {8D8F4DCF-EAE9-4358-A6E4-86DFA2CA8EF9} - System32\Tasks\88e2d631-cef4-4b3b-959f-542c0d09b78a-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-10.exe [2015-04-27] (Cinema PlusV27.04) <==== ATTENTION
Task: {8FF29747-2FFD-42C3-AA03-27ED381A69BA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {90768D5C-3928-40B9-A61A-FDDCE4221F88} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {92ED8193-5D55-4A64-A03D-5A91F545BF67} - System32\Tasks\Taplika mite => Wscript.exe "C:\ProgramData\{3807D0C4-6885-0142-D903-71C00981A24E}\1.9.3.1\fiber.js" "433a2f50726f6772616d446174612f7b33383037443043342d363838352d303134322d443930332d3731433030393831413234457d2f312e392e332e312f6d6974652e646c6c" "687474703a2f2f73616f2e7461627072742e636f6d2f" "--IsErIk"
Task: {9DC8F47F-9272-41C9-B558-9666AE4CF0A1} - System32\Tasks\88e2d631-cef4-4b3b-959f-542c0d09b78a-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-1-6.exe [2015-04-27] (Cinema PlusV27.04) <==== ATTENTION
Task: {9EF88750-90BA-47CD-B799-4418E5EC397E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-14] (Microsoft Corporation)
Task: {A5D574D8-2AB1-4CB0-8776-43439A0DF7CE} - System32\Tasks\WebBarUpdateTask => C:\Program Files\WebBar\wbsvc.exe [2015-02-18] (Web Bar Media)
Task: {A932EA87-1084-42E7-A3C9-B366E167068A} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2015-01-08] (Goobzo) <==== ATTENTION
Task: {B2A0D649-6085-43D2-A49D-28EBEC418A1D} - System32\Tasks\88e2d631-cef4-4b3b-959f-542c0d09b78a-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-1-7.exe [2015-04-27] (Cinema PlusV27.04) <==== ATTENTION
Task: {B62FABBB-6CBC-43B1-A905-6DE985B0F639} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B96BE206-1758-463F-931B-12753036172D} - System32\Tasks\3cbeff34-7ffd-46c4-8208-b17f0452902a-5 => C:\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-5.exe [2015-04-16] (Cinema PlusV16.04) <==== ATTENTION
Task: {C0A321E4-5A68-4E11-BDBF-EA712E2914CE} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\version42BlockAndSurf\J4BlockAndSurfJ52.exe [2015-04-27] () <==== ATTENTION
Task: {C1984A02-6B05-4D50-A915-128DF686119F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {C5F5F02D-7F3D-48A2-AB87-3AEF76AC1AB9} - System32\Tasks\PcMb9sgy4Hax8V4w => C:\Users\Max\AppData\Roaming\PcMb9sgy4Hax8V4w.exe [2015-04-20] () <==== ATTENTION
Task: {CCAF45E6-C007-439C-87CC-F016BF96494C} - System32\Tasks\Installer_shopperpro => C:\Users\Max\AppData\Local\Installer\Installshopperpro_5348\DCytdkietut_tutdk_setup.exe [2015-05-08] () <==== ATTENTION
Task: {D2FB8B1F-1BD0-48EA-BE42-6DBDBED781C6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {D3808EC4-2C0B-43BC-A3F9-CDA7969ECDBE} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {D5A01595-9C66-4FC6-A12B-F92B802F61FE} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-04-27] (globalUpdate) <==== ATTENTION
Task: {DC9C3B8C-773C-4273-81DF-27A837BBD50D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {E2CB4DC1-1097-48A2-B9A2-4FA239302E00} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {E3E97E17-8ACA-4E0D-86C7-16AF9A5456A7} - System32\Tasks\SMWPUpd => C:\Program Files\Common Files\Goobzo\GBUpdatePlus\updater.exe [2015-04-07] (Goobzo) <==== ATTENTION
Task: {E5B57F3B-6FF5-46BC-8E43-15F1BA8FB6A6} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-04-27] (globalUpdate) <==== ATTENTION
Task: {E9B8999A-CF2E-4998-9AD9-3768B2A87910} - System32\Tasks\3cbeff34-7ffd-46c4-8208-b17f0452902a-4 => C:\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-4.exe [2015-04-16] (Cinema PlusV16.04) <==== ATTENTION
Task: {EE4F79D5-3D1C-4212-9462-FBEF64CAE645} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-04-15] (YTDownloader) <==== ATTENTION
Task: {F6E8B35B-F2D4-470A-ADB1-A4248C571CB7} - System32\Tasks\88e2d631-cef4-4b3b-959f-542c0d09b78a-5 => C:\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-5.exe [2015-04-27] (Cinema PlusV27.04) <==== ATTENTION
Task: {F76CD251-7173-421F-BCBC-8215640FF70D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {F9F38DA5-909A-4BA3-97D2-6DF36925CDAC} - System32\Tasks\CIMT_S-1-5-21-3369700690-3850376273-3648611264-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-04-16] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\3cbeff34-7ffd-46c4-8208-b17f0452902a-1-6.job => C:\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\3cbeff34-7ffd-46c4-8208-b17f0452902a-1-7.job => C:\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\3cbeff34-7ffd-46c4-8208-b17f0452902a-10_user.job => C:\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\3cbeff34-7ffd-46c4-8208-b17f0452902a-4.job => C:\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\3cbeff34-7ffd-46c4-8208-b17f0452902a-5.job => C:\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\3cbeff34-7ffd-46c4-8208-b17f0452902a-5_user.job => C:\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\88e2d631-cef4-4b3b-959f-542c0d09b78a-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\88e2d631-cef4-4b3b-959f-542c0d09b78a-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\88e2d631-cef4-4b3b-959f-542c0d09b78a-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\88e2d631-cef4-4b3b-959f-542c0d09b78a-4.job => C:\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\88e2d631-cef4-4b3b-959f-542c0d09b78a-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\88e2d631-cef4-4b3b-959f-542c0d09b78a-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\version42BlockAndSurf\J4BlockAndSurfJ52.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-3369700690-3850376273-3648611264-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-3369700690-3850376273-3648611264-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\LKVYT.job => C:\Users\Max\AppData\Roaming\LKVYT.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PcMb9sgy4Hax8V4w.job => C:\Users\Max\AppData\Roaming\PcMb9sgy4Hax8V4w.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Taplika mite.job => Wscript.exe C:\ProgramData\{3807D0C4-6885-0142-D903-71C00981A24E}\1.9.3.1\fiber.js 433a2f50726f6772616d446174612f7b33383037443043342d363838352d303134322d443930332d3731433030393831413234457d2f312e392e332e312f6d6974652e646c6c 687474703a2f2f73616f2e7461627072742e636f6d2f --IsErIk.LEV
Task: C:\WINDOWS\Tasks\Wse_taplika.job => C:\Users\Max\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\XBNK.job => C:\Users\Max\AppData\Roaming\XBNK.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-01-08 11:12 - 2015-01-08 11:12 - 02264576 _____ () C:\Program Files\BubbleSound\BubbleSound.dll
2015-04-27 20:28 - 2015-03-11 11:28 - 00282488 _____ () C:\Program Files\shopperz\grunt.exe
2015-04-27 20:28 - 2015-03-11 11:28 - 00294776 _____ () C:\Program Files\shopperz\krios64.dll
2014-12-25 04:49 - 2014-12-25 04:49 - 00121344 _____ () C:\Program Files (x86)\PepperZip\shell\PPZShellExtension_x64.dll
2015-04-27 21:03 - 2015-04-27 21:03 - 00603136 _____ () C:\Program Files (x86)\version42BlockAndSurf\J4BlockAndSurfJ52.exe
2015-04-27 20:32 - 2015-04-22 16:56 - 00422952 _____ () C:\Program Files (x86)\Optimizer Pro 3.84\OptProSmartScan.exe
2015-04-27 20:32 - 2015-04-22 16:56 - 00892968 _____ () C:\Program Files (x86)\Optimizer Pro 3.84\OptProReminder.exe
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-15 02:57 - 2015-04-15 02:57 - 00112560 _____ () C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe
2015-04-27 20:28 - 2015-03-11 11:28 - 01446264 _____ () C:\Program Files\shopperz\csrcc.exe
2015-04-16 20:45 - 2015-04-17 01:44 - 00317440 _____ () C:\ProgramData\FlashBeat\FlashBeat.exe
2015-04-27 20:28 - 2015-04-27 20:28 - 00417792 _____ () c:\windows\lah.exe
2015-04-27 20:28 - 2015-04-27 20:28 - 00408576 _____ () c:\windows\mlah.exe
2015-04-27 20:30 - 2015-04-27 20:30 - 00108544 _____ () C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\jnsp89F0.tmp
2015-04-16 21:04 - 2015-04-16 21:04 - 00117248 _____ () C:\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\jnsiF0DB.tmp
2015-04-27 20:30 - 2015-04-27 20:30 - 00139776 _____ () C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\nsr4204.tmpfs
2015-04-27 20:28 - 2015-03-11 11:28 - 00170360 _____ () C:\Program Files\shopperz\nseven.exe
2015-04-16 21:03 - 2015-04-16 21:03 - 00137728 _____ () C:\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\nsaB737.tmpfs
2015-04-27 20:28 - 2015-03-11 11:28 - 00430456 _____ () C:\Program Files\shopperz\wrex.exe
2015-04-27 20:28 - 2015-03-11 11:28 - 00461176 _____ () C:\Program Files\shopperz\wrex64.exe
2015-04-27 20:28 - 2015-03-11 11:28 - 00621432 _____ () C:\Program Files\shopperz\tsoni64.dll
2015-04-27 20:28 - 2015-03-11 11:28 - 00273784 _____ () C:\Program Files\shopperz\liara64.dll
2015-04-27 20:28 - 2015-03-11 11:28 - 00333688 _____ () C:\Program Files\shopperz\kasumi64.dll
2015-04-27 21:03 - 2015-04-27 21:03 - 00199168 _____ () C:\Program Files (x86)\version42BlockAndSurf\BlockAndSurf.exe
2015-04-16 21:01 - 2015-04-10 16:41 - 03308488 _____ () C:\Users\Max\AppData\Local\ospd_us_1014\upospd_us_1014.exe
2015-04-16 21:01 - 2015-04-10 16:41 - 03981256 _____ () C:\Program Files (x86)\ospd_us_1014\ospd_us_1014.exe
2015-04-27 20:43 - 2015-04-24 19:14 - 03980744 _____ () C:\Program Files (x86)\gmsd_us_493\gmsd_us_493.exe
2015-05-08 18:35 - 2015-05-08 18:36 - 00235013 _____ () C:\Users\Max\AppData\Local\Temp\nsf3C56.tmp
2015-04-01 11:30 - 2015-04-01 11:30 - 01537552 _____ () C:\Program Files (x86)\SafeGuard\SafeGuardApp.exe
2015-04-27 19:57 - 2015-04-27 19:57 - 01283584 _____ () C:\Program Files (x86)\OLBPre\OLBPre.exe
2015-04-27 19:55 - 2015-04-27 19:55 - 00060928 _____ () C:\Program Files (x86)\OLBPre\LinqBridge.dll
2015-04-16 20:56 - 2015-02-13 15:37 - 00808960 _____ () C:\Program Files\WebBar\2.0.5527.25142\ISightSDK_x64.dll
2015-04-16 07:09 - 2015-04-16 07:09 - 01179168 _____ () C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
2015-05-08 18:38 - 2015-05-08 18:38 - 00231960 _____ () C:\Users\Max\AppData\Local\Temp\nsq4706.tmp
2015-05-08 18:40 - 2015-05-08 18:40 - 00082184 _____ () C:\ProgramData\Browser\prompt.exe
2015-05-08 18:40 - 2015-05-08 18:40 - 00075776 _____ () C:\ProgramData\NetEngine\bin\D10\netengine.exe
2015-05-08 18:40 - 2015-05-08 18:40 - 00003072 _____ () C:\Users\Max\AppData\Local\Temp\isdkckxTWgwl\ISightHost.exe
2015-05-08 18:40 - 2015-02-13 15:37 - 00808960 _____ () C:\Users\Max\AppData\Local\Temp\isdkckxTWgwl\ISightSDK.DLL
2015-05-08 18:41 - 2015-05-08 18:41 - 00708096 _____ () C:\Users\Max\AppData\Local\Temp\is-6QUVK.tmp\package_priceless_p_installer_multilang.tmp
2015-05-08 18:41 - 2015-05-08 18:41 - 02357248 _____ () C:\Users\Max\AppData\Local\Temp\is-BGP8Q.tmp\priceless_p_soft_partner.exe
2014-05-08 18:41 - 2014-05-08 18:41 - 02357248 _____ () C:\Users\Max\AppData\Local\Temp\BFF8\temp\priceless_p_soft_partner.exe
2015-05-08 18:41 - 2015-05-08 18:41 - 01212904 _____ () C:\Users\Max\AppData\Local\Temp\nso5FB4.tmp\DCytdkietut_tutdk_setup.exe
2015-04-27 20:32 - 2015-04-27 20:32 - 01752104 _____ () c:\Program Files (x86)\Optimizer Pro 3.84\OptProMon.dll
2015-05-08 18:34 - 2015-05-08 18:34 - 00307200 _____ () C:\WINDOWS\TEMP\mrtC40B.tmp\MMFS2.dll
2015-05-08 18:34 - 2015-05-08 18:34 - 00021504 _____ () C:\WINDOWS\TEMP\mrtC40B.tmp\Get.mfx
2015-05-08 18:34 - 2015-05-08 18:34 - 00059392 _____ () C:\WINDOWS\TEMP\mrtC40B.tmp\Yaso.mfx
2015-04-27 20:28 - 2015-03-11 11:28 - 00288632 _____ () C:\Program Files\shopperz\krios.dll
2015-04-27 20:28 - 2015-03-11 11:28 - 00611192 _____ () C:\Program Files\shopperz\tsoni.dll
2015-04-27 20:28 - 2015-03-11 11:28 - 00238968 _____ () C:\Program Files\shopperz\liara.dll
2015-04-27 20:28 - 2015-03-11 11:28 - 00309112 _____ () C:\Program Files\shopperz\kasumi32.dll
2015-04-27 21:03 - 2015-03-16 11:13 - 01070592 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\libglesv2.dll
2015-04-27 21:03 - 2015-03-16 11:13 - 00204800 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\libegl.dll
2015-04-27 21:03 - 2015-03-16 11:13 - 09002496 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\pdf.dll
2015-04-27 21:03 - 2015-03-16 11:13 - 00896512 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\ffmpegsumo.dll
2015-05-08 18:36 - 2015-05-08 18:36 - 00011264 _____ () C:\Users\Max\AppData\Local\Temp\nssA754.tmp\System.dll
2015-05-08 18:38 - 2015-05-08 18:38 - 00011264 _____ () C:\Users\Max\AppData\Local\Temp\nst66B6.tmp\System.dll
2015-05-08 18:38 - 2015-05-08 18:38 - 00009728 _____ () C:\Users\Max\AppData\Local\Temp\nst66B6.tmp\nsDialogs.dll
2015-05-08 18:38 - 2015-05-08 18:38 - 00025088 _____ () C:\Users\Max\AppData\Local\Temp\nst66B6.tmp\registry.dll
2015-05-08 18:38 - 2015-05-08 18:38 - 00067584 _____ () C:\Users\Max\AppData\Local\Temp\nst66B6.tmp\Math.dll
2015-05-08 18:38 - 2015-05-08 18:38 - 00069120 _____ () C:\Users\Max\AppData\Local\Temp\nst66B6.tmp\nsPage_LoadOffer.dll
2015-05-08 18:41 - 2014-11-13 08:16 - 00205312 _____ () C:\Users\Max\AppData\Local\Temp\is-BGP8Q.tmp\itdownload.dll
2015-04-12 01:32 - 2015-04-12 01:32 - 02135552 _____ () C:\Users\Max\AppData\Local\avaavaevy\avaavaevy.exe
2015-05-08 18:42 - 2015-05-08 18:42 - 02374144 _____ () C:\Users\Max\AppData\Local\Temp\BFF8\temp\TyHelpTFUO.xyz.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Max\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebWatcherProxy => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\skillwsa.com -> hxxps://www.skillwsa.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Max\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\4a81fefa200c5c1935c8fca37911a403-d389tgc.jpg
DNS Servers: 31.168.228.251 - 82.166.96.251

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\StartupApproved\Run: => "Search Protection"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{6AD978BC-82F6-4609-80F5-B3F33BB3FC77}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8275DCCF-64B5-4CBE-8C89-2CF90462C757}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{85975536-523C-428D-9FD6-AC966550EF75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{75AB1DA5-7998-4FAE-A265-6DF2EF235328}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5371B7D4-35F3-4060-9CB7-0545A9911017}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6DB016FA-7FC4-43F0-A24C-2FF97C04A767}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1582D62F-A029-439D-95EB-5CD1ACC2CE14}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{21802013-5F97-4405-8A11-74DE6FB8DAB7}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{934E1972-4E17-4F36-A272-68F36A1BB754}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{101BA77D-7DCA-4BFF-A39B-3890285DF586}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{4C3061B6-38F3-4819-BE51-C98B72D27FE2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{14CDA4D8-9F86-4156-BFB4-3AE542551E5D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9D591C37-4373-47B7-BBEE-09E7B8418A0A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{957E4CCD-1C26-41C1-849C-6061275E07DE}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/08/2015 06:39:22 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (05/08/2015 06:37:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll, version: 9.1.10.34, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000000000040cfa6
Faulting process id: 0x1258
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5

Error: (05/08/2015 06:35:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.3.9600.17415, time stamp: 0x54503c68
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000008
Fault offset: 0x0003c6cc
Faulting process id: 0x1140
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (04/27/2015 08:36:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SmartWebApp.exe, version: 8.0.9.2, time stamp: 0x54e31eaf
Faulting module name: SmartWebApp.exe, version: 8.0.9.2, time stamp: 0x54e31eaf
Exception code: 0xc0000005
Fault offset: 0x0000dd80
Faulting process id: 0x393c
Faulting application start time: 0xSmartWebApp.exe0
Faulting application path: SmartWebApp.exe1
Faulting module path: SmartWebApp.exe2
Report Id: SmartWebApp.exe3
Faulting package full name: SmartWebApp.exe4
Faulting package-relative application ID: SmartWebApp.exe5

Error: (04/27/2015 08:28:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.1.5570, time stamp: 0x551e23ee
Faulting module name: mozalloc.dll, version: 37.0.1.5570, time stamp: 0x551e1536
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x30c8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (04/27/2015 08:24:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.1.5570, time stamp: 0x551e23ee
Faulting module name: mozalloc.dll, version: 37.0.1.5570, time stamp: 0x551e1536
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x3c08
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (04/27/2015 08:23:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.1.5570, time stamp: 0x551e23ee
Faulting module name: mozalloc.dll, version: 37.0.1.5570, time stamp: 0x551e1536
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x22f8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (04/27/2015 08:22:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SmartWebApp.exe, version: 8.0.9.2, time stamp: 0x54e31eaf
Faulting module name: SmartWebApp.exe, version: 8.0.9.2, time stamp: 0x54e31eaf
Exception code: 0xc000041d
Fault offset: 0x0000da5e
Faulting process id: 0x238c
Faulting application start time: 0xSmartWebApp.exe0
Faulting application path: SmartWebApp.exe1
Faulting module path: SmartWebApp.exe2
Report Id: SmartWebApp.exe3
Faulting package full name: SmartWebApp.exe4
Faulting package-relative application ID: SmartWebApp.exe5

Error: (04/27/2015 08:22:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SmartWebApp.exe, version: 8.0.9.2, time stamp: 0x54e31eaf
Faulting module name: SmartWebApp.exe, version: 8.0.9.2, time stamp: 0x54e31eaf
Exception code: 0xc0000005
Fault offset: 0x0000da5e
Faulting process id: 0x238c
Faulting application start time: 0xSmartWebApp.exe0
Faulting application path: SmartWebApp.exe1
Faulting module path: SmartWebApp.exe2
Report Id: SmartWebApp.exe3
Faulting package full name: SmartWebApp.exe4
Faulting package-relative application ID: SmartWebApp.exe5

Error: (04/27/2015 08:19:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll, version: 9.1.10.34, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000000000040cfa6
Faulting process id: 0x12d0
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5


System errors:
=============
Error: (05/08/2015 06:43:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (05/08/2015 06:43:23 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (05/08/2015 06:43:13 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (05/08/2015 06:43:12 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (05/08/2015 06:43:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (05/08/2015 06:43:02 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (05/08/2015 06:42:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (05/08/2015 06:42:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (05/08/2015 06:42:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

Error: (05/08/2015 06:42:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.


Microsoft Office Sessions:
=========================
Error: (05/08/2015 06:39:22 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883

Error: (05/08/2015 06:37:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa6125801d089f88820a50eC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dlle97b8940-f5eb-11e4-be89-6c626db6dac3

Error: (05/08/2015 06:35:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.3.9600.1741554503c68ntdll.dll6.3.9600.17736550f42c2c00000080003c6cc114001d089f85a1d18ebC:\WINDOWS\SysWOW64\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dlla3738e71-f5eb-11e4-be89-6c626db6dac3

Error: (04/27/2015 08:36:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SmartWebApp.exe8.0.9.254e31eafSmartWebApp.exe8.0.9.254e31eafc00000050000dd80393c01d0816294bf76b7C:\Users\Max\AppData\Local\SmartWeb\SmartWebApp.exeC:\Users\Max\AppData\Local\SmartWeb\SmartWebApp.exebcc3b460-ed57-11e4-be88-6c626db6dac3

Error: (04/27/2015 08:28:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa130c801d081634ebed59aC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla51d10c8-ed56-11e4-be88-6c626db6dac3

Error: (04/27/2015 08:24:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa13c0801d08162cf8e565aC:\PROGRA~2\MOZILL~1\plugin-container.exeC:\PROGRA~2\MOZILL~1\mozalloc.dll21453d03-ed56-11e4-be88-6c626db6dac3

Error: (04/27/2015 08:23:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa122f801d08162465b7cb7C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll0078002c-ed56-11e4-be88-6c626db6dac3

Error: (04/27/2015 08:22:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SmartWebApp.exe8.0.9.254e31eafSmartWebApp.exe8.0.9.254e31eafc000041d0000da5e238c01d0816205b1ab2dC:\Users\Max\AppData\Local\SmartWeb\SmartWebApp.exeC:\Users\Max\AppData\Local\SmartWeb\SmartWebApp.execce41fa6-ed55-11e4-be88-6c626db6dac3

Error: (04/27/2015 08:22:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SmartWebApp.exe8.0.9.254e31eafSmartWebApp.exe8.0.9.254e31eafc00000050000da5e238c01d0816205b1ab2dC:\Users\Max\AppData\Local\SmartWeb\SmartWebApp.exeC:\Users\Max\AppData\Local\SmartWeb\SmartWebApp.exec9f09e44-ed55-11e4-be88-6c626db6dac3

Error: (04/27/2015 08:19:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa612d001d0816209f70308C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dll5e924fc0-ed55-11e4-be88-6c626db6dac3


CodeIntegrity Errors:
===================================
Date: 2015-04-27 21:06:36.468
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-27 21:06:36.343
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-27 21:06:36.205
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-27 21:04:30.153
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-27 21:04:29.965
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-27 21:03:34.211
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-27 21:03:34.086
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-27 21:03:33.945
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-27 21:03:33.820
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-04-27 21:03:33.610
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz
Percentage of memory in use: 21%
Total physical RAM: 14327.11 MB
Available physical RAM: 11294.17 MB
Total Pagefile: 16503.11 MB
Available Pagefile: 12822.54 MB
Total Virtual: 131072 MB
Available Virtual: 131071.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:805.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FA7C697B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Thank you for your assistance.

Very respectfully,
Max
You do not have the required permissions to view the files attached to this post.
maximusdowns
Regular Member
 
Posts: 66
Joined: August 4th, 2012, 4:11 pm
Advertisement
Register to Remove

Re: Malware and Pop-Ups

Unread postby Gary R » May 14th, 2015, 8:29 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Malware and Pop-Ups

Unread postby Gary R » May 14th, 2015, 8:40 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Max

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 8.1, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Please do the following for me ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ....

Please reboot your computer.

Next ....

Run a new scan with FRST and post me both the new logs (you'll need to check the addition.txt button on the interface before running the new scan or it won't produce that log)

Next ....

I need you to run a search for me using FRST ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;trovi;clientconnect;Gambali;crossbrowse;smartweb

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • New FRST.txt
  • New Addition.txt
  • Search.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 14th, 2015, 11:09 pm

Hi,

Thank you for your assistance. Here is my ADWCleaner log:

# AdwCleaner v4.204 - Logfile created 14/05/2015 at 19:43:27
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Max - LEVIATHAN
# Running from : C:\Users\Max\Downloads\adwcleaner_4.204.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : BrsHelper
[#] Service Deleted : cherimoya
[#] Service Deleted : CltMngSvc
[#] Service Deleted : consumerinput_update
[#] Service Deleted : consumerinput_updatem
[#] Service Deleted : csrcc
Service Deleted : Gambali
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : sbmntr
[#] Service Deleted : shopperz Updater
[#] Service Deleted : SMUpd
Service Deleted : SMUpdd
[#] Service Deleted : SPBIUpd
Service Deleted : SPBIUpdd
[#] Service Deleted : wbsvc
[#] Service Deleted : FlashBeat
Service Deleted : WebWatcherProxy
Service Deleted : innfd_1_10_0_14
[#] Service Deleted : qrnfd_1_10_0_12
[#] Service Deleted : 70F4EEDB-1367-4b4f-8247-3133551A7415
[#] Service Deleted : a4b494b4
[#] Service Deleted : be0fb33b
Service Deleted : SPDRIVER_1.42.1.1831
Service Deleted : webTinstMKTN84

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\SearchModule
Folder Deleted : C:\ProgramData\ShopperPro
Folder Deleted : C:\ProgramData\BreakingNewsAlert
Folder Deleted : C:\ProgramData\FlashBeat
Folder Deleted : C:\ProgramData\LolliScan
Folder Deleted : C:\ProgramData\NetEngine
Folder Deleted : C:\ProgramData\InstallSightSDK
Folder Deleted : C:\ProgramData\SearchModulePlus
Folder Deleted : C:\ProgramData\radio
Folder Deleted : C:\ProgramData\{578b7a49-b228-dc64-578b-b7a49b22e926}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SafeGuard
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\PepperZip
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\ShopperPro
Folder Deleted : C:\Program Files (x86)\supporter
Folder Deleted : C:\Program Files (x86)\YTDownloader
Folder Deleted : C:\Program Files (x86)\Consumer Input
Folder Deleted : C:\Program Files (x86)\Ge-Force
Folder Deleted : C:\Program Files (x86)\WSE_Taplika
Folder Deleted : C:\Program Files (x86)\FlashBeat
Folder Deleted : C:\Program Files (x86)\Crossbrowse
Folder Deleted : C:\Program Files (x86)\CloudScout Parental Control
Folder Deleted : C:\Program Files (x86)\GUPlayer
Folder Deleted : C:\Program Files (x86)\SafeGuard
Folder Deleted : C:\Program Files (x86)\OLBPre
Folder Deleted : C:\Program Files (x86)\app_setup
Folder Deleted : C:\Program Files (x86)\Priceless
Folder Deleted : C:\Program Files (x86)\version42BlockAndSurf
Folder Deleted : C:\Program Files (x86)\youtubeadblocker
Folder Deleted : C:\Program Files (x86)\CinemaPlus-3.2cV27.04
Folder Deleted : C:\Program Files (x86)\Lights Cinema 1.3betaV16.04
Folder Deleted : C:\Program Files (x86)\gmsd_us_493
Folder Deleted : C:\Program Files (x86)\Infonaut_1.10.0.14
Folder Deleted : C:\Program Files (x86)\QuickRef_1.10.0.12
Folder Deleted : C:\Program Files (x86)\Optimizer Pro 3.84
Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\SafeGuard
Folder Deleted : C:\Program Files\shopperz
Folder Deleted : C:\Program Files\WebBar
Folder Deleted : C:\Program Files\BubbleSound
Folder Deleted : C:\Program Files\Common Files\Goobzo
Folder Deleted : C:\Program Files\Common Files\ShopperPro
Folder Deleted : C:\Users\Max\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Max\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Max\AppData\Local\SmartWeb
Folder Deleted : C:\Users\Max\AppData\Local\Consumer Input
Folder Deleted : C:\Users\Max\AppData\Local\BreakingNewsAlert
Folder Deleted : C:\Users\Max\AppData\Local\WebBar
Folder Deleted : C:\Users\Max\AppData\Local\BrowserHelper
Folder Deleted : C:\Users\Max\AppData\Local\Crossbrowse
Folder Deleted : C:\Users\Max\AppData\Local\SafeGuard
Folder Deleted : C:\Users\Max\AppData\Local\gmsd_us_493
Folder Deleted : C:\Users\Max\AppData\Local\00000000-1429221433-0000-0000-6C626DB6DAC3
Folder Deleted : C:\Users\Max\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Max\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\Max\AppData\Roaming\WSE_Taplika
Folder Deleted : C:\Users\Max\AppData\Roaming\ASPackage
Folder Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Folder Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
Folder Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BubbleSound 1.0
Folder Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
Folder Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
Folder Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\veggy@veggyAddon.com
Folder Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\AnD@u.edu
Folder Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\yn@6X.org
Folder Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com
Folder Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\TTSD90021300@PYDKGV101145942.com
Folder Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\973ba634716b4639a1c150b40c@5afc24a09e55466bb60878000.com
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\crossbrowse.lnk
File Deleted : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
File Deleted : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Deleted : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
File Deleted : C:\WINDOWS\AppPatch\nbin\VC32Loader.dll
File Deleted : C:\WINDOWS\patsearch.bin
File Deleted : C:\WINDOWS\SysWOW64\Gambali.dll
File Deleted : C:\WINDOWS\SysWOW64\GambaliOff.ini
File Deleted : C:\WINDOWS\SysWOW64\WebWatcherLSP.dll
File Deleted : C:\WINDOWS\SysWOW64\WebWatcherProxyOff.ini
File Deleted : C:\Users\Max\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Max\AppData\Local\Temp\WebWatcherLSP.ini.log
File Deleted : C:\Users\Max\AppData\Local\Temp\WebWatcherProxyr.log
File Deleted : C:\Program Files\Common Files\System\SysMenu.dll
File Deleted : C:\Program Files\Common Files\System\SysMenu64.dll
File Deleted : C:\WINDOWS\System32\Gambali64.dll
File Deleted : C:\WINDOWS\System32\GambaliOff.ini
File Deleted : C:\WINDOWS\System32\WebWatcherProxyOff.ini
File Deleted : C:\WINDOWS\System32\drivers\cherimoya.sys
File Deleted : C:\WINDOWS\System32\drivers\webTinstMKTN84.sys
File Deleted : C:\WINDOWS\System32\drivers\innfd_1_10_0_14.sys
File Deleted : C:\WINDOWS\System32\drivers\qrnfd_1_10_0_12.sys
File Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk
File Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\crossbrowse.lnk
File Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
File Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
File Deleted : C:\Users\Max\Desktop\3D BubbleSound.lnk
File Deleted : C:\Users\Max\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Max\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\Max\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Max\Desktop\PepperZip.lnk
File Deleted : C:\Users\Max\Desktop\YTDownloader.lnk
File Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\invalidprefs.js
File Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\searchplugins\Taplika.xml
File Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\searchplugins\trovi.xml
File Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : ConsumerInputUpdateTaskMachineCore
Task Deleted : ConsumerInputUpdateTaskMachineUA
Task Deleted : Crossbrowse
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : gtaUpt
Task Deleted : Optimizer Pro Schedule
Task Deleted : ShopperPro
Task Deleted : ShopperProJSUpd
Task Deleted : SMupdate1
Task Deleted : SMWPUpd
Task Deleted : SPDriver
Task Deleted : WebBarLaunchTask
Task Deleted : WebBarUpdateTask
Task Deleted : WSE_Taplika
Task Deleted : YTDownloader
Task Deleted : YTDownloaderUpd
Task Deleted : NetEngine
Task Deleted : LaunchPreSignup
Task Deleted : Microsoft\Windows\Multimedia\SMupdate3
Task Deleted : Microsoft\Windows\Maintenance\SMupdate2
Task Deleted : BlockAndSurf Update
Task Deleted : 3cbeff34-7ffd-46c4-8208-b17f0452902a-1-6
Task Deleted : 3cbeff34-7ffd-46c4-8208-b17f0452902a-1-7
Task Deleted : 3cbeff34-7ffd-46c4-8208-b17f0452902a-10_user
Task Deleted : 3cbeff34-7ffd-46c4-8208-b17f0452902a-4
Task Deleted : 3cbeff34-7ffd-46c4-8208-b17f0452902a-5
Task Deleted : 3cbeff34-7ffd-46c4-8208-b17f0452902a-5_user
Task Deleted : 88e2d631-cef4-4b3b-959f-542c0d09b78a-1-6
Task Deleted : 88e2d631-cef4-4b3b-959f-542c0d09b78a-1-7
Task Deleted : 88e2d631-cef4-4b3b-959f-542c0d09b78a-10_user
Task Deleted : 88e2d631-cef4-4b3b-959f-542c0d09b78a-4
Task Deleted : 88e2d631-cef4-4b3b-959f-542c0d09b78a-5
Task Deleted : 88e2d631-cef4-4b3b-959f-542c0d09b78a-5_user
Task Deleted : fce0a815-cb33-4000-bd2c-72657c2b87bf-1-6
Task Deleted : fce0a815-cb33-4000-bd2c-72657c2b87bf-1-7
Task Deleted : fce0a815-cb33-4000-bd2c-72657c2b87bf-10_user
Task Deleted : fce0a815-cb33-4000-bd2c-72657c2b87bf-4
Task Deleted : SPBIW_UpdateTask_Time_3134393136333034302d23787845322a5b3434322d57

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [ConsumerInput@Compete]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{EDFB8DAF-FFDE-A9DE-F341-F0A7EC5530DB}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SPDriver]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WinCheck]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SPDriver]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SmartWeb]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe
Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataContainer
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataContainer.1
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataController
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataController.1
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTable
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTable.1
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTableFields
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTableHolder
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.DataTableHolder.1
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.LSPLogic
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.LSPLogic.1
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.ReadOnlyManager
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.ReadOnlyManager.1
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.WatchDog
Key Deleted : HKLM\SOFTWARE\CLASSES\WebWatcherProxyLib.WatchDog.1
Key Deleted : HKLM\SOFTWARE\CLASSES\APPID\WebWatcherProxy.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
Key Deleted : HKLM\SOFTWARE\Classes\CRSBRWSHTML
Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe
Key Deleted : HKCU\Software\Classes\PepperZip
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SafeGuard]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_us_493]
Key Deleted : HKLM\SOFTWARE\222d1b0b-297c-c0c7-6122-3c0e2e63aca8
Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{be0fb33b}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79AAD48C-7658-E566-0E71-9D097E9E899C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28E46C93-A83E-4D7D-BB00-E5C371E65C8B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{29554878-0746-47A9-9217-B9F57831CE32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{455B1D78-1FC1-4131-889D-35454FD7BFFC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4A690BA7-0428-4C60-8B64-BD448D90D16D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C7D53D5-33A8-4C92-8C90-D021A7B1217F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93BE68AB-DE96-4933-92F9-344694EDAD65}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFE33A6D-3087-418F-88C8-082B72D803CD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CC513FE0-7232-471B-B300-16780D81CE06}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{260EF2BF-62C5-4313-975E-591A7BFAFB2B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ADA38E4E-F20A-4399-BE91-E260AC341C69}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79AAD48C-7658-E566-0E71-9D097E9E899C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{79AAD48C-7658-E566-0E71-9D097E9E899C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28E46C93-A83E-4D7D-BB00-E5C371E65C8B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{29554878-0746-47A9-9217-B9F57831CE32}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{455B1D78-1FC1-4131-889D-35454FD7BFFC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4A690BA7-0428-4C60-8B64-BD448D90D16D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C7D53D5-33A8-4C92-8C90-D021A7B1217F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93BE68AB-DE96-4933-92F9-344694EDAD65}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFE33A6D-3087-418F-88C8-082B72D803CD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CC513FE0-7232-471B-B300-16780D81CE06}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79AAD48C-7658-E566-0E71-9D097E9E899C}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A850D08E-BE4F-4EDB-AF3B-B9AABC646600}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\PepperZip
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\YTDownloader
Key Deleted : HKCU\Software\WSE_Taplika
Key Deleted : HKCU\Software\CrossBrowser
Key Deleted : HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Deleted : HKCU\Software\Crossbrowse
Key Deleted : HKCU\Software\Ge-Force
Key Deleted : HKCU\Software\YorkNewCin
Key Deleted : HKCU\Software\HighDefAction
Key Deleted : HKCU\Software\SafeGuardApp
Key Deleted : HKCU\Software\ArenaHD
Key Deleted : HKCU\Software\CinemaPlus-3.2cV27.04
Key Deleted : HKCU\Software\CinemaPlus-3.2cV27.04-nv-ie
Key Deleted : HKCU\Software\Ge-Force-nv-ie
Key Deleted : HKCU\Software\Lights Cinema 1.3betaV16.04
Key Deleted : HKCU\Software\Lights Cinema 1.3betaV16.04-nv-ie
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\BlockAndSurf
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\ShopperPro
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\YTDownloader
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\shopperz
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\FlashBeat
Key Deleted : HKLM\SOFTWARE\SearchModule
Key Deleted : HKLM\SOFTWARE\Crossbrowse
Key Deleted : HKLM\SOFTWARE\SearchModulePlus
Key Deleted : HKLM\SOFTWARE\Ge-Force
Key Deleted : HKLM\SOFTWARE\SiteSee
Key Deleted : HKLM\SOFTWARE\YorkNewCin
Key Deleted : HKLM\SOFTWARE\HighDefAction
Key Deleted : HKLM\SOFTWARE\SafeGuardApp
Key Deleted : HKLM\SOFTWARE\ArenaHD
Key Deleted : HKLM\SOFTWARE\CinemaPlus-3.2cV27.04
Key Deleted : HKLM\SOFTWARE\CinemaPlus-3.2cV27.04-nv-ie
Key Deleted : HKLM\SOFTWARE\Ge-Force-nv-ie
Key Deleted : HKLM\SOFTWARE\Lights Cinema 1.3betaV16.04
Key Deleted : HKLM\SOFTWARE\Lights Cinema 1.3betaV16.04-nv-ie
Key Deleted : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Deleted : HKU\.DEFAULT\Software\CinemaPlus-3.2cV27.04-nv-ie
Key Deleted : HKU\.DEFAULT\Software\Ge-Force-nv-ie
Key Deleted : HKU\.DEFAULT\Software\Lights Cinema 1.3betaV16.04-nv-ie
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PepperZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BreakingNewsAlert
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\igsc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Taplika
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashBeat
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search module
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Module Plus
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{365C5DC2-679A-4A5D-B40B-5096A49087A8}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OLBPre
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SafeGuard
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\0BB5A864-B491-0C48-FE83-83E19A81C14D
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaPlus-3.2cV27.04
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lights Cinema 1.3betaV16.04
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
Key Deleted : [x64] HKLM\SOFTWARE\shopperz
Key Deleted : [x64] HKLM\SOFTWARE\FlashBeat
Key Deleted : [x64] HKLM\SOFTWARE\BubbleSound
Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
Key Deleted : [x64] HKLM\SOFTWARE\WebBar
Key Deleted : [x64] HKLM\SOFTWARE\SearchModulePlus
Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BubbleSound
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5081D2D4-1637-404c-B74F-50526718257D}_is1
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - _C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]

-\\ Mozilla Firefox v37.0.1 (x86 en-US)

[174u8fal.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://taplika.com/?f=1&a=tpl_tuto13_15_18&cd=2XzuyEtN2Y1L1QzuyC0CyCtByC0D0ByC0D0A0CtAzz0AtCyEtN0D0Tzu0StCtBtCtBtN1L2XzutAtFzytFzztFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qz[...]
[174u8fal.default\prefs.js] - Line Deleted : user_pref("extensions.a973ba634716b4639a1c150b40c5afc24a09e55466bb60878000com72897.72897.cookie.previous_page.value", "%22hxxp%3A//www-searching.com/%3Fpid%3Ds%26s%3DF59ztutdk0002%2Cb37c2c34-3748-4f99[...]
[174u8fal.default\prefs.js] - Line Deleted : user_pref("extensions.a973ba634716b4639a1c150b40c5afc24a09e55466bb60878000com72897.72897.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22[...]
[174u8fal.default\prefs.js] - Line Deleted : user_pref("extensions.a973ba634716b4639a1c150b40c5afc24a09e55466bb60878000com72897.72897.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5[...]
[174u8fal.default\prefs.js] - Line Deleted : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
[174u8fal.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14cc57b51dc1d7740d4055a33286f106");
[174u8fal.default\prefs.js] - Line Deleted : user_pref("keyword.URL", "hxxp://www-searching.com/search.aspx?s=F4Hzamodk010924,4e6875f1-980b-403e-b4c6-f76425c5eb83,&q=");

*************************

AdwCleaner[R0].txt - [2879 bytes] - [12/02/2015 19:52:29]
AdwCleaner[R1].txt - [37976 bytes] - [14/05/2015 19:40:31]
AdwCleaner[S0].txt - [2981 bytes] - [12/02/2015 19:55:05]
AdwCleaner[S1].txt - [34359 bytes] - [14/05/2015 19:43:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [34419 bytes] ##########

My FRST.txt file is too large to post in this reply. I have attached it per the instructions of the website.

Here is my Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2015 02
Ran by Max at 2015-05-14 20:04:51
Running from C:\Users\Max\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3369700690-3850376273-3648611264-500 - Administrator - Disabled)
Guest (S-1-5-21-3369700690-3850376273-3648611264-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3369700690-3850376273-3648611264-1003 - Limited - Enabled)
Max (S-1-5-21-3369700690-3850376273-3648611264-1001 - Administrator - Enabled) => C:\Users\Max

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveState Komodo Edit 8.5.4 (HKLM-x32\...\{E65B87D8-30C4-4FB0-8C24-AFD64950A881}) (Version: 8.5.4 - ActiveState Software Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Consumer Input Update Helper (x32 Version: 1.3.25.307 - Compete Inc.) Hidden <==== ATTENTION
GamesDesktop 025.493 (HKLM-x32\...\gmsd_us_493_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
GamesDesktop 025.585 (HKLM-x32\...\gmsd_us_585_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
GUPlayer (remove only) (HKLM-x32\...\GUPlayer) (Version: - )
Infonaut 1.10.0.14 (HKLM-x32\...\Infonaut_1.10.0.14) (Version: 1.10.0.14 - Infonaut)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.3 - Mozilla)
OneSoftPerDay 025.1014 (HKLM-x32\...\ospd_us_1014_is1) (Version: - ONESOFTPERDAY)
Quick Ref 1.10.0.12 (HKLM-x32\...\QuickRef_1.10.0.12) (Version: 1.10.0.12 - Quick Ref) <==== ATTENTION!
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SDU version 3.8 (HKLM-x32\...\{A23B547D-36B0-4B85-B68A-AADF6C9A723B}_is1) (Version: 3.8 - )
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.23.10.51 - Client Connect LTD) <==== ATTENTION
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinPrograms (HKLM-x32\...\WebWatcherInstall) (Version: - )
WinPrograms (HKLM-x32\...\WinPrograms) (Version: - )
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.3-0 - Bitnami)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

03-04-2015 20:20:40 Windows Update
11-04-2015 13:10:25 Scheduled Checkpoint
14-04-2015 20:17:53 Windows Update
21-04-2015 05:13:45 Windows Update
14-05-2015 19:21:49 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1FA9B445-350F-4835-BF2C-96AF95425380} - System32\Tasks\SysHealth_Controller_Mon => C:\WINDOWS\SysFilesController\SysFiles_backup.exe [2015-04-14] ()
Task: {35DB4975-C9FE-4426-825A-478EF2510D46} - System32\Tasks\SMW_UpdateTask_Time_3134393136333034302d23787845322a5b3434322d57 => Wscript.exe //B "C:\ProgramData\SearchModulePlus\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {389410C7-397E-4EC4-9B17-E03F997868F5} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {42625468-6C7A-4750-B778-1DF66BCE37D8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {5C077C66-CDAF-4194-9A58-5F56EE2A758A} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {5FF35EF8-6D15-4142-AC6D-56932ACA1076} - System32\Tasks\LKVYT => C:\Users\Max\AppData\Roaming\LKVYT.exe [2015-04-16] (Cinema PlusV16.04) <==== ATTENTION
Task: {63EF171F-C123-437E-A670-5CAE712A55B1} - System32\Tasks\CIMT_daily_S-1-5-21-3369700690-3850376273-3648611264-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {683E56B8-60CC-405C-AABE-AB4541659A46} - System32\Tasks\KCXOIF => C:\ProgramData\e29c40da53af42a3895e10c22c3d76c2\e29c40da53af42a3895e10c22c3d76c2.exe [2015-04-17] ()
Task: {691B35C8-3301-4848-A522-EECA18C017DF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {6E30FC18-F148-4813-B702-453D40D05913} - System32\Tasks\NetEngine => C:\ProgramData\NetEngine\bin\D10\netengine.exe [2015-05-14] () <==== ATTENTION
Task: {71973511-334E-4A5A-998C-3A31D522AD4E} - System32\Tasks\XBNK => C:\Users\Max\AppData\Roaming\XBNK.exe [2015-04-16] (Cinema PlusV16.04) <==== ATTENTION
Task: {7B13B1BA-03E2-49FA-9A67-93041B98F21C} - System32\Tasks\CloudHIDEAWAY => C:\Program Files (x86)\CloudScout Parental Control\CloudHIDEAWAY.exe
Task: {8B25951E-3EC5-4527-AE08-AD1F2EC3F1FC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {8FF29747-2FFD-42C3-AA03-27ED381A69BA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {9112DE0A-D174-4ED2-936B-D2B41D138D57} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-14] (Microsoft Corporation)
Task: {92ED8193-5D55-4A64-A03D-5A91F545BF67} - System32\Tasks\Taplika mite => Wscript.exe "C:\ProgramData\{3807D0C4-6885-0142-D903-71C00981A24E}\1.9.3.1\fiber.js" "433a2f50726f6772616d446174612f7b33383037443043342d363838352d303134322d443930332d3731433030393831413234457d2f312e392e332e312f6d6974652e646c6c" "687474703a2f2f73616f2e7461627072742e636f6d2f" "--IsErIk"
Task: {A4C45A8C-EEE0-40BC-9A25-7EBD462C81DF} - System32\Tasks\avabvyxvdy => C:\Users\Max\AppData\Local\avabvyxvdy\avabvyxvdy.exe [2015-04-28] () <==== ATTENTION
Task: {B62FABBB-6CBC-43B1-A905-6DE985B0F639} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C1984A02-6B05-4D50-A915-128DF686119F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {C5F5F02D-7F3D-48A2-AB87-3AEF76AC1AB9} - System32\Tasks\PcMb9sgy4Hax8V4w => C:\Users\Max\AppData\Roaming\PcMb9sgy4Hax8V4w.exe [2015-04-20] () <==== ATTENTION
Task: {D2FB8B1F-1BD0-48EA-BE42-6DBDBED781C6} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {DC9C3B8C-773C-4273-81DF-27A837BBD50D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {E2CB4DC1-1097-48A2-B9A2-4FA239302E00} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {F76CD251-7173-421F-BCBC-8215640FF70D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {F9F38DA5-909A-4BA3-97D2-6DF36925CDAC} - System32\Tasks\CIMT_S-1-5-21-3369700690-3850376273-3648611264-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-3369700690-3850376273-3648611264-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-3369700690-3850376273-3648611264-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\LKVYT.job => C:\Users\Max\AppData\Roaming\LKVYT.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PcMb9sgy4Hax8V4w.job => C:\Users\Max\AppData\Roaming\PcMb9sgy4Hax8V4w.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Taplika mite.job => Wscript.exe C:\ProgramData\{3807D0C4-6885-0142-D903-71C00981A24E}\1.9.3.1\fiber.js 433a2f50726f6772616d446174612f7b33383037443043342d363838352d303134322d443930332d3731433030393831413234457d2f312e392e332e312f6d6974652e646c6c 687474703a2f2f73616f2e7461627072742e636f6d2f --IsErIk.LEV
Task: C:\WINDOWS\Tasks\XBNK.job => C:\Users\Max\AppData\Roaming\XBNK.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-27 20:28 - 2015-04-27 20:28 - 00417792 _____ () c:\windows\lah.exe
2015-04-27 20:28 - 2015-04-27 20:28 - 00408576 _____ () c:\windows\mlah.exe
2015-04-27 20:30 - 2015-04-27 20:30 - 00108544 _____ () C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\jnsp89F0.tmp
2015-04-16 21:04 - 2015-04-16 21:04 - 00117248 _____ () C:\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\jnsiF0DB.tmp
2015-04-27 20:30 - 2015-04-27 20:30 - 00139776 _____ () C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\nsr4204.tmpfs
2015-04-16 21:03 - 2015-04-16 21:03 - 00137728 _____ () C:\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\nsaB737.tmpfs
2015-04-16 21:01 - 2015-04-10 16:41 - 03308488 _____ () C:\Users\Max\AppData\Local\ospd_us_1014\upospd_us_1014.exe
2015-04-16 21:01 - 2015-04-10 16:41 - 03981256 _____ () C:\Program Files (x86)\ospd_us_1014\ospd_us_1014.exe
2015-05-14 19:42 - 2015-05-14 15:46 - 03981768 _____ () C:\Program Files (x86)\gmsd_us_585\gmsd_us_585.exe
2015-05-14 19:52 - 2015-05-14 19:52 - 00082696 _____ () C:\ProgramData\Radio\prompt.exe
2015-05-14 19:52 - 2015-05-14 19:52 - 00075776 _____ () C:\ProgramData\NetEngine\bin\D10\netengine.exe
2015-05-14 19:53 - 2015-05-14 19:53 - 00708096 _____ () C:\Users\Max\AppData\Local\Temp\is-OH48E.tmp\majmp_gentleeeuu.tmp
2015-05-14 19:54 - 2015-05-14 19:54 - 00708096 _____ () C:\Users\Max\AppData\Local\Temp\is-4R4N9.tmp\gentlemjmp_ieeuu.tmp
2015-05-08 18:42 - 2015-05-08 18:43 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-05-14 19:47 - 2015-05-14 19:47 - 00307200 _____ () C:\WINDOWS\TEMP\mrt5BA8.tmp\MMFS2.dll
2015-05-14 19:47 - 2015-05-14 19:47 - 00021504 _____ () C:\WINDOWS\TEMP\mrt5BA8.tmp\Get.mfx
2015-05-14 19:47 - 2015-05-14 19:47 - 00059392 _____ () C:\WINDOWS\TEMP\mrt5BA8.tmp\Yaso.mfx
2015-05-14 19:54 - 2014-11-13 08:16 - 00205312 _____ () C:\Users\Max\AppData\Local\Temp\is-VBC5T.tmp\itdownload.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Max\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebWatcherProxy => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\skillwsa.com -> hxxps://www.skillwsa.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Max\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\4a81fefa200c5c1935c8fca37911a403-d389tgc.jpg
DNS Servers: 31.168.228.251 - 82.166.96.251

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\StartupApproved\Run: => "Search Protection"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{6AD978BC-82F6-4609-80F5-B3F33BB3FC77}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8275DCCF-64B5-4CBE-8C89-2CF90462C757}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{85975536-523C-428D-9FD6-AC966550EF75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{75AB1DA5-7998-4FAE-A265-6DF2EF235328}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5371B7D4-35F3-4060-9CB7-0545A9911017}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6DB016FA-7FC4-43F0-A24C-2FF97C04A767}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1582D62F-A029-439D-95EB-5CD1ACC2CE14}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{21802013-5F97-4405-8A11-74DE6FB8DAB7}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{934E1972-4E17-4F36-A272-68F36A1BB754}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{101BA77D-7DCA-4BFF-A39B-3890285DF586}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{4C3061B6-38F3-4819-BE51-C98B72D27FE2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{14CDA4D8-9F86-4156-BFB4-3AE542551E5D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9D591C37-4373-47B7-BBEE-09E7B8418A0A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{957E4CCD-1C26-41C1-849C-6061275E07DE}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2015 07:50:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll, version: 9.1.10.34, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000000000040cfa6
Faulting process id: 0x12fc
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5

Error: (05/14/2015 07:40:08 PM) (Source: COM) (EventID: 18221) (User: LEVIATHAN)
Description: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeS-1-5-21-3369700690-3850376273-3648611264-1001

Error: (05/14/2015 07:37:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spbia.exe, version: 1.0.0.4, time stamp: 0x55549ea0
Faulting module name: spbia.exe, version: 1.0.0.4, time stamp: 0x55549ea0
Exception code: 0xc0000005
Fault offset: 0x000000000000a746
Faulting process id: 0x3594
Faulting application start time: 0xspbia.exe0
Faulting application path: spbia.exe1
Faulting module path: spbia.exe2
Report Id: spbia.exe3
Faulting package full name: spbia.exe4
Faulting package-relative application ID: spbia.exe5

Error: (05/14/2015 07:35:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.1.5570, time stamp: 0x551e23ee
Faulting module name: mozalloc.dll, version: 37.0.1.5570, time stamp: 0x551e1536
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x3564
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (05/14/2015 07:33:06 PM) (Source: MsiInstaller) (EventID: 1024) (User: LEVIATHAN)
Description: Product: Adobe Reader XI (11.0.10) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011011}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/14/2015 07:29:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll, version: 9.1.10.34, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000000000040cfa6
Faulting process id: 0x2dd8
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Faulting package full name: CCC.exe4
Faulting package-relative application ID: CCC.exe5

Error: (05/08/2015 06:49:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14156

Error: (05/08/2015 06:49:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14156

Error: (05/08/2015 06:49:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/08/2015 06:49:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12578


System errors:
=============
Error: (05/14/2015 07:47:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Module Plus Update service failed to start due to the following error:
%%2

Error: (05/14/2015 07:47:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Quick Ref 1.10.0.12 Client Service service failed to start due to the following error:
%%2

Error: (05/14/2015 07:47:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Infonaut 1.10.0.14 Client Service service failed to start due to the following error:
%%2

Error: (05/14/2015 07:47:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Licensing Console service failed to start due to the following error:
%%1053

Error: (05/14/2015 07:47:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Licensing Console service to connect.

Error: (05/14/2015 07:44:20 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (05/14/2015 07:43:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/14/2015 07:43:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/14/2015 07:43:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (05/14/2015 07:43:28 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Gambali service, but this action failed with the following error:
%%1058


Microsoft Office Sessions:
=========================
Error: (05/14/2015 07:50:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa612fc01d08eb9d264d7d5C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dll1efcc9b2-faad-11e4-be8b-6c626db6dac3

Error: (05/14/2015 07:40:08 PM) (Source: COM) (EventID: 18221) (User: LEVIATHAN)
Description: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeS-1-5-21-3369700690-3850376273-3648611264-1001

Error: (05/14/2015 07:37:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: spbia.exe1.0.0.455549ea0spbia.exe1.0.0.455549ea0c0000005000000000000a746359401d08eb7e21fa8c5C:\Program Files\Common Files\ShopperPro\spbia.exeC:\Program Files\Common Files\ShopperPro\spbia.exe4395dcc9-faab-11e4-be8a-6c626db6dac3

Error: (05/14/2015 07:35:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa1356401d08eb6f50f0b5cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll17adbe55-faab-11e4-be8a-6c626db6dac3

Error: (05/14/2015 07:33:06 PM) (Source: MsiInstaller) (EventID: 1024) (User: LEVIATHAN)
Description: Adobe Reader XI (11.0.10){AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)

Error: (05/14/2015 07:29:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CCC.exe4.5.0.053ad0dccamdmantle64.dll9.1.10.345417637bc0000005000000000040cfa62dd801d08eb6dd4eafaaC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\WINDOWS\SYSTEM32\amdmantle64.dll2cda963d-faaa-11e4-be8a-6c626db6dac3

Error: (05/08/2015 06:49:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14156

Error: (05/08/2015 06:49:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14156

Error: (05/08/2015 06:49:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/08/2015 06:49:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12578


CodeIntegrity Errors:
===================================
Date: 2015-05-14 19:56:22.097
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-14 19:56:21.939
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-14 19:56:21.797
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-14 19:56:17.206
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-14 19:56:16.987
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-14 19:56:16.788
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-14 19:56:16.538
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-14 19:32:30.207
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-14 19:32:30.007
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-05-14 19:32:29.772
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz
Percentage of memory in use: 24%
Total physical RAM: 14327.11 MB
Available physical RAM: 10815.75 MB
Total Pagefile: 16503.11 MB
Available Pagefile: 12410.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:803.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FA7C697B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

And here is my Search.txt

Farbar Recovery Scan Tool (x64) Version: 14-05-2015 02
Ran by Max at 2015-05-14 20:02:04
Running from C:\Users\Max\Desktop
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;trovi;clientconnect;Gambali;crossbrowse;smartweb" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9f41624-2083-45cd-ac36-af8119a22a41}]
""="CLocationSearchQuery"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Classes\ActivatableClasses\CLSID\{17747E73-8A50-5EFE-A0BC-7B025F13C68C}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001_Classes\ActivatableClasses\CLSID\{17747E73-8A50-5EFE-A0BC-7B025F13C68C}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"6013214C586B6E849BDB4E9F1148E14B"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"


===================== Search result for "trovi" ==========

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MFB31EA79-17E6-42ED-8BD4-7D6073084D28&SearchSource=55&CUI=&UM=8&UP=SP02A59E60-ED69-4A65-8AD1-6381790FDA38&D=041715&SSPV=SP22230TA_sp_ie"


===================== Search result for "clientconnect" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8DD5142F-7E23-4c44-9DD7-98B9C7032535}]
""="INapEnforcementClientConnectionPrivate"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BD244906-70DD-4690-BEEA-648653393500}]
""="INapEnforcementClientConnection2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FB3A3505-DDB1-468A-B307-F328A57419D8}]
""="INapEnforcementClientConnection"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8DD5142F-7E23-4c44-9DD7-98B9C7032535}]
""="INapEnforcementClientConnectionPrivate"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BD244906-70DD-4690-BEEA-648653393500}]
""="INapEnforcementClientConnection2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FB3A3505-DDB1-468A-B307-F328A57419D8}]
""="INapEnforcementClientConnection"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{8DD5142F-7E23-4c44-9DD7-98B9C7032535}]
""="INapEnforcementClientConnectionPrivate"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{BD244906-70DD-4690-BEEA-648653393500}]
""="INapEnforcementClientConnection2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{FB3A3505-DDB1-468A-B307-F328A57419D8}]
""="INapEnforcementClientConnection"


===================== Search result for "Gambali" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Gambali.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A0E3F63A-048B-4634-BB56-18122A316CE4}]
"LocalService"="Gambali"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataContainer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataContainer.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataController\CurVer]
""="GambaliLib.DataController.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTable]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTable.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTableFields\CurVer]
""="GambaliLib.DataTableFields.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTableHolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTableHolder.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.LSPLogic\CurVer]
""="GambaliLib.LSPLogic.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.ReadOnlyManager]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.ReadOnlyManager.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.WFPController\CurVer]
""="GambaliLib.WFPController.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD6F4F21-2287-4B46-82E5-530F4739C2B7}\1.0]
""="Gambali 1.0 Type Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11E39DD2-DE99-4660-850A-01EBDD39CD9B}\LocalServer32]
""=""C:\ProgramData\FlashBeat\Gambali.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11E39DD2-DE99-4660-850A-01EBDD39CD9B}\VersionIndependentProgID]
""="GambaliLib.DataContainer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C2A47DA-9452-435F-A8AB-9A3784434730}\LocalServer32]
""=""C:\ProgramData\FlashBeat\Gambali.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C2A47DA-9452-435F-A8AB-9A3784434730}\VersionIndependentProgID]
""="GambaliLib.ReadOnlyManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8571AE44-354D-4446-86A2-B59B7BF672FD}\ProgID]
""="GambaliLib.LSPLogic.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{85DD4B1A-8FCF-4B5C-B6BC-D23C437E7A91}\LocalServer32]
""=""C:\ProgramData\FlashBeat\Gambali.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{85DD4B1A-8FCF-4B5C-B6BC-D23C437E7A91}\VersionIndependentProgID]
""="GambaliLib.DataTable"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4393B79-87D8-417F-918E-367CE539991D}\ProgID]
""="GambaliLib.DataTableHolder.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A76E7BCA-6FA0-4810-BF18-B88B25BE0799}\LocalServer32]
""=""C:\ProgramData\FlashBeat\Gambali.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A76E7BCA-6FA0-4810-BF18-B88B25BE0799}\VersionIndependentProgID]
""="GambaliLib.DataTableFields"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF5FA8BB-0A0A-4D8D-9D00-C690E9B8DC31}\ProgID]
""="GambaliLib.DataController.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF3D3318-3261-455C-A023-AC0376157847}\LocalServer32]
""=""C:\ProgramData\FlashBeat\Gambali.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF3D3318-3261-455C-A023-AC0376157847}\VersionIndependentProgID]
""="GambaliLib.WFPController"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\Gambali.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{A0E3F63A-048B-4634-BB56-18122A316CE4}]
"LocalService"="Gambali"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CD6F4F21-2287-4B46-82E5-530F4739C2B7}\1.0\0\win32]
""="C:\ProgramData\FlashBeat\Gambali.tlb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{11E39DD2-DE99-4660-850A-01EBDD39CD9B}\LocalServer32]
""=""C:\ProgramData\FlashBeat\Gambali.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{11E39DD2-DE99-4660-850A-01EBDD39CD9B}\VersionIndependentProgID]
""="GambaliLib.DataContainer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7C2A47DA-9452-435F-A8AB-9A3784434730}\LocalServer32]
""=""C:\ProgramData\FlashBeat\Gambali.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7C2A47DA-9452-435F-A8AB-9A3784434730}\VersionIndependentProgID]
""="GambaliLib.ReadOnlyManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{8571AE44-354D-4446-86A2-B59B7BF672FD}\ProgID]
""="GambaliLib.LSPLogic.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{85DD4B1A-8FCF-4B5C-B6BC-D23C437E7A91}\LocalServer32]
""=""C:\ProgramData\FlashBeat\Gambali.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{85DD4B1A-8FCF-4B5C-B6BC-D23C437E7A91}\VersionIndependentProgID]
""="GambaliLib.DataTable"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A4393B79-87D8-417F-918E-367CE539991D}\ProgID]
""="GambaliLib.DataTableHolder.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A76E7BCA-6FA0-4810-BF18-B88B25BE0799}\LocalServer32]
""=""C:\ProgramData\FlashBeat\Gambali.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A76E7BCA-6FA0-4810-BF18-B88B25BE0799}\VersionIndependentProgID]
""="GambaliLib.DataTableFields"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF5FA8BB-0A0A-4D8D-9D00-C690E9B8DC31}\ProgID]
""="GambaliLib.DataController.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{EF3D3318-3261-455C-A023-AC0376157847}\LocalServer32]
""=""C:\ProgramData\FlashBeat\Gambali.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{EF3D3318-3261-455C-A023-AC0376157847}\VersionIndependentProgID]
""="GambaliLib.WFPController"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\Gambali.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{A0E3F63A-048B-4634-BB56-18122A316CE4}]
"LocalService"="Gambali"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CD6F4F21-2287-4B46-82E5-530F4739C2B7}\1.0\0\win32]
""="C:\ProgramData\FlashBeat\Gambali.tlb"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Gambali]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AppId_Catalog\0C103458]
"AppFullPath"="C:\ProgramData\FlashBeat\Gambali.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\AppId_Catalog\0C103458]
"AppFullPath"="C:\ProgramData\FlashBeat\Gambali.exe"


===================== Search result for "crossbrowse" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Crossbrowse]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Crossbrowse\.exe\shell\opennewwindow\command]
""=""C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" -- %*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}\LocalServer32]
""=""C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\delegate_execute.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"Crossbrowse"="Software\Clients\StartMenuInternet\Crossbrowse\Capabilities"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components]
""="Crossbrowse"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components]
"Localized Name"="Crossbrowse"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}\LocalServer32]
""=""C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\delegate_execute.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications]
"Crossbrowse"="Software\Clients\StartMenuInternet\Crossbrowse\Capabilities"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{957E4CCD-1C26-41C1-849C-6061275E07DE}"="v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe|Name=Crossbrowse (mDNS-In)|Desc=Inbound rule for Crossbrowse to allow mDNS traffic.|EmbedCtxt=Crossbrowse|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{957E4CCD-1C26-41C1-849C-6061275E07DE}"="v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe|Name=Crossbrowse (mDNS-In)|Desc=Inbound rule for Crossbrowse to allow mDNS traffic.|EmbedCtxt=Crossbrowse|"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_3D1EE8F760F37097E3AF05CAB8B9C5AC"=""C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse]

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse]
"Image"="C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\VisualElements\splash-620x300.png"

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse]

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\DefaultBrowser_NOPUBLISHERID\SplashScreen\DefaultBrowser_NOPUBLISHERID!Crossbrowse]
"Image"="C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.5.2171.95\VisualElements\splash-620x300.png"

===================== Search result for "smartweb" ==========

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliType Pro\AppSpecific\SmartWebApp.exe]

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d5b495b2_0]
""="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0892&subsys_1462522c&rev_1003#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\elineouttopo/00010001|\Device\HarddiskVolume2\Users\Max\AppData\Local\SmartWeb\SmartWebApp.exe%b{00000000-0000-0000-0000-000000000000}"

====== End Of Search ======

Thank you again,
Max
You do not have the required permissions to view the files attached to this post.
maximusdowns
Regular Member
 
Posts: 66
Joined: August 4th, 2012, 4:11 pm

Re: Malware and Pop-Ups

Unread postby Gary R » May 15th, 2015, 5:19 am

OK, lets set about round 2 of your cleanup ....

First ...

Please uninstall the following programs ...

GamesDesktop 025.493
GamesDesktop 025.585
Quick Ref 1.10.0.12
Search Protect
Google Chrome


... reboot your computer once they've been uninstalled.

If you have any problems uninstalling them, then just leave them and proceed with the instructions below. Your copy of Google Chrome has been corrupted, which is why it is included in the list. Once your computer is clean you can install a new clean copy, but in the meanwhile you'll need to use another browser.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
C:\Program Files (x86)\Crossbrowse
C:\ProgramData\FlashBeat
C:\Windows\mlah.exe
C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\jnsp89F0.tmp
C:\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\jnsiF0DB.tmp
C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\nsr4204.tmpfs
C:\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\nsaB737.tmpfs
C:\ProgramData\DQZCqeZhJD\SwdrFREjyLh.exe
C:\Users\Max\AppData\Local\ospd_us_1014\upospd_us_1014.exe
C:\Program Files (x86)\ospd_us_1014\ospd_us_1014.exe
C:\Program Files (x86)\gmsd_us_585\gmsd_us_585.exe
C:\Users\Max\AppData\Local\ospd_us_1014\upospd_us_1014.exe
C:\ProgramData\Radio\prompt.exe
C:\ProgramData\Radio\prompt.exe
C:\ProgramData\NetEngine\bin\D10\netengine.exe
C:\ProgramData\NetEngine\bin\D10\netengine.exe
C:\Users\Max\AppData\Local\ospd_us_1014\Download\majmp_gentleeeuu.exe
C:\Users\Max\AppData\Local\Temp\is-OH48E.tmp\majmp_gentleeeuu.tmp
C:\Users\Max\AppData\Local\Temp\is-RJEP8.tmp\gentlemjmp_ieeuu.exe
C:\Users\Max\AppData\Local\Temp\is-4R4N9.tmp\gentlemjmp_ieeuu.tmp
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\wrex.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe
HKLM-x32\...\Run: [ospd_us_1014] => C:\Program Files (x86)\ospd_us_1014\ospd_us_1014.exe [3981256 2015-04-10] ()
HKLM-x32\...\Run: [gmsd_us_458] => [X]
HKLM-x32\...\Run: [gmsd_us_585] => C:\Program Files (x86)\gmsd_us_585\gmsd_us_585.exe [3981768 2015-05-14] ()
HKLM-x32\...\RunOnce: [upospd_us_1014.exe] => C:\Users\Max\AppData\Local\ospd_us_1014\upospd_us_1014.exe [3308488 2015-04-10] ()
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\Run: [SwvUpdtr] => C:\Users\Max\AppData\Local\30034\Updater.exe [1248256 2015-04-16] ()
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\Run: [GoogleChromeAutoLaunch_3D1EE8F760F37097E3AF05CAB8B9C5AC] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [263952 2015-04-28] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-04-28] (Client Connect LTD)
AppInit_DLLs-x32:  C:/PROGRA~3/{3807D~1/193~1.1/mite.dll => C:\ProgramData\{3807D0C4-6885-0142-D903-71C00981A24E}\1.9.3.1\mite.dll [1010688 2015-04-27] ()
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-27]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{578b7a49-b228-dc64-578b-b7a49b22e926}\hqghumeaylnlf.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MFB31EA79-17E6-42ED-8BD4-7D6073084D28&SearchSource=55&CUI=&UM=8&UP=SP02A59E60-ED69-4A65-8AD1-6381790FDA38&D=041715&SSPV=SP22230TA_sp_ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3369700690-3850376273-3648611264-1001 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MFB31EA79-17E6-42ED-8BD4-7D6073084D28&SearchSource=58&CUI=&UM=8&UP=SP02A59E60-ED69-4A65-8AD1-6381790FDA38&q={searchTerms}&D=041715&SSPV=SP22230TA_sp_ie
SearchScopes: HKU\S-1-5-21-3369700690-3850376273-3648611264-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MFB31EA79-17E6-42ED-8BD4-7D6073084D28&SearchSource=58&CUI=&UM=8&UP=SP02A59E60-ED69-4A65-8AD1-6381790FDA38&q={searchTerms}&D=041715&SSPV=SP22230TA_sp_ie
FF DefaultSearchEngine: Trovi
FF SelectedSearchEngine: Trovi
FF Keyword.URL: hxxp://www-searching.com/search.aspx?s=F4Hzamodk010924,4e6875f1-980b-403e-b4c6-f76425c5eb83,&q=
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MFB31EA79-17E6-42ED-8BD4-7D6073084D28&SearchSource=69&CUI=&SSPV=SP22230TA_sp_ff&Lay=1&UM=8&UP=SP02A59E60-ED69-4A65-8AD1-6381790FDA38&D=041715
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\searchplugins\trovi.xml [2015-05-14]
R2 lah; c:\windows\lah.exe [417792 2015-04-27] () [File not signed]
c:\windows\lah.exe
R2 mlah; c:\windows\mlah.exe [408576 2015-04-27] () [File not signed]
c:\windows\mlah.exe
R2 musyriki; C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\jnsp89F0.tmp [108544 2015-04-27] () [File not signed]
R2 poxuwyvy; C:\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\jnsiF0DB.tmp [117248 2015-04-16] () [File not signed]
C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3
R2 SwdrFREjyLh; C:\ProgramData\DQZCqeZhJD\SwdrFREjyLh.exe [2731488 2015-04-27] (Useful Technology)
C:\ProgramData\DQZCqeZhJD
S2 insvc_1.10.0.14; "C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe" [X]
C:\Program Files (x86)\Infonaut_1.10.0.14
R2 qofemujy; C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\nsr4204.tmpfs [X]
C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3
S2 qrsvc_1.10.0.12; "C:\Program Files (x86)\QuickRef_1.10.0.12\Service\qrsvc.exe" [X]
C:\Program Files (x86)\QuickRef_1.10.0.12
S2 SMUpdPlus; C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe /service [X]
C:\Program Files\Common Files\Goobzo
R2 solomero; C:\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\nsaB737.tmpfs [X]
C:\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3
2015-05-14 19:51 - 2015-05-14 20:01 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-05-14 19:51 - 2015-05-14 19:51 - 00000000 ____D () C:\Users\Max\AppData\Local\SearchProtect
2015-05-14 19:35 - 2015-05-14 19:35 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-04-27 21:04 - 2015-05-14 19:49 - 00001016 _____ () C:\WINDOWS\Tasks\PcMb9sgy4Hax8V4w.job
2015-04-27 21:04 - 2015-04-27 21:04 - 00004020 _____ () C:\WINDOWS\System32\Tasks\PcMb9sgy4Hax8V4w
2015-04-27 20:38 - 2015-04-27 20:38 - 00000000 ____D () C:\Users\Max\Documents\Optimizer Pro
2015-04-27 20:38 - 2015-04-27 20:38 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Optimizer Pro
2015-04-27 20:32 - 2015-04-27 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-04-27 20:28 - 2015-04-27 20:28 - 00631296 _____ () C:\WINDOWS\lah.dat
2015-04-27 20:28 - 2015-04-27 20:28 - 00417792 _____ () C:\WINDOWS\lah.exe
2015-04-27 20:28 - 2015-04-27 20:28 - 00408576 _____ () C:\WINDOWS\mlah.exe
015-04-27 20:24 - 2015-05-14 19:24 - 00000784 _____ () C:\WINDOWS\Tasks\Taplika mite.job
2015-04-27 20:24 - 2015-04-27 20:24 - 00003782 _____ () C:\WINDOWS\System32\Tasks\Taplika mite
2015-04-16 21:04 - 2015-05-14 20:04 - 00000376 _____ () C:\WINDOWS\Tasks\CIMT_S-1-5-21-3369700690-3850376273-3648611264-1001.job
2015-04-16 21:04 - 2015-04-27 21:09 - 00000410 _____ () C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-3369700690-3850376273-3648611264-1001.job
2015-04-16 21:04 - 2015-04-20 21:09 - 00003382 _____ () C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-3369700690-3850376273-3648611264-1001
2015-04-16 21:04 - 2015-04-20 21:09 - 00003264 _____ () C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-3369700690-3850376273-3648611264-1001
2015-04-16 20:56 - 2015-04-16 20:56 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Pro PC Cleaner
2015-04-16 20:44 - 2015-05-14 19:49 - 00001346 _____ () C:\WINDOWS\Tasks\XBNK.job
2015-04-16 20:44 - 2015-04-16 20:44 - 01535488 _____ (Cinema PlusV16.04) C:\Users\Max\AppData\Roaming\XBNK.exe
2015-04-16 20:44 - 2015-04-16 20:44 - 00004352 _____ () C:\WINDOWS\System32\Tasks\XBNK
2015-04-16 20:43 - 2015-05-14 19:49 - 00001348 _____ () C:\WINDOWS\Tasks\LKVYT.job
2015-03-26 12:14 - 2015-03-26 12:14 - 0005542 _____ () C:\Users\Max\AppData\Roaming\LKVYT
2015-04-16 20:43 - 2015-04-16 20:43 - 1774080 _____ (Cinema PlusV16.04) C:\Users\Max\AppData\Roaming\LKVYT.exe
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Users\Max\AppData\Roaming\PcMb9sgy4Hax8V4w
2015-04-20 07:05 - 2015-04-20 07:05 - 1246720 _____ () C:\Users\Max\AppData\Roaming\PcMb9sgy4Hax8V4w.exe
2015-03-26 12:14 - 2015-03-26 12:14 - 0004185 _____ () C:\Users\Max\AppData\Roaming\XBNK
2015-04-16 20:44 - 2015-04-16 20:44 - 1535488 _____ (Cinema PlusV16.04) C:\Users\Max\AppData\Roaming\XBNK.exe
Consumer Input Update Helper (x32 Version: 1.3.25.307 - Compete Inc.) Hidden <==== ATTENTION
Task: {35DB4975-C9FE-4426-825A-478EF2510D46} - System32\Tasks\SMW_UpdateTask_Time_3134393136333034302d23787845322a5b3434322d57 => Wscript.exe //B "C:\ProgramData\SearchModulePlus\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {389410C7-397E-4EC4-9B17-E03F997868F5} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {5FF35EF8-6D15-4142-AC6D-56932ACA1076} - System32\Tasks\LKVYT => C:\Users\Max\AppData\Roaming\LKVYT.exe [2015-04-16] (Cinema PlusV16.04) <==== ATTENTION
Task: {63EF171F-C123-437E-A670-5CAE712A55B1} - System32\Tasks\CIMT_daily_S-1-5-21-3369700690-3850376273-3648611264-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {6E30FC18-F148-4813-B702-453D40D05913} - System32\Tasks\NetEngine => C:\ProgramData\NetEngine\bin\D10\netengine.exe [2015-05-14] () <==== ATTENTION
Task: {71973511-334E-4A5A-998C-3A31D522AD4E} - System32\Tasks\XBNK => C:\Users\Max\AppData\Roaming\XBNK.exe [2015-04-16] (Cinema PlusV16.04) <==== ATTENTION
Task: {A4C45A8C-EEE0-40BC-9A25-7EBD462C81DF} - System32\Tasks\avabvyxvdy => C:\Users\Max\AppData\Local\avabvyxvdy\avabvyxvdy.exe [2015-04-28] () <==== ATTENTION
Task: {C5F5F02D-7F3D-48A2-AB87-3AEF76AC1AB9} - System32\Tasks\PcMb9sgy4Hax8V4w => C:\Users\Max\AppData\Roaming\PcMb9sgy4Hax8V4w.exe [2015-04-20] () <==== ATTENTION
Task: {F9F38DA5-909A-4BA3-97D2-6DF36925CDAC} - System32\Tasks\CIMT_S-1-5-21-3369700690-3850376273-3648611264-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-3369700690-3850376273-3648611264-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-3369700690-3850376273-3648611264-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\LKVYT.job => C:\Users\Max\AppData\Roaming\LKVYT.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PcMb9sgy4Hax8V4w.job => C:\Users\Max\AppData\Roaming\PcMb9sgy4Hax8V4w.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\XBNK.job => C:\Users\Max\AppData\Roaming\XBNK.exe <==== ATTENTION
2015-05-14 19:53 - 2015-05-14 19:53 - 00708096 _____ () C:\Users\Max\AppData\Local\Temp\is-OH48E.tmp\majmp_gentleeeuu.tmp
2015-05-14 19:54 - 2015-05-14 19:54 - 00708096 _____ () C:\Users\Max\AppData\Local\Temp\is-4R4N9.tmp\gentlemjmp_ieeuu.tmp
2015-05-14 19:47 - 2015-05-14 19:47 - 00307200 _____ () C:\WINDOWS\TEMP\mrt5BA8.tmp\MMFS2.dll
2015-05-14 19:47 - 2015-05-14 19:47 - 00021504 _____ () C:\WINDOWS\TEMP\mrt5BA8.tmp\Get.mfx
2015-05-14 19:47 - 2015-05-14 19:47 - 00059392 _____ () C:\WINDOWS\TEMP\mrt5BA8.tmp\Yaso.mfx
2015-05-14 19:54 - 2014-11-13 08:16 - 00205312 _____ () C:\Users\Max\AppData\Local\Temp\is-VBC5T.tmp\itdownload.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebWatcherProxy => ""="service"
IE trusted site: HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\skillwsa.com -> hxxps://www.skillwsa.com 


[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Gambali.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A0E3F63A-048B-4634-BB56-18122A316CE4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataContainer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataContainer.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataController\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTable]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTable.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTableFields\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTableHolder]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTableHolder.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.LSPLogic\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.ReadOnlyManager]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.ReadOnlyManager.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.WFPController\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD6F4F21-2287-4B46-82E5-530F4739C2B7}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11E39DD2-DE99-4660-850A-01EBDD39CD9B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C2A47DA-9452-435F-A8AB-9A3784434730}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8571AE44-354D-4446-86A2-B59B7BF672FD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{85DD4B1A-8FCF-4B5C-B6BC-D23C437E7A91}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4393B79-87D8-417F-918E-367CE539991D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A76E7BCA-6FA0-4810-BF18-B88B25BE0799}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF5FA8BB-0A0A-4D8D-9D00-C690E9B8DC31}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF3D3318-3261-455C-A023-AC0376157847}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\Gambali.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{A0E3F63A-048B-4634-BB56-18122A316CE4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CD6F4F21-2287-4B46-82E5-530F4739C2B7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{11E39DD2-DE99-4660-850A-01EBDD39CD9B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7C2A47DA-9452-435F-A8AB-9A3784434730}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{8571AE44-354D-4446-86A2-B59B7BF672FD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{85DD4B1A-8FCF-4B5C-B6BC-D23C437E7A91}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A4393B79-87D8-417F-918E-367CE539991D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A76E7BCA-6FA0-4810-BF18-B88B25BE0799}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF5FA8BB-0A0A-4D8D-9D00-C690E9B8DC31}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{EF3D3318-3261-455C-A023-AC0376157847}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\Gambali.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{A0E3F63A-048B-4634-BB56-18122A316CE4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CD6F4F21-2287-4B46-82E5-530F4739C2B7}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Gambali]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Crossbrowse]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliType Pro\AppSpecific\SmartWebApp.exe]
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Next ...

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • Fixlog.txt
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 17th, 2015, 2:46 pm

Hi Gary,

Here is my Fixlog.txt file

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02
Ran by Max at 2015-05-16 09:22:00 Run:2
Running from C:\Users\Max\Desktop
Loaded Profiles: Max (Available profiles: Max)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\Crossbrowse
C:\ProgramData\FlashBeat
C:\Windows\mlah.exe
C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\jnsp89F0.tmp
C:\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\jnsiF0DB.tmp
C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\nsr4204.tmpfs
C:\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\nsaB737.tmpfs
C:\ProgramData\DQZCqeZhJD\SwdrFREjyLh.exe
C:\Users\Max\AppData\Local\ospd_us_1014\upospd_us_1014.exe
C:\Program Files (x86)\ospd_us_1014\ospd_us_1014.exe
C:\Program Files (x86)\gmsd_us_585\gmsd_us_585.exe
C:\Users\Max\AppData\Local\ospd_us_1014\upospd_us_1014.exe
C:\ProgramData\Radio\prompt.exe
C:\ProgramData\Radio\prompt.exe
C:\ProgramData\NetEngine\bin\D10\netengine.exe
C:\ProgramData\NetEngine\bin\D10\netengine.exe
C:\Users\Max\AppData\Local\ospd_us_1014\Download\majmp_gentleeeuu.exe
C:\Users\Max\AppData\Local\Temp\is-OH48E.tmp\majmp_gentleeeuu.tmp
C:\Users\Max\AppData\Local\Temp\is-RJEP8.tmp\gentlemjmp_ieeuu.exe
C:\Users\Max\AppData\Local\Temp\is-4R4N9.tmp\gentlemjmp_ieeuu.tmp
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\wrex.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe
HKLM-x32\...\Run: [ospd_us_1014] => C:\Program Files (x86)\ospd_us_1014\ospd_us_1014.exe [3981256 2015-04-10] ()
HKLM-x32\...\Run: [gmsd_us_458] => [X]
HKLM-x32\...\Run: [gmsd_us_585] => C:\Program Files (x86)\gmsd_us_585\gmsd_us_585.exe [3981768 2015-05-14] ()
HKLM-x32\...\RunOnce: [upospd_us_1014.exe] => C:\Users\Max\AppData\Local\ospd_us_1014\upospd_us_1014.exe [3308488 2015-04-10] ()
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\Run: [SwvUpdtr] => C:\Users\Max\AppData\Local\30034\Updater.exe [1248256 2015-04-16] ()
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\Run: [GoogleChromeAutoLaunch_3D1EE8F760F37097E3AF05CAB8B9C5AC] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [263952 2015-04-28] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-04-28] (Client Connect LTD)
AppInit_DLLs-x32: C:/PROGRA~3/{3807D~1/193~1.1/mite.dll => C:\ProgramData\{3807D0C4-6885-0142-D903-71C00981A24E}\1.9.3.1\mite.dll [1010688 2015-04-27] ()
Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-27]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{578b7a49-b228-dc64-578b-b7a49b22e926}\hqghumeaylnlf.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT333388 ... 30TA_sp_ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3369700690-3850376273-3648611264-1001 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&c ... 90FDA38&q={searchTerms}&D=041715&SSPV=SP22230TA_sp_ie
SearchScopes: HKU\S-1-5-21-3369700690-3850376273-3648611264-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&c ... 90FDA38&q={searchTerms}&D=041715&SSPV=SP22230TA_sp_ie
FF DefaultSearchEngine: Trovi
FF SelectedSearchEngine: Trovi
FF Keyword.URL: hxxp://www-searching.com/search.aspx?s= ... c5eb83,&q=
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT333388 ... 8&D=041715
FF SearchPlugin: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\searchplugins\trovi.xml [2015-05-14]
R2 lah; c:\windows\lah.exe [417792 2015-04-27] () [File not signed]
c:\windows\lah.exe
R2 mlah; c:\windows\mlah.exe [408576 2015-04-27] () [File not signed]
c:\windows\mlah.exe
R2 musyriki; C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\jnsp89F0.tmp [108544 2015-04-27] () [File not signed]
R2 poxuwyvy; C:\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\jnsiF0DB.tmp [117248 2015-04-16] () [File not signed]
C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3
R2 SwdrFREjyLh; C:\ProgramData\DQZCqeZhJD\SwdrFREjyLh.exe [2731488 2015-04-27] (Useful Technology)
C:\ProgramData\DQZCqeZhJD
S2 insvc_1.10.0.14; "C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe" [X]
C:\Program Files (x86)\Infonaut_1.10.0.14
R2 qofemujy; C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\nsr4204.tmpfs [X]
C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3
S2 qrsvc_1.10.0.12; "C:\Program Files (x86)\QuickRef_1.10.0.12\Service\qrsvc.exe" [X]
C:\Program Files (x86)\QuickRef_1.10.0.12
S2 SMUpdPlus; C:\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe /service [X]
C:\Program Files\Common Files\Goobzo
R2 solomero; C:\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\nsaB737.tmpfs [X]
C:\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3
2015-05-14 19:51 - 2015-05-14 20:01 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-05-14 19:51 - 2015-05-14 19:51 - 00000000 ____D () C:\Users\Max\AppData\Local\SearchProtect
2015-05-14 19:35 - 2015-05-14 19:35 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-04-27 21:04 - 2015-05-14 19:49 - 00001016 _____ () C:\WINDOWS\Tasks\PcMb9sgy4Hax8V4w.job
2015-04-27 21:04 - 2015-04-27 21:04 - 00004020 _____ () C:\WINDOWS\System32\Tasks\PcMb9sgy4Hax8V4w
2015-04-27 20:38 - 2015-04-27 20:38 - 00000000 ____D () C:\Users\Max\Documents\Optimizer Pro
2015-04-27 20:38 - 2015-04-27 20:38 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Optimizer Pro
2015-04-27 20:32 - 2015-04-27 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-04-27 20:28 - 2015-04-27 20:28 - 00631296 _____ () C:\WINDOWS\lah.dat
2015-04-27 20:28 - 2015-04-27 20:28 - 00417792 _____ () C:\WINDOWS\lah.exe
2015-04-27 20:28 - 2015-04-27 20:28 - 00408576 _____ () C:\WINDOWS\mlah.exe
015-04-27 20:24 - 2015-05-14 19:24 - 00000784 _____ () C:\WINDOWS\Tasks\Taplika mite.job
2015-04-27 20:24 - 2015-04-27 20:24 - 00003782 _____ () C:\WINDOWS\System32\Tasks\Taplika mite
2015-04-16 21:04 - 2015-05-14 20:04 - 00000376 _____ () C:\WINDOWS\Tasks\CIMT_S-1-5-21-3369700690-3850376273-3648611264-1001.job
2015-04-16 21:04 - 2015-04-27 21:09 - 00000410 _____ () C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-3369700690-3850376273-3648611264-1001.job
2015-04-16 21:04 - 2015-04-20 21:09 - 00003382 _____ () C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-3369700690-3850376273-3648611264-1001
2015-04-16 21:04 - 2015-04-20 21:09 - 00003264 _____ () C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-3369700690-3850376273-3648611264-1001
2015-04-16 20:56 - 2015-04-16 20:56 - 00000000 ____D () C:\Users\Max\AppData\Roaming\Pro PC Cleaner
2015-04-16 20:44 - 2015-05-14 19:49 - 00001346 _____ () C:\WINDOWS\Tasks\XBNK.job
2015-04-16 20:44 - 2015-04-16 20:44 - 01535488 _____ (Cinema PlusV16.04) C:\Users\Max\AppData\Roaming\XBNK.exe
2015-04-16 20:44 - 2015-04-16 20:44 - 00004352 _____ () C:\WINDOWS\System32\Tasks\XBNK
2015-04-16 20:43 - 2015-05-14 19:49 - 00001348 _____ () C:\WINDOWS\Tasks\LKVYT.job
2015-03-26 12:14 - 2015-03-26 12:14 - 0005542 _____ () C:\Users\Max\AppData\Roaming\LKVYT
2015-04-16 20:43 - 2015-04-16 20:43 - 1774080 _____ (Cinema PlusV16.04) C:\Users\Max\AppData\Roaming\LKVYT.exe
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Users\Max\AppData\Roaming\PcMb9sgy4Hax8V4w
2015-04-20 07:05 - 2015-04-20 07:05 - 1246720 _____ () C:\Users\Max\AppData\Roaming\PcMb9sgy4Hax8V4w.exe
2015-03-26 12:14 - 2015-03-26 12:14 - 0004185 _____ () C:\Users\Max\AppData\Roaming\XBNK
2015-04-16 20:44 - 2015-04-16 20:44 - 1535488 _____ (Cinema PlusV16.04) C:\Users\Max\AppData\Roaming\XBNK.exe
Consumer Input Update Helper (x32 Version: 1.3.25.307 - Compete Inc.) Hidden <==== ATTENTION
Task: {35DB4975-C9FE-4426-825A-478EF2510D46} - System32\Tasks\SMW_UpdateTask_Time_3134393136333034302d23787845322a5b3434322d57 => Wscript.exe //B "C:\ProgramData\SearchModulePlus\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {389410C7-397E-4EC4-9B17-E03F997868F5} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {5FF35EF8-6D15-4142-AC6D-56932ACA1076} - System32\Tasks\LKVYT => C:\Users\Max\AppData\Roaming\LKVYT.exe [2015-04-16] (Cinema PlusV16.04) <==== ATTENTION
Task: {63EF171F-C123-437E-A670-5CAE712A55B1} - System32\Tasks\CIMT_daily_S-1-5-21-3369700690-3850376273-3648611264-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {6E30FC18-F148-4813-B702-453D40D05913} - System32\Tasks\NetEngine => C:\ProgramData\NetEngine\bin\D10\netengine.exe [2015-05-14] () <==== ATTENTION
Task: {71973511-334E-4A5A-998C-3A31D522AD4E} - System32\Tasks\XBNK => C:\Users\Max\AppData\Roaming\XBNK.exe [2015-04-16] (Cinema PlusV16.04) <==== ATTENTION
Task: {A4C45A8C-EEE0-40BC-9A25-7EBD462C81DF} - System32\Tasks\avabvyxvdy => C:\Users\Max\AppData\Local\avabvyxvdy\avabvyxvdy.exe [2015-04-28] () <==== ATTENTION
Task: {C5F5F02D-7F3D-48A2-AB87-3AEF76AC1AB9} - System32\Tasks\PcMb9sgy4Hax8V4w => C:\Users\Max\AppData\Roaming\PcMb9sgy4Hax8V4w.exe [2015-04-20] () <==== ATTENTION
Task: {F9F38DA5-909A-4BA3-97D2-6DF36925CDAC} - System32\Tasks\CIMT_S-1-5-21-3369700690-3850376273-3648611264-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-3369700690-3850376273-3648611264-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-3369700690-3850376273-3648611264-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\LKVYT.job => C:\Users\Max\AppData\Roaming\LKVYT.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PcMb9sgy4Hax8V4w.job => C:\Users\Max\AppData\Roaming\PcMb9sgy4Hax8V4w.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\XBNK.job => C:\Users\Max\AppData\Roaming\XBNK.exe <==== ATTENTION
2015-05-14 19:53 - 2015-05-14 19:53 - 00708096 _____ () C:\Users\Max\AppData\Local\Temp\is-OH48E.tmp\majmp_gentleeeuu.tmp
2015-05-14 19:54 - 2015-05-14 19:54 - 00708096 _____ () C:\Users\Max\AppData\Local\Temp\is-4R4N9.tmp\gentlemjmp_ieeuu.tmp
2015-05-14 19:47 - 2015-05-14 19:47 - 00307200 _____ () C:\WINDOWS\TEMP\mrt5BA8.tmp\MMFS2.dll
2015-05-14 19:47 - 2015-05-14 19:47 - 00021504 _____ () C:\WINDOWS\TEMP\mrt5BA8.tmp\Get.mfx
2015-05-14 19:47 - 2015-05-14 19:47 - 00059392 _____ () C:\WINDOWS\TEMP\mrt5BA8.tmp\Yaso.mfx
2015-05-14 19:54 - 2014-11-13 08:16 - 00205312 _____ () C:\Users\Max\AppData\Local\Temp\is-VBC5T.tmp\itdownload.dll
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebWatcherProxy => ""="service"
IE trusted site: HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\...\skillwsa.com -> hxxps://www.skillwsa.com


[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Gambali.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A0E3F63A-048B-4634-BB56-18122A316CE4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataContainer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataContainer.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataController\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTable]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTable.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTableFields\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTableHolder]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTableHolder.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.LSPLogic\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.ReadOnlyManager]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.ReadOnlyManager.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.WFPController\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD6F4F21-2287-4B46-82E5-530F4739C2B7}\1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11E39DD2-DE99-4660-850A-01EBDD39CD9B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C2A47DA-9452-435F-A8AB-9A3784434730}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8571AE44-354D-4446-86A2-B59B7BF672FD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{85DD4B1A-8FCF-4B5C-B6BC-D23C437E7A91}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4393B79-87D8-417F-918E-367CE539991D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A76E7BCA-6FA0-4810-BF18-B88B25BE0799}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF5FA8BB-0A0A-4D8D-9D00-C690E9B8DC31}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF3D3318-3261-455C-A023-AC0376157847}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\Gambali.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{A0E3F63A-048B-4634-BB56-18122A316CE4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CD6F4F21-2287-4B46-82E5-530F4739C2B7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{11E39DD2-DE99-4660-850A-01EBDD39CD9B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7C2A47DA-9452-435F-A8AB-9A3784434730}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{8571AE44-354D-4446-86A2-B59B7BF672FD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{85DD4B1A-8FCF-4B5C-B6BC-D23C437E7A91}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A4393B79-87D8-417F-918E-367CE539991D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A76E7BCA-6FA0-4810-BF18-B88B25BE0799}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF5FA8BB-0A0A-4D8D-9D00-C690E9B8DC31}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{EF3D3318-3261-455C-A023-AC0376157847}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\Gambali.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{A0E3F63A-048B-4634-BB56-18122A316CE4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CD6F4F21-2287-4B46-82E5-530F4739C2B7}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Gambali]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Crossbrowse]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}]
[-HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliType Pro\AppSpecific\SmartWebApp.exe]
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns

*****************

"C:\Program Files (x86)\Crossbrowse" => File/Directory not found.
"C:\ProgramData\FlashBeat" => File/Directory not found.
C:\Windows\mlah.exe => Moved successfully.
C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\jnsp89F0.tmp => Moved successfully.
C:\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\jnsiF0DB.tmp => Moved successfully.
C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\nsr4204.tmpfs => Moved successfully.
C:\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\nsaB737.tmpfs => Moved successfully.
C:\ProgramData\DQZCqeZhJD\SwdrFREjyLh.exe => Moved successfully.
C:\Users\Max\AppData\Local\ospd_us_1014\upospd_us_1014.exe => Moved successfully.
C:\Program Files (x86)\ospd_us_1014\ospd_us_1014.exe => Moved successfully.
C:\Program Files (x86)\gmsd_us_585\gmsd_us_585.exe => Moved successfully.
"C:\Users\Max\AppData\Local\ospd_us_1014\upospd_us_1014.exe" => File/Directory not found.
C:\ProgramData\Radio\prompt.exe => Moved successfully.
"C:\ProgramData\Radio\prompt.exe" => File/Directory not found.
C:\ProgramData\NetEngine\bin\D10\netengine.exe => Moved successfully.
"C:\ProgramData\NetEngine\bin\D10\netengine.exe" => File/Directory not found.
C:\Users\Max\AppData\Local\ospd_us_1014\Download\majmp_gentleeeuu.exe => Moved successfully.
C:\Users\Max\AppData\Local\Temp\is-OH48E.tmp\majmp_gentleeeuu.tmp => Moved successfully.
C:\Users\Max\AppData\Local\Temp\is-RJEP8.tmp\gentlemjmp_ieeuu.exe => Moved successfully.
C:\Users\Max\AppData\Local\Temp\is-4R4N9.tmp\gentlemjmp_ieeuu.tmp => Moved successfully.
Could not move "C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe" => Scheduled to move on reboot.
Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\3D BubbleSound => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\shopperz => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\shopperz64 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_1014 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_458 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_585 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upospd_us_1014.exe => value deleted successfully.
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SwvUpdtr => value deleted successfully.
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_3D1EE8F760F37097E3AF05CAB8B9C5AC => value deleted successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value Data not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" => Value Data removed successfully.
" C:/PROGRA~3/{3807D~1/193~1.1/mite.dll" => Value Data removed successfully.
C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk => Moved successfully.
C:\ProgramData\{578b7a49-b228-dc64-578b-b7a49b22e926}\hqghumeaylnlf.exe not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
Firefox newtab deleted successfully.
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\searchplugins\trovi.xml => Moved successfully.
lah => Unable to stop service
lah => Service deleted successfully.
c:\windows\lah.exe => Moved successfully.
mlah => Unable to stop service
mlah => Service deleted successfully.
"c:\windows\mlah.exe" => File/Directory not found.
musyriki => Unable to stop service
musyriki => Service deleted successfully.
poxuwyvy => Unable to stop service
poxuwyvy => Service deleted successfully.
C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3 => Moved successfully.
SwdrFREjyLh => Unable to stop service
SwdrFREjyLh => Service deleted successfully.

"C:\ProgramData\DQZCqeZhJD" directory move:

Could not move "C:\ProgramData\DQZCqeZhJD" directory. => Scheduled to move on reboot.

insvc_1.10.0.14 => Service deleted successfully.
"C:\Program Files (x86)\Infonaut_1.10.0.14" => File/Directory not found.
qofemujy => Unable to stop service
qofemujy => Service deleted successfully.
"C:\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3" => File/Directory not found.
qrsvc_1.10.0.12 => Service deleted successfully.
"C:\Program Files (x86)\QuickRef_1.10.0.12" => File/Directory not found.
SMUpdPlus => Service deleted successfully.
C:\Program Files\Common Files\Goobzo => Moved successfully.
solomero => Unable to stop service
solomero => Service deleted successfully.
C:\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3 => Moved successfully.

"C:\Program Files (x86)\SearchProtect" directory move:

Could not move "C:\Program Files (x86)\SearchProtect" directory. => Scheduled to move on reboot.


"C:\Users\Max\AppData\Local\SearchProtect" directory move:

Could not move "C:\Users\Max\AppData\Local\SearchProtect" directory. => Scheduled to move on reboot.

C:\Users\Public\Documents\ShopperPro => Moved successfully.
C:\WINDOWS\Tasks\PcMb9sgy4Hax8V4w.job => Moved successfully.
C:\WINDOWS\System32\Tasks\PcMb9sgy4Hax8V4w => Moved successfully.
C:\Users\Max\Documents\Optimizer Pro => Moved successfully.
C:\Users\Max\AppData\Roaming\Optimizer Pro => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 => Moved successfully.
C:\WINDOWS\lah.dat => Moved successfully.
"C:\WINDOWS\lah.exe" => File/Directory not found.
"C:\WINDOWS\mlah.exe" => File/Directory not found.
015-04-27 20:24 - 2015-05-14 19:24 - 00000784 _____ () C:\WINDOWS\Tasks\Taplika mite.job => Error: No automatic fix found for this entry.
C:\WINDOWS\System32\Tasks\Taplika mite => Moved successfully.
C:\WINDOWS\Tasks\CIMT_S-1-5-21-3369700690-3850376273-3648611264-1001.job => Moved successfully.
C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-3369700690-3850376273-3648611264-1001.job => Moved successfully.
C:\WINDOWS\System32\Tasks\CIMT_daily_S-1-5-21-3369700690-3850376273-3648611264-1001 => Moved successfully.
C:\WINDOWS\System32\Tasks\CIMT_S-1-5-21-3369700690-3850376273-3648611264-1001 => Moved successfully.
C:\Users\Max\AppData\Roaming\Pro PC Cleaner => Moved successfully.
C:\WINDOWS\Tasks\XBNK.job => Moved successfully.
C:\Users\Max\AppData\Roaming\XBNK.exe => Moved successfully.
C:\WINDOWS\System32\Tasks\XBNK => Moved successfully.
C:\WINDOWS\Tasks\LKVYT.job => Moved successfully.
C:\Users\Max\AppData\Roaming\LKVYT => Moved successfully.
C:\Users\Max\AppData\Roaming\LKVYT.exe => Moved successfully.
C:\Users\Max\AppData\Roaming\PcMb9sgy4Hax8V4w => Moved successfully.
C:\Users\Max\AppData\Roaming\PcMb9sgy4Hax8V4w.exe => Moved successfully.
C:\Users\Max\AppData\Roaming\XBNK => Moved successfully.
"C:\Users\Max\AppData\Roaming\XBNK.exe" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35DB4975-C9FE-4426-825A-478EF2510D46} => Key not found.
C:\Windows\System32\Tasks\SMW_UpdateTask_Time_3134393136333034302d23787845322a5b3434322d57 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_3134393136333034302d23787845322a5b3434322d57" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{389410C7-397E-4EC4-9B17-E03F997868F5} => Key not found.
C:\Windows\System32\Tasks\SMWUpd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5FF35EF8-6D15-4142-AC6D-56932ACA1076}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FF35EF8-6D15-4142-AC6D-56932ACA1076}" => Key deleted successfully.
C:\Windows\System32\Tasks\LKVYT => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LKVYT" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63EF171F-C123-437E-A670-5CAE712A55B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63EF171F-C123-437E-A670-5CAE712A55B1}" => Key deleted successfully.
C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-3369700690-3850376273-3648611264-1001 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-3369700690-3850376273-3648611264-1001" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6E30FC18-F148-4813-B702-453D40D05913}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E30FC18-F148-4813-B702-453D40D05913}" => Key deleted successfully.
C:\Windows\System32\Tasks\NetEngine => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NetEngine" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{71973511-334E-4A5A-998C-3A31D522AD4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71973511-334E-4A5A-998C-3A31D522AD4E}" => Key deleted successfully.
C:\Windows\System32\Tasks\XBNK not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\XBNK" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4C45A8C-EEE0-40BC-9A25-7EBD462C81DF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4C45A8C-EEE0-40BC-9A25-7EBD462C81DF}" => Key deleted successfully.
C:\Windows\System32\Tasks\avabvyxvdy => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvyxvdy" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5F5F02D-7F3D-48A2-AB87-3AEF76AC1AB9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5F5F02D-7F3D-48A2-AB87-3AEF76AC1AB9}" => Key deleted successfully.
C:\Windows\System32\Tasks\PcMb9sgy4Hax8V4w not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PcMb9sgy4Hax8V4w" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9F38DA5-909A-4BA3-97D2-6DF36925CDAC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9F38DA5-909A-4BA3-97D2-6DF36925CDAC}" => Key deleted successfully.
C:\Windows\System32\Tasks\CIMT_S-1-5-21-3369700690-3850376273-3648611264-1001 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-3369700690-3850376273-3648611264-1001" => Key deleted successfully.
C:\WINDOWS\Tasks\CIMT_daily_S-1-5-21-3369700690-3850376273-3648611264-1001.job not found.
C:\WINDOWS\Tasks\CIMT_S-1-5-21-3369700690-3850376273-3648611264-1001.job not found.
C:\WINDOWS\Tasks\LKVYT.job not found.
C:\WINDOWS\Tasks\PcMb9sgy4Hax8V4w.job not found.
C:\WINDOWS\Tasks\XBNK.job not found.
"C:\Users\Max\AppData\Local\Temp\is-OH48E.tmp\majmp_gentleeeuu.tmp" => File/Directory not found.
"C:\Users\Max\AppData\Local\Temp\is-4R4N9.tmp\gentlemjmp_ieeuu.tmp" => File/Directory not found.
C:\WINDOWS\TEMP\mrt5BA8.tmp\MMFS2.dll => Moved successfully.
C:\WINDOWS\TEMP\mrt5BA8.tmp\Get.mfx => Moved successfully.
C:\WINDOWS\TEMP\mrt5BA8.tmp\Yaso.mfx => Moved successfully.
C:\Users\Max\AppData\Local\Temp\is-VBC5T.tmp\itdownload.dll => Moved successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Gambali" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WebWatcherProxy" => Key deleted successfully.
"HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skillwsa.com" => Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\Gambali.EXE => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A0E3F63A-048B-4634-BB56-18122A316CE4} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataContainer => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataContainer => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataContainer.1 => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataContainer.1 => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataController\CurVer => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTable => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTable => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTable.1 => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTable.1 => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTableFields\CurVer => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTableHolder => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTableHolder => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTableHolder.1 => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.DataTableHolder.1 => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.LSPLogic\CurVer => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.ReadOnlyManager => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.ReadOnlyManager => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.ReadOnlyManager.1 => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.ReadOnlyManager.1 => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GambaliLib.WFPController\CurVer => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD6F4F21-2287-4B46-82E5-530F4739C2B7}\1.0 => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{CD6F4F21-2287-4B46-82E5-530F4739C2B7}\1.0 => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11E39DD2-DE99-4660-850A-01EBDD39CD9B} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11E39DD2-DE99-4660-850A-01EBDD39CD9B} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C2A47DA-9452-435F-A8AB-9A3784434730} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C2A47DA-9452-435F-A8AB-9A3784434730} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8571AE44-354D-4446-86A2-B59B7BF672FD} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8571AE44-354D-4446-86A2-B59B7BF672FD} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{85DD4B1A-8FCF-4B5C-B6BC-D23C437E7A91} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{85DD4B1A-8FCF-4B5C-B6BC-D23C437E7A91} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4393B79-87D8-417F-918E-367CE539991D} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4393B79-87D8-417F-918E-367CE539991D} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A76E7BCA-6FA0-4810-BF18-B88B25BE0799} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A76E7BCA-6FA0-4810-BF18-B88B25BE0799} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF5FA8BB-0A0A-4D8D-9D00-C690E9B8DC31} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DF5FA8BB-0A0A-4D8D-9D00-C690E9B8DC31} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF3D3318-3261-455C-A023-AC0376157847} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EF3D3318-3261-455C-A023-AC0376157847} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\Gambali.EXE => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{A0E3F63A-048B-4634-BB56-18122A316CE4} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{CD6F4F21-2287-4B46-82E5-530F4739C2B7} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{11E39DD2-DE99-4660-850A-01EBDD39CD9B} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7C2A47DA-9452-435F-A8AB-9A3784434730} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{8571AE44-354D-4446-86A2-B59B7BF672FD} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{85DD4B1A-8FCF-4B5C-B6BC-D23C437E7A91} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A4393B79-87D8-417F-918E-367CE539991D} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{A76E7BCA-6FA0-4810-BF18-B88B25BE0799} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DF5FA8BB-0A0A-4D8D-9D00-C690E9B8DC31} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{EF3D3318-3261-455C-A023-AC0376157847} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\Gambali.EXE => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{A0E3F63A-048B-4634-BB56-18122A316CE4} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{CD6F4F21-2287-4B46-82E5-530F4739C2B7} => Key not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\Gambali => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Crossbrowse => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Crossbrowse => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E} => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E} => Key not found.
HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\IntelliType Pro\AppSpecific\SmartWebApp.exe => Key Deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 1.2 GB temporary data.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-16 09:27:41)<=

"C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe" => Could not move.
"C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe" => Could not move.
C:\ProgramData\DQZCqeZhJD => Moved successfully.
"C:\Program Files (x86)\SearchProtect" => Could not move.
"C:\Users\Max\AppData\Local\SearchProtect" => Could not move.

==== End of Fixlog 09:27:50 ====
maximusdowns
Regular Member
 
Posts: 66
Joined: August 4th, 2012, 4:11 pm

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 17th, 2015, 5:20 pm

And here is my eset.txt file

C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SBIEBrowserHelperObject.dll.vir a variant of Win32/SBWatchman.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SCHelper.exe.vir a variant of Win32/SpeedBit.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smei32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smei64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smfi32.dll.vir a variant of Win32/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smfi64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe.vir a variant of Win32/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe.vir a variant of MSIL/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smoi32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smoi64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smri32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smri64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smu.exe.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SMUninstall.exe.vir Win32/SpeedBit.B.gen potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smw.sys.vir a variant of Win32/SBWatchman.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\SBIEBrowserHelperObject.dll.vir a variant of Win32/SBWatchman.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\SCHelper.exe.vir a variant of Win32/SpeedBit.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smci32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smci64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smei32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smei64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smfi32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smfi64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smi32.exe.vir a variant of Win32/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smi64.exe.vir a variant of MSIL/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smoi32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smoi64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smri32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smri64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\SMUninstall.exe.vir Win32/SpeedBit.B.gen potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smw.sys.vir a variant of Win32/SBWatchman.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbici32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbici64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbii32.exe.vir a variant of Win32/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbii64.exe.vir a variant of MSIL/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbiu.exe.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\System\SysMenu.dll.vir a variant of Win32/SpeedBit.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\System\SysMenu64.dll.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\csrcc.exe.vir Win32/Toolbar.Perion.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\grunt.exe.vir Win32/Toolbar.Perion.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\kasumi32.dll.vir a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\kasumi64.dll.vir a variant of Win64/Toolbar.Perion.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios.dll.vir a variant of Win32/Toolbar.Perion.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios64.dll.vir a variant of Win32/Toolbar.Perion.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\liara64.dll.vir a variant of Win64/Toolbar.Perion.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\tsoni.dll.vir a variant of Win32/Toolbar.Perion.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\wrex.exe.vir Win32/Toolbar.Perion.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Firefox\chrome\content\main.js.vir Win32/Toolbar.Perion.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-10.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-4.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV27.04\UninstallBrw.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV27.04\utils.exe.vir a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\1.3.25.307\goopdate.dll.vir a variant of Win32/Compete.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\1.3.25.307\psmachine.dll.vir a variant of Win32/Compete.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\1.3.25.307\psuser.dll.vir a variant of Win32/Compete.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe.vir a variant of Win32/Toolbar.CrossRider.CL potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ge-Force\fce0a815-cb33-4000-bd2c-72657c2b87bf-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ge-Force\fce0a815-cb33-4000-bd2c-72657c2b87bf-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ge-Force\fce0a815-cb33-4000-bd2c-72657c2b87bf-10.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ge-Force\fce0a815-cb33-4000-bd2c-72657c2b87bf-4.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ge-Force\utils.exe.vir a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe.vir Win32/AlteredSoftware.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe.vir Win32/AlteredSoftware.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_493\gamesdesktop_widget.exe.vir a variant of Win32/AdWare.EoRezo.AU application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_493\gmsd_us_493.exe.vir a variant of Win32/AdWare.EoRezo.AU application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\GUPlayer\GUPlayerUninstaller.exe.vir a variant of Win32/TrojanDropper.Addrop.F trojan
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe.vir a variant of Win32/Adware.Vitruvian.F application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-10.exe.vir a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-4.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Lights Cinema 1.3betaV16.04\UninstallBrw.exe.vir a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Lights Cinema 1.3betaV16.04\utils.exe.vir a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\OLBPre\OLBPre.exe.vir a variant of Win32/MyPCBackup.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptimizerPro.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProGuard.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AD application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProHelper.dll.vir a variant of Win32/OptimizerPro.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProLauncher.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AC application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProMon.dll.vir a variant of Win32/SProtector.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProReminder.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AE application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProSchedule.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProStart.exe.vir Win32/Adware.SpeedingUpMyPC.AG application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProUninstaller.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\Uninstall_OptimizerPro.exe.vir a variant of Win32/TrojanDropper.Addrop.F trojan
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Priceless\3xUDSndwRGusAY.exe.vir a variant of Win32/Adware.MultiPlug.JY application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\QuickRef_1.10.0.12\Service\qrsvc.exe.vir a variant of Win32/Adware.Vitruvian.F application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SafeGuard\SafeGuardApp.exe.vir a variant of Win32/Verti.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\manifest.json.vir JS/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.dll.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro64.dll.vir a variant of Win64/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\SPRemove.exe.vir Win32/SpeedBit.B.gen potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\FireFox\content\overlay.js.vir JS/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\jsdrv.exe.vir a variant of Win32/ShopperPro.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1831\jsdrv.exe.vir a variant of Win32/ShopperPro.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\supporter\Supporter.dll.vir a variant of Win32/SProtector.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\version42BlockAndSurf\192.dll.vir a variant of Win32/Adware.AddLyrics.EB application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\version42BlockAndSurf\192_x64.dll.vir a variant of Win64/Adware.AddLyrics.I application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\version42BlockAndSurf\BlockAndSurf.exe.vir a variant of Win32/Adware.AddLyrics.EG application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\version42BlockAndSurf\J4BlockAndSurfJ52.exe.vir a variant of Win32/Adware.AddLyrics.EE application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\version42BlockAndSurf\Uninstall.exe.vir a variant of Win32/Adware.AddLyrics.EB application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\version42BlockAndSurf\x64\HqS15L26Z.exe.vir a variant of Win64/Adware.AddLyrics.H application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\version42BlockAndSurf\x64\webTinstMKTN84.sys.vir Win64/Adware.AddLyrics.K application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WSE_Taplika\uninstall.exe.vir a variant of Win32/InstallCore.YX potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\youtubeadblocker\G1yxCC87xZQrQG.exe.vir a variant of Win32/Adware.MultiPlug.JY application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelper.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe.vir a variant of Win32/SBWatchman.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\converter.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadAPI.dll.vir a variant of Win32/SpeedBit.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadHelper.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDownloader.exe.vir a variant of Win32/SBWatchman.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDUninstall.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir a variant of MSIL/Adware.PullUpdate.L.gen application
C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\FlashBeat.exe.vir a variant of Win32/Adware.PicColor.X application
C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\Gambali.dll.vir a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\Gambali.exe.vir a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\GambaliCrt.dll.vir a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\RgsBTMedia.exe.vir a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\radio\prompt.exe.vir a variant of MSIL/Adware.PullUpdate.L.gen application
C:\AdwCleaner\Quarantine\C\ProgramData\ShopperPro\ShopperPro.dll.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\ShopperPro\ShopperPro64.dll.vir a variant of Win64/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\{578b7a49-b228-dc64-578b-b7a49b22e926}\hqghumeaylnlf.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AA application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\00000000-1429221433-0000-0000-6C626DB6DAC3\inst76EA.tmp.vir a variant of Win32/Adware.ConvertAd.HK application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\00000000-1429221433-0000-0000-6C626DB6DAC3\jnss7479.exe.vir a variant of Win32/Adware.ConvertAd.GT application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\00000000-1429221433-0000-0000-6C626DB6DAC3\rnst76EB.exe.vir Win32/Adware.ConvertAd.HW application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\gmsd_us_493\upgmsd_us_493.exe.vir a variant of Win32/Adware.EoRezo.AJ application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\SmartWeb\SmartWebApp.exe.vir a variant of Win32/PriceGong.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\SmartWeb\SmartWebHelper.exe.vir a variant of Win32/PriceGong.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\SmartWeb\swhk.dll.vir a variant of Win32/PriceGong.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\SmartWeb\__u.exe.vir a variant of Win32/PriceGong.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Roaming\ASPackage\ASPackage.exe.vir a variant of Win32/Adware.ConvertAd.KZ.gen application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\973ba634716b4639a1c150b40c@5afc24a09e55466bb60878000.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\veggy@veggyAddon.com\chrome\content\main.js.vir JS/Kryptik.I trojan
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\overlay.js.vir JS/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat.vir VBS/Kryptik.DY trojan
C:\AdwCleaner\Quarantine\C\WINDOWS\apppatch\apppatch64\vcldr64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\WINDOWS\apppatch\nbin\VC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\cherimoya.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\innfd_1_10_0_14.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\qrnfd_1_10_0_12.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\webTinstMKTN84.sys.vir Win64/Adware.AddLyrics.K application
C:\AdwCleaner\Quarantine\C\WINDOWS\SysWOW64\Gambali.dll.vir a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\WINDOWS\SysWOW64\WebWatcherLSP.dll.vir a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\AI_RecycleBin\{C5F607E6-9A81-4E5E-9AB3-0F9F27C78303}\3\Strongvault\StrongVaultApp.exe MSIL/Adware.StrongVault.A application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SBIEBrowserHelperObject.dll a variant of Win32/SBWatchman.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SCHelper.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci32.dll a variant of Win32/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci64.dll a variant of Win64/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe a variant of Win32/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe a variant of MSIL/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smu.exe a variant of Win64/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SMUninstall.exe Win32/SpeedBit.B.gen potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\Updater.exe a variant of Win32/ShopperPro.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\gmsd_us_585\gmsd_us_585.exe.xBAD a variant of Win32/AdWare.EoRezo.AU application
C:\FRST\Quarantine\C\Program Files (x86)\ospd_us_1014\ospd_us_1014.exe.xBAD a variant of Win32/AdWare.EoRezo.AU application
C:\FRST\Quarantine\C\ProgramData\DQZCqeZhJD\SwdrFREjyLh.exe.xBAD a variant of MSIL/Adware.PullUpdate.G.gen application
C:\FRST\Quarantine\C\ProgramData\DQZCqeZhJD\DQZCqeZhJD\dat\PKgqIwLNr.dll a variant of MSIL/Adware.PullUpdate.K.gen application
C:\FRST\Quarantine\C\ProgramData\DQZCqeZhJD\DQZCqeZhJD\dat\TgTQTt.exe a variant of MSIL/Adware.PullUpdate.G.gen application
C:\FRST\Quarantine\C\ProgramData\DQZCqeZhJD\DQZCqeZhJD\dat\TzpiDJ.dll a variant of MSIL/Adware.PullUpdate.K.gen application
C:\FRST\Quarantine\C\ProgramData\DQZCqeZhJD\DQZCqeZhJD\dat\XXOTpJO.exe a variant of MSIL/Adware.PullUpdate.G.gen application
C:\FRST\Quarantine\C\ProgramData\Radio\prompt.exe.xBAD a variant of MSIL/Adware.PullUpdate.L.gen application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\ospd_us_1014\upospd_us_1014.exe.xBAD a variant of Win32/Adware.EoRezo.AJ application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\ospd_us_1014\Download\majmp_gentleeeuu.exe.xBAD multiple threats
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Temp\nsp160B.exe.xBAD a variant of Win32/ClientConnect.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Temp\is-RJEP8.tmp\gentlemjmp_ieeuu.exe.xBAD multiple threats
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\LKVYT.exe.xBAD a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\PcMb9sgy4Hax8V4w.exe.xBAD a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\XBNK.exe.xBAD a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\jnsiF0DB.tmp.xBAD Win32/Adware.ConvertAd.GJ application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\nsaB737.tmpfs.xBAD Win32/Adware.ConvertAd.GU application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\00000000-1429243423-0000-0000-6C626DB6DAC3\rnseE713.exe Win32/Adware.ConvertAd.HW application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\00000000-1429243423-0000-0000-6C626DB6DAC3\vnss962E.tmp a variant of Win32/Adware.ConvertAd.KZ.gen application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\jnsp89F0.tmp.xBAD a variant of Win32/Adware.ConvertAd.KF application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\nsr4204.tmpfs.xBAD a variant of Win32/Adware.ConvertAd.KD application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\00000000-1430191811-0000-0000-6C626DB6DAC3\rnsj6D0E.exe a variant of Win32/Adware.ConvertAd.KJ application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\00000000-1430191811-0000-0000-6C626DB6DAC3\vnsh1D9F.tmp a variant of Win32/Adware.ConvertAd.KZ.gen application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF13.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF14.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF15.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF16.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF17.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF18.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF19.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF2.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF20.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF21.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF22.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF23.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF24.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF25.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF26.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF27.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF28.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF6.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF8.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF9.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Windows\lah.exe.xBAD a variant of Win32/TrojanDownloader.Adcurl.A trojan
C:\Program Files\Common Files\ShopperPro\spbici32.dll a variant of Win32/SBWatchman.H potentially unwanted application
C:\Program Files\Common Files\ShopperPro\spbici64.dll a variant of Win64/SBWatchman.A potentially unwanted application
C:\Program Files\Common Files\ShopperPro\spbii32.exe a variant of Win32/SBWatchman.A potentially unwanted application
C:\Program Files\Common Files\ShopperPro\spbii64.exe a variant of MSIL/SBWatchman.A potentially unwanted application
C:\Program Files\Common Files\ShopperPro\spbiu.exe a variant of Win64/SBWatchman.A potentially unwanted application
C:\Program Files\Common Files\System\SysMenu.dll a variant of Win32/SpeedBit.F potentially unwanted application
C:\Program Files\Common Files\System\SysMenu64.dll a variant of Win32/SBWatchman.D potentially unwanted application
C:\Program Files (x86)\CinemaPlus_2.0V16.05\fef6a2a9-8460-491b-90e9-cb89ec8fe404-1-6.exe a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\Program Files (x86)\CinemaPlus_2.0V16.05\fef6a2a9-8460-491b-90e9-cb89ec8fe404-1-7.exe a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\Program Files (x86)\CinemaPlus_2.0V16.05\fef6a2a9-8460-491b-90e9-cb89ec8fe404-10.exe a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application
C:\Program Files (x86)\CinemaPlus_2.0V16.05\fef6a2a9-8460-491b-90e9-cb89ec8fe404-4.exe a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\Program Files (x86)\CinemaPlus_2.0V16.05\fef6a2a9-8460-491b-90e9-cb89ec8fe404-5.exe a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\Program Files (x86)\CinemaPlus_2.0V16.05\UninstallBrw.exe a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application
C:\Program Files (x86)\CinemaPlus_2.0V16.05\utils.exe a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application
C:\Program Files (x86)\Coupoon\iiwjljrnpc64.exe a variant of Win64/Adware.Adpeak.F application
C:\Program Files (x86)\Coupoon\nfapi.dll a variant of Win64/NetFilter.A potentially unsafe application
C:\Program Files (x86)\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-6.exe a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\Program Files (x86)\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-7.exe a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\Program Files (x86)\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-10.exe a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\Program Files (x86)\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-4.exe a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\Program Files (x86)\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5.exe a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\Program Files (x86)\Ge-Force\utils.exe a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application
C:\Program Files (x86)\gmsd_us_585\gamesdesktop_widget.exe a variant of Win32/AdWare.EoRezo.AU application
C:\Program Files (x86)\gmsd_us_585\gmsd_us_585.exe a variant of Win32/AdWare.EoRezo.AU application
C:\Program Files (x86)\gmsd_us_585\predm.exe a variant of Win32/Adware.EoRezo.AZ application
C:\Program Files (x86)\Optimizer Pro 3.91\OptimizerPro.exe a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\Program Files (x86)\Optimizer Pro 3.91\OptProGuard.exe a variant of Win32/Adware.SpeedingUpMyPC.AD application
C:\Program Files (x86)\Optimizer Pro 3.91\OptProHelper.dll a variant of Win32/OptimizerPro.B potentially unwanted application
C:\Program Files (x86)\Optimizer Pro 3.91\OptProLauncher.exe a variant of Win32/Adware.SpeedingUpMyPC.AC application
C:\Program Files (x86)\Optimizer Pro 3.91\OptProMon.dll a variant of Win32/Adware.MultiPlug.IX application
C:\Program Files (x86)\Optimizer Pro 3.91\OptProReminder.exe a variant of Win32/Adware.SpeedingUpMyPC.AE application
C:\Program Files (x86)\Optimizer Pro 3.91\OptProSchedule.exe a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\Program Files (x86)\Optimizer Pro 3.91\OptProSmartScan.exe a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\Program Files (x86)\Optimizer Pro 3.91\OptProStart.exe Win32/Adware.SpeedingUpMyPC.AG application
C:\Program Files (x86)\Optimizer Pro 3.91\OptProUninstaller.exe a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\Program Files (x86)\Optimizer Pro 3.91\Uninstall_OptimizerPro.exe a variant of Win32/TrojanDropper.Addrop.F trojan
C:\Program Files (x86)\ospd_us_1014\onesoftperday_widget.exe a variant of Win32/AdWare.EoRezo.AU application
C:\Program Files (x86)\Papas Pizzeria\Papas Pizzeria.exe a variant of Win32/Adware.MultiPlug.JY application
C:\Program Files (x86)\PathMaxx\PathMaxxbho.dll a variant of Win32/BrowseFox.AE potentially unwanted application
C:\Program Files (x86)\PathMaxx\PathMaxxUninstall.exe a variant of Win32/BrowseFox.AY potentially unwanted application
C:\Program Files (x86)\PathMaxx\tmp2AD3.tmp a variant of MSIL/BrowseFox.G potentially unwanted application
C:\Program Files (x86)\PathMaxx\updatePathMaxx.exe a variant of MSIL/BrowseFox.G potentially unwanted application
C:\Program Files (x86)\PathMaxx\bin\c6c40e9adba9495abc9d.dll a variant of Win32/BrowseFox.N potentially unwanted application
C:\Program Files (x86)\PathMaxx\bin\c6c40e9adba9495abc9d28d2a9896230.dll a variant of Win32/BrowseFox.M potentially unwanted application
C:\Program Files (x86)\PathMaxx\bin\c6c40e9adba9495abc9d28d2a989623064.dll a variant of Win64/BrowseFox.CK potentially unwanted application
C:\Program Files (x86)\PathMaxx\bin\c6c40e9adba9495abc9d64.dll a variant of Win64/BrowseFox.CI potentially unwanted application
C:\Program Files (x86)\PathMaxx\bin\PathMaxx.BrowserAdapter.exe Win32/BrowseFox.AX potentially unwanted application
C:\Program Files (x86)\PathMaxx\bin\PathMaxx.BrowserAdapter64.exe Win64/BrowseFox.CP potentially unwanted application
C:\Program Files (x86)\PathMaxx\bin\PathMaxx.expext.exe a variant of Win32/BrowseFox.AA potentially unwanted application
C:\Program Files (x86)\PathMaxx\bin\PathMaxx.expextdll.dll a variant of Win64/BrowseFox.CJ potentially unwanted application
C:\Program Files (x86)\PathMaxx\bin\PathMaxx.PurBrowse64.exe a variant of Win64/BrowseFox.A potentially unwanted application
C:\Program Files (x86)\PathMaxx\bin\tmp1624.tmp a variant of MSIL/BrowseFox.G potentially unwanted application
C:\Program Files (x86)\PathMaxx\bin\utilPathMaxx.exe a variant of MSIL/BrowseFox.G potentially unwanted application
C:\Program Files (x86)\PathMaxx\bin\plugins\PathMaxx.BrowserAdapter.dll a variant of MSIL/BrowseFox.L potentially unwanted application
C:\Program Files (x86)\PathMaxx\bin\plugins\PathMaxx.CompatibilityChecker.dll a variant of MSIL/BrowseFox.N potentially unwanted application
C:\Program Files (x86)\PathMaxx\bin\plugins\PathMaxx.ExpExt.dll a variant of MSIL/BrowseFox.G potentially unwanted application
C:\Program Files (x86)\PathMaxx\bin\plugins\PathMaxx.FFUpdate.dll a variant of MSIL/BrowseFox.G potentially unwanted application
C:\Program Files (x86)\PathMaxx\bin\plugins\PathMaxx.PurBrowseG.dll a variant of MSIL/BrowseFox.H potentially unwanted application
C:\Program Files (x86)\PriceLess\Lzx2S8VM3W3fng.dll a variant of Win32/Adware.MultiPlug.KM application
C:\Program Files (x86)\PriceLess\Lzx2S8VM3W3fng.exe a variant of Win32/Adware.MultiPlug.JY application
C:\Program Files (x86)\PriceLess\Lzx2S8VM3W3fng.x64.dll a variant of Win64/Adware.MultiPlug.H application
C:\Program Files (x86)\RapidMediaConverter\RapidMediaConverterApp.exe a variant of Win32/Verti.K potentially unwanted application
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1431658887092 a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun a variant of Win32/ClientConnect.A potentially unwanted application
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll a variant of Win32/ClientConnect.A potentially unwanted application
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll a variant of Win32/ClientConnect.A potentially unwanted application
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll a variant of Win32/ClientConnect.A potentially unwanted application
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll a variant of Win32/ClientConnect.A potentially unwanted application
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\Program Files (x86)\ShopperPro\manifest.json JS/ShopperPro.A potentially unwanted application
C:\Program Files (x86)\ShopperPro\ShopperPro.dll a variant of Win32/ShopperPro.A potentially unwanted application
C:\Program Files (x86)\ShopperPro\ShopperPro.exe a variant of Win32/ShopperPro.A potentially unwanted application
C:\Program Files (x86)\ShopperPro\ShopperPro64.dll a variant of Win64/ShopperPro.A potentially unwanted application
C:\Program Files (x86)\ShopperPro\SPRemove.exe Win32/SpeedBit.B.gen potentially unwanted application
C:\Program Files (x86)\ShopperPro\Updater.exe a variant of Win32/ShopperPro.A potentially unwanted application
C:\Program Files (x86)\ShopperPro\FireFox\content\overlay.js JS/ShopperPro.A potentially unwanted application
C:\Program Files (x86)\ShopperPro\JSDriver\jsdrv.exe a variant of Win32/ShopperPro.B potentially unwanted application
C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1841\jsdrv.exe a variant of Win32/ShopperPro.B potentially unwanted application
C:\Program Files (x86)\Super Optimizer\SuperOptimizer.exe a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\Program Files (x86)\Super Optimizer\SupOptGuard.exe a variant of Win32/Adware.SpeedingUpMyPC.AD application
C:\Program Files (x86)\Super Optimizer\SupOptHelper.dll a variant of Win32/OptimizerPro.B potentially unwanted application
C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe a variant of Win32/Adware.SpeedingUpMyPC.AC application
C:\Program Files (x86)\Super Optimizer\SupOptReminder.exe a variant of Win32/Adware.SpeedingUpMyPC.AE application
C:\Program Files (x86)\Super Optimizer\SupOptSchedule.exe a variant of Win32/Adware.SpeedingUpMyPC.AL application
C:\Program Files (x86)\Super Optimizer\SupOptSmartScan.exe a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\Program Files (x86)\Super Optimizer\SupOptStart.exe a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\Program Files (x86)\Super Optimizer\SupOptStats.dll a variant of Win32/Adware.MultiPlug.IX application
C:\Program Files (x86)\Supporter\Supporter.dll a variant of Win32/SProtector.Q potentially unwanted application
C:\Program Files (x86)\SysFiles\HealthcareGovTool.exe a variant of Win32/Toolbar.Besttoolbars.I potentially unwanted application
C:\Program Files (x86)\SysFiles\WebWatcherCert.dll a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\Program Files (x86)\SysFiles\WebWatcherLSP.dll a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\Program Files (x86)\SysFiles\WebWatcherLSP.exe a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\Program Files (x86)\SysFiles\WebWatcherProxy.exe a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\Program Files (x86)\YTDownloader\BrowserHelper.exe a variant of Win32/SBWatchman.D potentially unwanted application
C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe a variant of Win32/SBWatchman.D potentially unwanted application
C:\Program Files (x86)\YTDownloader\converter.exe a variant of Win32/SBWatchman.D potentially unwanted application
C:\Program Files (x86)\YTDownloader\DownloadAPI.dll a variant of Win32/SpeedBit.F potentially unwanted application
C:\Program Files (x86)\YTDownloader\DownloadHelper.exe a variant of Win32/SBWatchman.D potentially unwanted application
C:\Program Files (x86)\YTDownloader\sbmntr.sys a variant of Win32/SBWatchman.D potentially unwanted application
C:\Program Files (x86)\YTDownloader\Updater.exe a variant of Win32/ShopperPro.A potentially unwanted application
C:\Program Files (x86)\YTDownloader\YTDownloader.exe a variant of Win32/SBWatchman.G potentially unwanted application
C:\Program Files (x86)\YTDownloader\YTDUninstall.exe a variant of Win32/SBWatchman.D potentially unwanted application
C:\ProgramData\Browser\prompt.exe a variant of MSIL/Adware.PullUpdate.L.gen application
C:\ProgramData\c1c05f7061d940b085ed209085e4a787\c1c05f7061d940b085ed209085e4a787.exe a variant of Win32/Adware.PicColor.AB application
C:\ProgramData\e29c40da53af42a3895e10c22c3d76c2\e29c40da53af42a3895e10c22c3d76c2.exe a variant of Win32/Adware.PicColor.AE application
C:\ProgramData\ShopperPro\ShopperPro.dll a variant of Win32/ShopperPro.A potentially unwanted application
C:\ProgramData\ShopperPro\ShopperPro64.dll a variant of Win64/ShopperPro.A potentially unwanted application
C:\ProgramData\{18c1d0f7-b873-4d6b-18c1-1d0f7b8743de}\hqghumeaylnlf.exe a variant of Win32/Adware.SpeedingUpMyPC.AA application
C:\ProgramData\{20563ee8-ab9c-4ef3-2056-63ee8ab9fba2}\hqghumeaylnlf.exe a variant of Win32/Adware.SpeedingUpMyPC.AA application
C:\ProgramData\{327cb5fd-4a9d-c1e5-327c-cb5fd4a9d7f5}\hqghumeaylnlf.exe a variant of Win32/Adware.SpeedingUpMyPC.AA application
C:\ProgramData\{9af26980-7f72-f498-9af2-269807f7a601}\pricelessinstaller.exe a variant of Win32/Adware.MultiPlug.KP application
C:\Users\All Users\Browser\prompt.exe a variant of MSIL/Adware.PullUpdate.L.gen application
C:\Users\All Users\c1c05f7061d940b085ed209085e4a787\c1c05f7061d940b085ed209085e4a787.exe a variant of Win32/Adware.PicColor.AB application
C:\Users\All Users\e29c40da53af42a3895e10c22c3d76c2\e29c40da53af42a3895e10c22c3d76c2.exe a variant of Win32/Adware.PicColor.AE application
C:\Users\All Users\ShopperPro\ShopperPro.dll a variant of Win32/ShopperPro.A potentially unwanted application
C:\Users\All Users\ShopperPro\ShopperPro64.dll a variant of Win64/ShopperPro.A potentially unwanted application
C:\Users\All Users\{18c1d0f7-b873-4d6b-18c1-1d0f7b8743de}\hqghumeaylnlf.exe a variant of Win32/Adware.SpeedingUpMyPC.AA application
C:\Users\All Users\{20563ee8-ab9c-4ef3-2056-63ee8ab9fba2}\hqghumeaylnlf.exe a variant of Win32/Adware.SpeedingUpMyPC.AA application
C:\Users\All Users\{327cb5fd-4a9d-c1e5-327c-cb5fd4a9d7f5}\hqghumeaylnlf.exe a variant of Win32/Adware.SpeedingUpMyPC.AA application
C:\Users\All Users\{9af26980-7f72-f498-9af2-269807f7a601}\pricelessinstaller.exe a variant of Win32/Adware.MultiPlug.KP application
C:\Users\Max\AppData\Local\00000000-1430166663-0000-0000-6C626DB6DAC3\bnslFE2A.exe a variant of Win32/Adware.ConvertAd.KG application
C:\Users\Max\AppData\Local\00000000-1430166802-0000-0000-6C626DB6DAC3\anse107F.exe a variant of Win32/Adware.ConvertAd.KP application
C:\Users\Max\AppData\Local\00000000-1430166802-0000-0000-6C626DB6DAC3\cnsg13DC.tmp Win32/Adware.ConvertAd.KE application
C:\Users\Max\AppData\Local\00000000-1430166802-0000-0000-6C626DB6DAC3\rnsg13DD.exe a variant of Win32/Adware.ConvertAd.KJ application
C:\Users\Max\AppData\Local\00000000-1430166821-0000-0000-6C626DB6DAC3\onsx56C1.tmp a variant of Win32/Adware.ConvertAd.KK application
C:\Users\Max\AppData\Local\00000000-1430166821-0000-0000-6C626DB6DAC3\pnsc56E1.exe Win32/Adware.ConvertAd.NK application
C:\Users\Max\AppData\Local\00000000-1430166821-0000-0000-6C626DB6DAC3\rnsh56B0.exe a variant of Win32/Adware.ConvertAd.KJ application
C:\Users\Max\AppData\Local\00000000-1430166821-0000-0000-6C626DB6DAC3\snsh56AF.tmp Win32/Adware.ConvertAd.KI application
C:\Users\Max\AppData\Local\30034\Updater.exe a variant of Win32/Amonetize.EP potentially unwanted application
C:\Users\Max\AppData\Local\avabvyxvdy\avabvyxvdy.exe a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\Users\Max\AppData\Local\avabvyxvdy\pbqrmvbub a variant of Win32/ClientConnect.A potentially unwanted application
C:\Users\Max\AppData\Local\gmsd_us_585\upgmsd_us_585.exe a variant of Win32/Adware.EoRezo.AJ application
C:\Users\Max\AppData\Local\Installer\Installgeforce_5348\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\Users\Max\AppData\Local\Installer\Installgeforce_8865\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\Users\Max\AppData\Local\Installer\Installshopperpro_5348\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\Users\Max\AppData\Local\Installer\Installshopperpro_8865\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\Users\Max\AppData\Local\Installer\Install_12280\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\Users\Max\AppData\Local\Installer\Install_13204\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\Users\Max\AppData\Local\Installer\Install_18077\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\Users\Max\AppData\Local\Installer\Install_18256\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\Users\Max\AppData\Local\Installer\Install_19783\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\Users\Max\AppData\Local\Installer\Install_21149\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\Users\Max\AppData\Local\Installer\Install_24936\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\Users\Max\AppData\Local\Installer\Install_27195\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\Users\Max\AppData\Local\Installer\Install_29589\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\Users\Max\AppData\Local\Installer\Install_29735\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\Users\Max\AppData\Local\Installer\Install_30843\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\Users\Max\AppData\Local\Installer\Install_8310\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\CJEXS4BH\OfferInstaller[1].exe a variant of MSIL/Adware.Imali.A application
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\CJEXS4BH\VuuPC_VO2_8907[1].exe a variant of Win32/InstallMonetizer.BC potentially unwanted application
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\F9AFFZ6K\imali_bundle[1].exe a variant of Win32/Adware.Imali.A application
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\F9AFFZ6K\infonaut-setup-1.10.0.14[1].exe multiple threats
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\F9AFFZ6K\Setup[1].exe a variant of Win32/InstallCore.PK potentially unwanted application
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\K4O0T7E9\setup_gmsd_us[1].exe multiple threats
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\OMP2X8E9\mediaplayer[1].exe a variant of Win32/DownloadAssistant.A potentially unwanted application
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\OMP2X8E9\SmartWebInstaller[1].exe a variant of Win32/PriceGong.C potentially unwanted application
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\3389952AAE22DA2ED67443DF8D4C99E6AFA71E4B JS/Kryptik.I trojan
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\C25179E407B636BD1E8670AA50916F244E050F71 JS/Kryptik.I trojan
C:\Users\Max\AppData\Local\SmartWeb\SmartWebApp.exe a variant of Win32/PriceGong.C potentially unwanted application
C:\Users\Max\AppData\Local\SmartWeb\SmartWebHelper.exe a variant of Win32/PriceGong.C potentially unwanted application
C:\Users\Max\AppData\Local\SmartWeb\swhk.dll a variant of Win32/PriceGong.C potentially unwanted application
C:\Users\Max\AppData\Local\SmartWeb\__u.exe a variant of Win32/PriceGong.C potentially unwanted application
C:\Users\Max\AppData\Local\Temp\bes7A25.exe a variant of MSIL/Adware.Imali.A application
C:\Users\Max\AppData\Local\Temp\ICReinstall_nss6A1F.tmp a variant of Win32/InstallCore.PK potentially unwanted application
C:\Users\Max\AppData\Local\Temp\nsi3E52.tmp Win32/BrowseFox.AV potentially unwanted application
C:\Users\Max\AppData\Local\Temp\nss6A1F.tmp a variant of Win32/InstallCore.PK potentially unwanted application
C:\Users\Max\AppData\Local\Temp\nss7D93.tmp a variant of Win32/InstallMonetizer.BC potentially unwanted application
C:\Users\Max\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_70.exe Win32/BrowseFox.AV potentially unwanted application
C:\Users\Max\AppData\Local\Temp\is45637729\1308283_stp\icc.dll a variant of Win32/InstallCore.YX potentially unwanted application
C:\Users\Max\AppData\Local\Temp\nskAA97.tmp\HTMLTester2.exe Win32/InstallMonetizer.BB potentially unwanted application
C:\Users\Max\AppData\Local\Temp\nskAA97.tmp\nsPage_LoadOffer.dll a variant of Win32/InstallMonetizer.BC potentially unwanted application
C:\Users\Max\AppData\Roaming\P5FrFNBceXRT1W20d5av.exe a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application
C:\Users\Max\AppData\Roaming\00000000-1430191812-0000-0000-6C626DB6DAC3\vnsd1F57.tmp a variant of Win32/Adware.ConvertAd.KZ.gen application
C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\jnse7CDF.tmp a variant of Win32/Adware.ConvertAd.OO application
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\AVJYFVOD75109374@HCDE39471360.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\veggy@veggyAddon.com\chrome\content\main.js JS/Kryptik.I trojan
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\overlay.js JS/ShopperPro.A potentially unwanted application
C:\Users\Max\Downloads\iain.banks.the.wasp.factory_10924_i53165781_il345.exe a variant of Win32/Amonetize.DW potentially unwanted application
C:\Windows\apppatch\apppatch64\VCLdr64.dll a variant of Win32/ClientConnect.A potentially unwanted application
C:\Windows\apppatch\nbin\VC32Loader.dll a variant of Win32/ClientConnect.A potentially unwanted application
C:\Windows\SysFilesController\SysFiles_backup.exe a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\Windows\SysHealthController\SysFiles_backup.exe a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\Windows\Temp\1863f8ql.exe multiple threats
Operating memory multiple threats


Thank you,
Max
maximusdowns
Regular Member
 
Posts: 66
Joined: August 4th, 2012, 4:11 pm

Re: Malware and Pop-Ups

Unread postby Gary R » May 18th, 2015, 1:51 am

OK, let's take care of the stuff that e-set found. A lot of stuff in the log is already safe, since we've quarantined it, so we'll leave that alone for the moment, we'll remove it later. This is the stuff that still needs dealing with.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
C:\Program Files (x86)\SearchProtect
C:\AI_RecycleBin\{C5F607E6-9A81-4E5E-9AB3-0F9F27C78303}\3\Strongvault\StrongVaultApp.exe
C:\Program Files\Common Files\ShopperPro
C:\Program Files\Common Files\System\SysMenu.dll
C:\Program Files\Common Files\System\SysMenu64.dll
C:\Program Files (x86)\CinemaPlus_2.0V16.05
C:\Program Files (x86)\Coupoon
C:\Program Files (x86)\Ge-Force
C:\Program Files (x86)\gmsd_us_585
C:\Program Files (x86)\Optimizer Pro 3.91
C:\Program Files (x86)\ospd_us_1014
C:\Program Files (x86)\Papas Pizzeria
C:\Program Files (x86)\PathMaxx
C:\Program Files (x86)\PriceLess
C:\Program Files (x86)\RapidMediaConverter
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\ShopperPro
C:\Program Files (x86)\Super Optimizer
C:\Program Files (x86)\Supporter
C:\Program Files (x86)\SysFiles
C:\Program Files (x86)\YTDownloader
C:\ProgramData\Browser
C:\ProgramData\c1c05f7061d940b085ed209085e4a787
C:\ProgramData\e29c40da53af42a3895e10c22c3d76c2
C:\ProgramData\ShopperPro
C:\ProgramData\{18c1d0f7-b873-4d6b-18c1-1d0f7b8743de}
C:\ProgramData\{20563ee8-ab9c-4ef3-2056-63ee8ab9fba2}
C:\ProgramData\{327cb5fd-4a9d-c1e5-327c-cb5fd4a9d7f5}
C:\ProgramData\{9af26980-7f72-f498-9af2-269807f7a601}
C:\Users\All Users\Browser
C:\Users\All Users\c1c05f7061d940b085ed209085e4a787
C:\Users\All Users\e29c40da53af42a3895e10c22c3d76c2
C:\Users\All Users\ShopperPro
C:\Users\All Users\{18c1d0f7-b873-4d6b-18c1-1d0f7b8743de}
C:\Users\All Users\{20563ee8-ab9c-4ef3-2056-63ee8ab9fba2}
C:\Users\All Users\{327cb5fd-4a9d-c1e5-327c-cb5fd4a9d7f5}
C:\Users\All Users\{9af26980-7f72-f498-9af2-269807f7a601}
C:\Users\Max\AppData\Local\00000000-1430166663-0000-0000-6C626DB6DAC3
C:\Users\Max\AppData\Local\30034
C:\Users\Max\AppData\Local\avabvyxvdy
C:\Users\Max\AppData\Local\gmsd_us_585
C:\Users\Max\AppData\Local\Installer
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\CJEXS4BH
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\F9AFFZ6K
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\K4O0T7E9
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\OMP2X8E9
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\3389952AAE22DA2ED67443DF8D4C99E6AFA71E4B
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\C25179E407B636BD1E8670AA50916F244E050F71
C:\Users\Max\AppData\Local\SmartWeb
C:\Users\Max\AppData\Local\Temp\bes7A25.exe
C:\Users\Max\AppData\Local\Temp\ICReinstall_nss6A1F.tmp
C:\Users\Max\AppData\Local\Temp\nsi3E52.tmp
C:\Users\Max\AppData\Local\Temp\nss6A1F.tmp
C:\Users\Max\AppData\Local\Temp\nss7D93.tmp
C:\Users\Max\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b
C:\Users\Max\AppData\Local\Temp\is45637729\1308283_stp\icc.dll 
C:\Users\Max\AppData\Local\Temp\nskAA97.tmp
C:\Users\Max\AppData\Roaming\P5FrFNBceXRT1W20d5av.exe
C:\Users\Max\AppData\Roaming\00000000-1430191812-0000-0000-6C626DB6DAC3
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\AVJYFVOD75109374@HCDE39471360.comapplication
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\TTSD90021300@PYDKGV101145942.com
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\veggy@veggyAddon.com
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
C:\Users\Max\Downloads\iain.banks.the.wasp.factory_10924_i53165781_il345.exe 
C:\Windows\apppatch\apppatch64\VCLdr64.dll 
C:\Windows\apppatch\nbin\VC32Loader.dll 
C:\Windows\SysFilesController\SysFiles_backup.exe 
C:\Windows\SysHealthController\SysFiles_backup.exe
C:\Windows\Temp\1863f8ql.exe

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 19th, 2015, 10:47 pm

Hi Gary,

Here is my fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-05-2015
Ran by Max at 2015-05-19 19:36:26 Run:3
Running from C:\Users\Max\Desktop
Loaded Profiles: Max (Available profiles: Max)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\SearchProtect
C:\AI_RecycleBin\{C5F607E6-9A81-4E5E-9AB3-0F9F27C78303}\3\Strongvault\StrongVaultApp.exe
C:\Program Files\Common Files\ShopperPro
C:\Program Files\Common Files\System\SysMenu.dll
C:\Program Files\Common Files\System\SysMenu64.dll
C:\Program Files (x86)\CinemaPlus_2.0V16.05
C:\Program Files (x86)\Coupoon
C:\Program Files (x86)\Ge-Force
C:\Program Files (x86)\gmsd_us_585
C:\Program Files (x86)\Optimizer Pro 3.91
C:\Program Files (x86)\ospd_us_1014
C:\Program Files (x86)\Papas Pizzeria
C:\Program Files (x86)\PathMaxx
C:\Program Files (x86)\PriceLess
C:\Program Files (x86)\RapidMediaConverter
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\ShopperPro
C:\Program Files (x86)\Super Optimizer
C:\Program Files (x86)\Supporter
C:\Program Files (x86)\SysFiles
C:\Program Files (x86)\YTDownloader
C:\ProgramData\Browser
C:\ProgramData\c1c05f7061d940b085ed209085e4a787
C:\ProgramData\e29c40da53af42a3895e10c22c3d76c2
C:\ProgramData\ShopperPro
C:\ProgramData\{18c1d0f7-b873-4d6b-18c1-1d0f7b8743de}
C:\ProgramData\{20563ee8-ab9c-4ef3-2056-63ee8ab9fba2}
C:\ProgramData\{327cb5fd-4a9d-c1e5-327c-cb5fd4a9d7f5}
C:\ProgramData\{9af26980-7f72-f498-9af2-269807f7a601}
C:\Users\All Users\Browser
C:\Users\All Users\c1c05f7061d940b085ed209085e4a787
C:\Users\All Users\e29c40da53af42a3895e10c22c3d76c2
C:\Users\All Users\ShopperPro
C:\Users\All Users\{18c1d0f7-b873-4d6b-18c1-1d0f7b8743de}
C:\Users\All Users\{20563ee8-ab9c-4ef3-2056-63ee8ab9fba2}
C:\Users\All Users\{327cb5fd-4a9d-c1e5-327c-cb5fd4a9d7f5}
C:\Users\All Users\{9af26980-7f72-f498-9af2-269807f7a601}
C:\Users\Max\AppData\Local\00000000-1430166663-0000-0000-6C626DB6DAC3
C:\Users\Max\AppData\Local\30034
C:\Users\Max\AppData\Local\avabvyxvdy
C:\Users\Max\AppData\Local\gmsd_us_585
C:\Users\Max\AppData\Local\Installer
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\CJEXS4BH
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\F9AFFZ6K
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\K4O0T7E9
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\OMP2X8E9
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\3389952AAE22DA2ED67443DF8D4C99E6AFA71E4B
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\C25179E407B636BD1E8670AA50916F244E050F71
C:\Users\Max\AppData\Local\SmartWeb
C:\Users\Max\AppData\Local\Temp\bes7A25.exe
C:\Users\Max\AppData\Local\Temp\ICReinstall_nss6A1F.tmp
C:\Users\Max\AppData\Local\Temp\nsi3E52.tmp
C:\Users\Max\AppData\Local\Temp\nss6A1F.tmp
C:\Users\Max\AppData\Local\Temp\nss7D93.tmp
C:\Users\Max\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b
C:\Users\Max\AppData\Local\Temp\is45637729\1308283_stp\icc.dll
C:\Users\Max\AppData\Local\Temp\nskAA97.tmp
C:\Users\Max\AppData\Roaming\P5FrFNBceXRT1W20d5av.exe
C:\Users\Max\AppData\Roaming\00000000-1430191812-0000-0000-6C626DB6DAC3
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\AVJYFVOD75109374@HCDE39471360.comapplication
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\TTSD90021300@PYDKGV101145942.com
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\veggy@veggyAddon.com
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
C:\Users\Max\Downloads\iain.banks.the.wasp.factory_10924_i53165781_il345.exe
C:\Windows\apppatch\apppatch64\VCLdr64.dll
C:\Windows\apppatch\nbin\VC32Loader.dll
C:\Windows\SysFilesController\SysFiles_backup.exe
C:\Windows\SysHealthController\SysFiles_backup.exe
C:\Windows\Temp\1863f8ql.exe
*****************


"C:\Program Files (x86)\SearchProtect" directory move:

Could not move "C:\Program Files (x86)\SearchProtect" directory. => Scheduled to move on reboot.

C:\AI_RecycleBin\{C5F607E6-9A81-4E5E-9AB3-0F9F27C78303}\3\Strongvault\StrongVaultApp.exe => Moved successfully.
C:\Program Files\Common Files\ShopperPro => Moved successfully.
C:\Program Files\Common Files\System\SysMenu.dll => Moved successfully.
C:\Program Files\Common Files\System\SysMenu64.dll => Moved successfully.
C:\Program Files (x86)\CinemaPlus_2.0V16.05 => Moved successfully.

"C:\Program Files (x86)\Coupoon" directory move:

Could not move "C:\Program Files (x86)\Coupoon" directory. => Scheduled to move on reboot.

C:\Program Files (x86)\Ge-Force => Moved successfully.
C:\Program Files (x86)\gmsd_us_585 => Moved successfully.
C:\Program Files (x86)\Optimizer Pro 3.91 => Moved successfully.
C:\Program Files (x86)\ospd_us_1014 => Moved successfully.
C:\Program Files (x86)\Papas Pizzeria => Moved successfully.

"C:\Program Files (x86)\PathMaxx" directory move:

Could not move "C:\Program Files (x86)\PathMaxx" directory. => Scheduled to move on reboot.

C:\Program Files (x86)\PriceLess => Moved successfully.

"C:\Program Files (x86)\RapidMediaConverter" directory move:

Could not move "C:\Program Files (x86)\RapidMediaConverter" directory. => Scheduled to move on reboot.


"C:\Program Files (x86)\SearchProtect" directory move:

Could not move "C:\Program Files (x86)\SearchProtect" directory. => Scheduled to move on reboot.

C:\Program Files (x86)\ShopperPro => Moved successfully.
C:\Program Files (x86)\Super Optimizer => Moved successfully.
C:\Program Files (x86)\Supporter => Moved successfully.
C:\Program Files (x86)\SysFiles => Moved successfully.
C:\Program Files (x86)\YTDownloader => Moved successfully.
C:\ProgramData\Browser => Moved successfully.
C:\ProgramData\c1c05f7061d940b085ed209085e4a787 => Moved successfully.
C:\ProgramData\e29c40da53af42a3895e10c22c3d76c2 => Moved successfully.
C:\ProgramData\ShopperPro => Moved successfully.
C:\ProgramData\{18c1d0f7-b873-4d6b-18c1-1d0f7b8743de} => Moved successfully.
C:\ProgramData\{20563ee8-ab9c-4ef3-2056-63ee8ab9fba2} => Moved successfully.
C:\ProgramData\{327cb5fd-4a9d-c1e5-327c-cb5fd4a9d7f5} => Moved successfully.
C:\ProgramData\{9af26980-7f72-f498-9af2-269807f7a601} => Moved successfully.
"C:\Users\All Users\Browser" => File/Directory not found.
"C:\Users\All Users\c1c05f7061d940b085ed209085e4a787" => File/Directory not found.
"C:\Users\All Users\e29c40da53af42a3895e10c22c3d76c2" => File/Directory not found.
"C:\Users\All Users\ShopperPro" => File/Directory not found.
"C:\Users\All Users\{18c1d0f7-b873-4d6b-18c1-1d0f7b8743de}" => File/Directory not found.
"C:\Users\All Users\{20563ee8-ab9c-4ef3-2056-63ee8ab9fba2}" => File/Directory not found.
"C:\Users\All Users\{327cb5fd-4a9d-c1e5-327c-cb5fd4a9d7f5}" => File/Directory not found.
"C:\Users\All Users\{9af26980-7f72-f498-9af2-269807f7a601}" => File/Directory not found.
C:\Users\Max\AppData\Local\00000000-1430166663-0000-0000-6C626DB6DAC3 => Moved successfully.
C:\Users\Max\AppData\Local\30034 => Moved successfully.
C:\Users\Max\AppData\Local\avabvyxvdy => Moved successfully.
C:\Users\Max\AppData\Local\gmsd_us_585 => Moved successfully.
C:\Users\Max\AppData\Local\Installer => Moved successfully.

"C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\CJEXS4BH" directory move:

Could not move "C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\CJEXS4BH" directory. => Scheduled to move on reboot.


"C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\F9AFFZ6K" directory move:

Could not move "C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\F9AFFZ6K" directory. => Scheduled to move on reboot.

C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\K4O0T7E9 => Moved successfully.
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\OMP2X8E9 => Moved successfully.
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\3389952AAE22DA2ED67443DF8D4C99E6AFA71E4B => Moved successfully.
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\C25179E407B636BD1E8670AA50916F244E050F71 => Moved successfully.
C:\Users\Max\AppData\Local\SmartWeb => Moved successfully.
C:\Users\Max\AppData\Local\Temp\bes7A25.exe => Moved successfully.
C:\Users\Max\AppData\Local\Temp\ICReinstall_nss6A1F.tmp => Moved successfully.
C:\Users\Max\AppData\Local\Temp\nsi3E52.tmp => Moved successfully.
C:\Users\Max\AppData\Local\Temp\nss6A1F.tmp => Moved successfully.
C:\Users\Max\AppData\Local\Temp\nss7D93.tmp => Moved successfully.
C:\Users\Max\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b => Moved successfully.
C:\Users\Max\AppData\Local\Temp\is45637729\1308283_stp\icc.dll => Moved successfully.
C:\Users\Max\AppData\Local\Temp\nskAA97.tmp => Moved successfully.
C:\Users\Max\AppData\Roaming\P5FrFNBceXRT1W20d5av.exe => Moved successfully.
C:\Users\Max\AppData\Roaming\00000000-1430191812-0000-0000-6C626DB6DAC3 => Moved successfully.
"C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\AVJYFVOD75109374@HCDE39471360.comapplication" => File/Directory not found.
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\TTSD90021300@PYDKGV101145942.com => Moved successfully.
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\veggy@veggyAddon.com => Moved successfully.
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} => Moved successfully.
C:\Users\Max\Downloads\iain.banks.the.wasp.factory_10924_i53165781_il345.exe => Moved successfully.
Could not move "C:\Windows\apppatch\apppatch64\VCLdr64.dll" => Scheduled to move on reboot.
Could not move "C:\Windows\apppatch\nbin\VC32Loader.dll" => Scheduled to move on reboot.
C:\Windows\SysFilesController\SysFiles_backup.exe => Moved successfully.
C:\Windows\SysHealthController\SysFiles_backup.exe => Moved successfully.
C:\Windows\Temp\1863f8ql.exe => Moved successfully.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-19 19:43:28)<=

"C:\Program Files (x86)\SearchProtect" => Could not move.
C:\Program Files (x86)\Coupoon => Is moved successfully.
C:\Program Files (x86)\PathMaxx => Is moved successfully.
C:\Program Files (x86)\RapidMediaConverter => Is moved successfully.
"C:\Program Files (x86)\SearchProtect" => Could not move.
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\CJEXS4BH => Moved successfully.
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\F9AFFZ6K => Is moved successfully.
"C:\Windows\apppatch\apppatch64\VCLdr64.dll" => Could not move.
"C:\Windows\apppatch\nbin\VC32Loader.dll" => Could not move.

==== End of Fixlog 19:43:34 ====

Thank you very much,

Max
maximusdowns
Regular Member
 
Posts: 66
Joined: August 4th, 2012, 4:11 pm

Re: Malware and Pop-Ups

Unread postby Gary R » May 20th, 2015, 1:14 am

Seems one of the folders is being stubborn, so I'd like to try another tool on it.

Download Avenger by Swandog and unzip it to your Desktop.

Note: This programme must be run from an account with Administrator priviledges.

  • Open the Avenger folder and double click Avenger.exe to launch the programme.
  • Copy the text in the code box below and Paste it into the Input script here: box. (don't include Code: Select all)
Code: Select all
Folders to delete:
C:\Program Files (x86)\SearchProtect


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  • Ensure the following:
    • Scan for Rootkits is checked.
    • Automatically disable any rootkits found is Unchecked.
  • Press the Execute key.
  • Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
  • Post the log back here please. (it can also be found at C:\avenger.txt)


Also .... please let me know how your computer is running now.








.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 22nd, 2015, 1:02 am

Gary,

I followed the above instructions and executed the script, but an avenger.txt file was not generated. Unfortunately my computer still shows signs of malware, with pop-ups and ads. They say the are powered by CinemaPlus if that helps at all. There are also still unwanted desktop icons, such as Crossbrowse, some sort of internet browser that has replaced Firefox, PepperZip, Skype, which I did not download to this PC, Optimizer Pro, GUPlayer. Please advise on action to take.

Thank you,
Max
maximusdowns
Regular Member
 
Posts: 66
Joined: August 4th, 2012, 4:11 pm

Re: Malware and Pop-Ups

Unread postby Gary R » May 22nd, 2015, 4:18 am

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Next ...

Please run another scan with E-Set ...

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • JRT.txt
  • E-Set.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 22nd, 2015, 11:21 pm

Gary,

Here is my ADWCleaner log:

# AdwCleaner v4.205 - Logfile created 22/05/2015 at 18:50:36
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Max - LEVIATHAN
# Running from : C:\Users\Max\Downloads\adwcleaner_4.205.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : BrsHelper
Service Deleted : CltMngSvc
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
Service Deleted : netfilter64
[#] Service Deleted : sbmntr
[#] Service Deleted : SMUpd
[#] Service Deleted : SMUpdd
[#] Service Deleted : SPBIUpd
[#] Service Deleted : SPBIUpdd
[#] Service Deleted : CoupoonService64
Service Deleted : {c6c40e9a-dba9-495a-bc9d-28d2a9896230}Gw64
[#] Service Deleted : be0fb33b
[#] Service Deleted : cae99edb
[#] Service Deleted : cdc5517a
[#] Service Deleted : SPDRIVER_1.42.1.1841

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SearchModule
Folder Deleted : C:\ProgramData\FlashBeat
Folder Deleted : C:\ProgramData\LolliScan
Folder Deleted : C:\ProgramData\NetEngine
Folder Deleted : C:\ProgramData\radio
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\PepperZip
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Crossbrowse
Folder Deleted : C:\Program Files (x86)\Edu App
Folder Deleted : C:\Program Files (x86)\CinemaPlus-3.2cV19.05
Folder Deleted : C:\Program Files (x86)\gmsd_us_598
Folder Deleted : C:\Users\Max\AppData\Local\Temp\Edu App
Folder Deleted : C:\Users\Max\AppData\Local\Temp\PathMaxx
Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\BrowserHelper
Folder Deleted : C:\Program Files\coupoon
Folder Deleted : C:\Users\Max\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Max\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Max\AppData\Local\BreakingNewsAlert
Folder Deleted : C:\Users\Max\AppData\Local\BrowserHelper
Folder Deleted : C:\Users\Max\AppData\Local\Crossbrowse
Folder Deleted : C:\Users\Max\AppData\Local\gmsd_us_598
Folder Deleted : C:\Users\Max\AppData\Local\00000000-1430166802-0000-0000-6C626DB6DAC3
Folder Deleted : C:\Users\Max\AppData\Local\00000000-1430166821-0000-0000-6C626DB6DAC3
Folder Deleted : C:\Users\Max\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Max\AppData\Roaming\ASPackage
Folder Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Folder Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
Folder Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\zzoomit@zoom.com
Folder Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\vUxp5@hRWi.net
Folder Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com
File Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{c6c40e9a-dba9-495a-bc9d-28d2a9896230}.xpi
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\crossbrowse.lnk
File Deleted : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
File Deleted : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Deleted : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
File Deleted : C:\WINDOWS\AppPatch\nbin\VC32Loader.dll
File Deleted : C:\Users\Max\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\WINDOWS\System32\drivers\{c6c40e9a-dba9-495a-bc9d-28d2a9896230}Gw64.sys
File Deleted : C:\WINDOWS\System32\drivers\netfilter64.sys
File Deleted : C:\Users\Max\AppData\Roaming\P5FrFNBceXRT1W20d5av
File Deleted : C:\Users\Max\AppData\Roaming\Pm0e50znwWBxLJ8cg43lbd
File Deleted : C:\Users\Max\AppData\Roaming\Pm0e50znwWBxLJ8cg43lbd.exe
File Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk
File Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\crossbrowse.lnk
File Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
File Deleted : C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
File Deleted : C:\Users\Max\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Max\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Max\Desktop\PepperZip.lnk
File Deleted : C:\Users\Max\Desktop\YTDownloader.lnk
File Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\searchplugins\trovi.xml
File Deleted : C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : Crossbrowse
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : Inst_Rep
Task Deleted : ShopperPro
Task Deleted : ShopperProJSUpd
Task Deleted : SmartWeb Upgrade Trigger Task
Task Deleted : SPDriver
Task Deleted : YTDownloader
Task Deleted : YTDownloaderUpd
Task Deleted : amiupdaterExd
Task Deleted : amiupdaterExi
Task Deleted : P5FrFNBceXRT1W20d5av
Task Deleted : Pm0e50znwWBxLJ8cg43lbd
Task Deleted : ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-6
Task Deleted : ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-7
Task Deleted : ae7e27e2-d0d7-4feb-8fb0-24133894cfee-10_user
Task Deleted : ae7e27e2-d0d7-4feb-8fb0-24133894cfee-4
Task Deleted : ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5
Task Deleted : ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5_user
Task Deleted : d9cc67d4-09ed-4dab-a5d9-cd0315507352-1-6
Task Deleted : d9cc67d4-09ed-4dab-a5d9-cd0315507352-1-7
Task Deleted : d9cc67d4-09ed-4dab-a5d9-cd0315507352-10_user
Task Deleted : d9cc67d4-09ed-4dab-a5d9-cd0315507352-4
Task Deleted : d9cc67d4-09ed-4dab-a5d9-cd0315507352-5
Task Deleted : d9cc67d4-09ed-4dab-a5d9-cd0315507352-5_user
Task Deleted : fef6a2a9-8460-491b-90e9-cb89ec8fe404-1-6
Task Deleted : fef6a2a9-8460-491b-90e9-cb89ec8fe404-1-7
Task Deleted : fef6a2a9-8460-491b-90e9-cb89ec8fe404-10_user
Task Deleted : fef6a2a9-8460-491b-90e9-cb89ec8fe404-4
Task Deleted : fef6a2a9-8460-491b-90e9-cb89ec8fe404-5
Task Deleted : fef6a2a9-8460-491b-90e9-cb89ec8fe404-5_user
Task Deleted : SPBIW_UpdateTask_Time_3134393136333034302d23787845322a5b3434322d57

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SPDriver]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [WinCheck]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SPDriver]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SmartWeb]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Super Optimizer]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
Key Deleted : HKLM\SOFTWARE\Classes\CRSBRWSHTML
Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe
Key Deleted : HKCU\Software\Classes\PepperZip
Value Deleted : HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [CRSBRWSHTML]
Value Deleted : HKLM\SOFTWARE\Classes\.html\OpenWithProgids [CRSBRWSHTML]
Value Deleted : HKLM\SOFTWARE\RegisteredApplications [Crossbrowse]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
Key Deleted : HKLM\SOFTWARE\Classes\P87C023B1_D9B8_4C48_9963_ADE643108455_.P87C023B1_D9B8_4C48_9963_ADE643108455_
Key Deleted : HKLM\SOFTWARE\Classes\P87C023B1_D9B8_4C48_9963_ADE643108455_.P87C023B1_D9B8_4C48_9963_ADE643108455_.9
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_us_598]
Key Deleted : HKLM\SOFTWARE\222d1b0b-297c-c0c7-6122-3c0e2e63aca8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{be0fb33b}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87C023B1-D9B8-4C48-9963-ADE643108455}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{995AEC82-0E5F-419A-864E-4E50012D0863}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87C023B1-D9B8-4C48-9963-ADE643108455}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87C023B1-D9B8-4C48-9963-ADE643108455}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87C023B1-D9B8-4C48-9963-ADE643108455}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87C023B1-D9B8-4C48-9963-ADE643108455}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{87C023B1-D9B8-4C48-9963-ADE643108455}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87C023B1-D9B8-4C48-9963-ADE643108455}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6525F17B-D1E3-4A94-B935-92DFB5E2CB10}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\PepperZip
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\YTDownloader
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\CrossBrowser
Key Deleted : HKCU\Software\Crossbrowse
Key Deleted : HKCU\Software\Ge-Force
Key Deleted : HKCU\Software\YorkNewCin
Key Deleted : HKCU\Software\HighDefAction
Key Deleted : HKCU\Software\ArenaHD
Key Deleted : HKCU\Software\CinemaPlus-3.2cV19.05
Key Deleted : HKCU\Software\CinemaPlus-3.2cV19.05-nv-ie
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\ShopperPro
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\YTDownloader
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\SearchModule
Key Deleted : HKLM\SOFTWARE\Crossbrowse
Key Deleted : HKLM\SOFTWARE\Ge-Force
Key Deleted : HKLM\SOFTWARE\coupoon
Key Deleted : HKLM\SOFTWARE\LolliScan
Key Deleted : HKLM\SOFTWARE\YorkNewCin
Key Deleted : HKLM\SOFTWARE\HighDefAction
Key Deleted : HKLM\SOFTWARE\ArenaHD
Key Deleted : HKLM\SOFTWARE\CinemaPlus-3.2cV19.05
Key Deleted : HKLM\SOFTWARE\CinemaPlus-3.2cV19.05-nv-ie
Key Deleted : HKU\.DEFAULT\Software\CinemaPlus-3.2cV19.05-nv-ie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PepperZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search module
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ge-Force
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LolliScan
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{49F8B4F8-0CD4-4BE4-A9E8-B13A071F7C90}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaPlus-3.2cV19.05
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
Key Deleted : [x64] HKLM\SOFTWARE\coupoon
Key Deleted : [x64] HKLM\SOFTWARE\LolliScan
Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v37.0.1 (x86 en-US)

[174u8fal.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MFB31EA79-17E6-42ED-8BD4-7D6073084D28&SearchSource=69&CUI=&SSPV=SP22230TA_sp_ff&Lay=1&UM=8&UP=SP02[...]
[174u8fal.default\prefs.js] - Line Deleted : user_pref("extensions.a973ba634716b4639a1c150b40c5afc24a09e55466bb60878000com72897.72897.cookie.previous_page.value", "%22hxxp%3A//www-searching.com/%3Fpid%3Ds%26s%3DF59ztutdk0002%2Cb37c2c34-3748-4f99[...]
[174u8fal.default\prefs.js] - Line Deleted : user_pref("extensions.a973ba634716b4639a1c150b40c5afc24a09e55466bb60878000com72897.72897.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22[...]
[174u8fal.default\prefs.js] - Line Deleted : user_pref("extensions.a973ba634716b4639a1c150b40c5afc24a09e55466bb60878000com72897.72897.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5[...]
[174u8fal.default\prefs.js] - Line Deleted : user_pref("extensions.aAVJYFVOD75109374HCDE39471360com72895.72895.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22anth[...]
[174u8fal.default\prefs.js] - Line Deleted : user_pref("extensions.aAVJYFVOD75109374HCDE39471360com72895.72895.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%[...]
[174u8fal.default\prefs.js] - Line Deleted : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
[174u8fal.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14cc57b51dc1d7740d4055a33286f106");

*************************

AdwCleaner[R0].txt - [2879 bytes] - [12/02/2015 19:52:29]
AdwCleaner[R1].txt - [37976 bytes] - [14/05/2015 19:40:31]
AdwCleaner[R2].txt - [24872 bytes] - [22/05/2015 18:48:18]
AdwCleaner[S0].txt - [2981 bytes] - [12/02/2015 19:55:05]
AdwCleaner[S1].txt - [34660 bytes] - [14/05/2015 19:43:27]
AdwCleaner[S2].txt - [23407 bytes] - [22/05/2015 18:50:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [23467 bytes] ##########
maximusdowns
Regular Member
 
Posts: 66
Joined: August 4th, 2012, 4:11 pm

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 22nd, 2015, 11:22 pm

Here is my JRT.txt file:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.6 (05.21.2015:1)
OS: Windows 8.1 Pro x64
Ran by Max on Fri 05/22/2015 at 18:59:26.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] update pathmaxx
Successfully deleted: [Service] update pathmaxx
Successfully stopped: [Service] updatecheck
Successfully deleted: [Service] updatecheck
Successfully stopped: [Service] util pathmaxx
Successfully deleted: [Service] util pathmaxx



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Bidaily Synchronize Task[in]
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3369700690-3850376273-3648611264-1001
Successfully deleted: [Task] C:\WINDOWS\tasks\Bidaily Synchronize Task[in].job



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{cf6bd74e-5c54-4129-8b10-c931bc156fe8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf6bd74e-5c54-4129-8b10-c931bc156fe8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{cf6bd74e-5c54-4129-8b10-c931bc156fe8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update PathMaxx
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util PathMaxx
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\wbsvc



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ai_recyclebin
Successfully deleted: [Folder] C:\Program Files (x86)\steel cut
Successfully deleted: [Folder] C:\ProgramData\abc
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\onesoftperday
Successfully deleted: [Folder] C:\Users\Max\appdata\local\avabvbxvh
Successfully deleted: [Folder] C:\Users\Max\appdata\local\crashrpt
Successfully deleted: [Folder] C:\Users\Max\appdata\local\ospd_us_1014 [Adware.EoRezo]



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\174u8fal.default\extensions\staged
Successfully deleted the following from C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\174u8fal.default\prefs.js

user_pref(browser.search.defaultenginename, Trovi);
user_pref(browser.search.defaultenginename.US, Trovi);
user_pref(browser.search.selectedEngine, Trovi);
user_pref(extensions.2tfwq0iCAg306NxO.scode, (function(){try{if(window.location.href.indexOf(\qjCFrjC7rTk7rTr5pdC9rdg8qa\)>-1){return;}}catch(e){}try{var d=[[\www.viracu
user_pref(extensions.GkyO2LpVivrM6oEH.scode, (function(){try{if(window.location.href.indexOf(\qjCFrjC7rTk7rTr5pdC9rdg8qa\)>-1){return;}}catch(e){}try{var d=[[\www.viracu
user_pref(extensions.a973ba634716b4639a1c150b40c5afc24a09e55466bb60878000com72897.72897.internaldb.__ICM_LITE__fifty_test_rules.value, %7B%22DE%22%3A%7B%22ALL%22%3A%5B%22an
user_pref(extensions.aAVJYFVOD75109374HCDE39471360com72895.72895.internaldb.__ICM_LITE__fifty_test_rules.value, %7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%2
user_pref(extensions.xT9jw3y171RuhBwp.scode, (function(){try{if(window.location.href.indexOf(\qjCFrjC7rTk7rTr5pdC9rdg8qa\)>-1){return;}}catch(e){}try{var d=[[\www.viracu
Emptied folder: C:\Users\Max\AppData\Roaming\mozilla\firefox\profiles\174u8fal.default\minidumps [9 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/22/2015 at 19:00:48.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
maximusdowns
Regular Member
 
Posts: 66
Joined: August 4th, 2012, 4:11 pm

Re: Malware and Pop-Ups

Unread postby maximusdowns » May 22nd, 2015, 11:23 pm

Here is my eset.txt file

C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SBIEBrowserHelperObject.dll.vir a variant of Win32/SBWatchman.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SCHelper.exe.vir a variant of Win32/SpeedBit.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smei32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smei64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smfi32.dll.vir a variant of Win32/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smfi64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe.vir a variant of Win32/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe.vir a variant of MSIL/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smoi32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smoi64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smri32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smri64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smu.exe.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SMUninstall.exe.vir Win32/SpeedBit.B.gen potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smw.sys.vir a variant of Win32/SBWatchman.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\SBIEBrowserHelperObject.dll.vir a variant of Win32/SBWatchman.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\SCHelper.exe.vir a variant of Win32/SpeedBit.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smci32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smci64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smei32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smei64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smfi32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smfi64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smi32.exe.vir a variant of Win32/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smi64.exe.vir a variant of MSIL/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smoi32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smoi64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smri32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smri64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smu.exe.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\SMUninstall.exe.vir Win32/SpeedBit.B.gen potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\smw.sys.vir a variant of Win32/SBWatchman.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdatePlus\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbici32.dll.vir a variant of Win32/SBWatchman.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbici64.dll.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbii32.exe.vir a variant of Win32/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbii64.exe.vir a variant of MSIL/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\ShopperPro\spbiu.exe.vir a variant of Win64/SBWatchman.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\System\SysMenu.dll.vir a variant of Win32/SpeedBit.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Common Files\System\SysMenu64.dll.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\csrcc.exe.vir Win32/Toolbar.Perion.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\grunt.exe.vir Win32/Toolbar.Perion.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\kasumi32.dll.vir a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\kasumi64.dll.vir a variant of Win64/Toolbar.Perion.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios.dll.vir a variant of Win32/Toolbar.Perion.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios64.dll.vir a variant of Win32/Toolbar.Perion.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\liara64.dll.vir a variant of Win64/Toolbar.Perion.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\tsoni.dll.vir a variant of Win32/Toolbar.Perion.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\wrex.exe.vir Win32/Toolbar.Perion.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Firefox\chrome\content\main.js.vir Win32/Toolbar.Perion.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV19.05\d9cc67d4-09ed-4dab-a5d9-cd0315507352-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV19.05\d9cc67d4-09ed-4dab-a5d9-cd0315507352-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV19.05\d9cc67d4-09ed-4dab-a5d9-cd0315507352-10.exe.vir a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV19.05\d9cc67d4-09ed-4dab-a5d9-cd0315507352-4.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV19.05\d9cc67d4-09ed-4dab-a5d9-cd0315507352-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV19.05\UninstallBrw.exe.vir a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV19.05\utils.exe.vir a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-10.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-4.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV27.04\88e2d631-cef4-4b3b-959f-542c0d09b78a-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV27.04\UninstallBrw.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\CinemaPlus-3.2cV27.04\utils.exe.vir a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\1.3.25.307\goopdate.dll.vir a variant of Win32/Compete.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\1.3.25.307\psmachine.dll.vir a variant of Win32/Compete.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Consumer Input\Update\1.3.25.307\psuser.dll.vir a variant of Win32/Compete.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe.vir a variant of Win32/Toolbar.CrossRider.CN potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ge-Force\fce0a815-cb33-4000-bd2c-72657c2b87bf-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ge-Force\fce0a815-cb33-4000-bd2c-72657c2b87bf-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ge-Force\fce0a815-cb33-4000-bd2c-72657c2b87bf-10.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ge-Force\fce0a815-cb33-4000-bd2c-72657c2b87bf-4.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ge-Force\utils.exe.vir a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe.vir Win32/AlteredSoftware.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe.vir Win32/AlteredSoftware.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll.vir a variant of Win32/AlteredSoftware.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_493\gamesdesktop_widget.exe.vir a variant of Win32/AdWare.EoRezo.AU application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_493\gmsd_us_493.exe.vir a variant of Win32/AdWare.EoRezo.AU application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_598\gamesdesktop_widget.exe.vir a variant of Win32/AdWare.EoRezo.AU application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_598\gmsd_us_598.exe.vir a variant of Win32/AdWare.EoRezo.AU application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_us_598\predm.exe.vir a variant of Win32/Adware.EoRezo.AZ application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\GUPlayer\GUPlayerUninstaller.exe.vir a variant of Win32/TrojanDropper.Addrop.F trojan
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe.vir a variant of Win32/Adware.Vitruvian.F application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-1-6.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-1-7.exe.vir a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-10.exe.vir a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-4.exe.vir a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Lights Cinema 1.3betaV16.04\3cbeff34-7ffd-46c4-8208-b17f0452902a-5.exe.vir a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Lights Cinema 1.3betaV16.04\UninstallBrw.exe.vir a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Lights Cinema 1.3betaV16.04\utils.exe.vir a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\OLBPre\OLBPre.exe.vir a variant of Win32/MyPCBackup.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptimizerPro.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProGuard.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AD application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProHelper.dll.vir a variant of Win32/OptimizerPro.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProLauncher.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AC application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProMon.dll.vir a variant of Win32/SProtector.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProReminder.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AE application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProSchedule.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProStart.exe.vir Win32/Adware.SpeedingUpMyPC.AG application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\OptProUninstaller.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.84\Uninstall_OptimizerPro.exe.vir a variant of Win32/TrojanDropper.Addrop.F trojan
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Priceless\3xUDSndwRGusAY.exe.vir a variant of Win32/Adware.MultiPlug.JY application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\QuickRef_1.10.0.12\Service\qrsvc.exe.vir a variant of Win32/Adware.Vitruvian.F application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SafeGuard\SafeGuardApp.exe.vir a variant of Win32/Verti.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1431658887092.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\sptool.dll_1432269664156.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\manifest.json.vir JS/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.dll.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro64.dll.vir a variant of Win64/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\SPRemove.exe.vir Win32/SpeedBit.B.gen potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\FireFox\content\overlay.js.vir JS/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\jsdrv.exe.vir a variant of Win32/ShopperPro.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1831\jsdrv.exe.vir a variant of Win32/ShopperPro.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\supporter\Supporter.dll.vir a variant of Win32/SProtector.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\version42BlockAndSurf\192.dll.vir a variant of Win32/Adware.AddLyrics.EB application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\version42BlockAndSurf\192_x64.dll.vir a variant of Win64/Adware.AddLyrics.I application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\version42BlockAndSurf\BlockAndSurf.exe.vir a variant of Win32/Adware.AddLyrics.EG application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\version42BlockAndSurf\J4BlockAndSurfJ52.exe.vir a variant of Win32/Adware.AddLyrics.EE application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\version42BlockAndSurf\Uninstall.exe.vir a variant of Win32/Adware.AddLyrics.EB application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\version42BlockAndSurf\x64\HqS15L26Z.exe.vir a variant of Win64/Adware.AddLyrics.H application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\version42BlockAndSurf\x64\webTinstMKTN84.sys.vir Win64/Adware.AddLyrics.K application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WSE_Taplika\uninstall.exe.vir a variant of Win32/InstallCore.YX potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\youtubeadblocker\G1yxCC87xZQrQG.exe.vir a variant of Win32/Adware.MultiPlug.JY application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelper.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe.vir a variant of Win32/SBWatchman.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\converter.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadAPI.dll.vir a variant of Win32/SpeedBit.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadHelper.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDownloader.exe.vir a variant of Win32/SBWatchman.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDUninstall.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir a variant of MSIL/Adware.PullUpdate.L.gen application
C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\FlashBeat.exe.vir a variant of Win32/Adware.PicColor.X application
C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\Gambali.dll.vir a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\Gambali.exe.vir a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\GambaliCrt.dll.vir a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\NSISHelper.dll.vir a variant of Win32/Adware.CouponMarvel.E application
C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\RfndNSIS.dll.vir a variant of Win32/Adware.CouponMarvel.D application
C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\RgsBTMedia.exe.vir a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\FlashBeat\SoftConfigTest.exe.vir a variant of Win32/Adware.CouponMarvel.D application
C:\AdwCleaner\Quarantine\C\ProgramData\LolliScan\LolliScan.exe.vir a variant of Win64/Adware.CouponMarvel.A application
C:\AdwCleaner\Quarantine\C\ProgramData\LolliScan\LolliScan32.dll.vir a variant of Win32/Adware.CouponMarvel.D application
C:\AdwCleaner\Quarantine\C\ProgramData\LolliScan\NSISHelper.dll.vir a variant of Win32/Adware.CouponMarvel.D application
C:\AdwCleaner\Quarantine\C\ProgramData\LolliScan\RfndNSIS.dll.vir a variant of Win32/Adware.CouponMarvel.D application
C:\AdwCleaner\Quarantine\C\ProgramData\LolliScan\SoftConfigTest.exe.vir a variant of Win32/Adware.CouponMarvel.D application
C:\AdwCleaner\Quarantine\C\ProgramData\NetEngine\bin\D10\netengine.exe.vir a variant of MSIL/Adware.PullUpdate.P application
C:\AdwCleaner\Quarantine\C\ProgramData\NetEngine\bin\D8\netengine.exe.vir a variant of MSIL/Adware.PullUpdate.P application
C:\AdwCleaner\Quarantine\C\ProgramData\radio\prompt.exe.vir a variant of MSIL/Adware.PullUpdate.L.gen application
C:\AdwCleaner\Quarantine\C\ProgramData\ShopperPro\ShopperPro.dll.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\ShopperPro\ShopperPro64.dll.vir a variant of Win64/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\{578b7a49-b228-dc64-578b-b7a49b22e926}\hqghumeaylnlf.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.AA application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\00000000-1429221433-0000-0000-6C626DB6DAC3\inst76EA.tmp.vir a variant of Win32/Adware.ConvertAd.HK application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\00000000-1429221433-0000-0000-6C626DB6DAC3\jnss7479.exe.vir a variant of Win32/Adware.ConvertAd.GT application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\00000000-1429221433-0000-0000-6C626DB6DAC3\rnst76EB.exe.vir Win32/Adware.ConvertAd.HW application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\00000000-1430166802-0000-0000-6C626DB6DAC3\anse107F.exe.vir a variant of Win32/Adware.ConvertAd.KP application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\00000000-1430166802-0000-0000-6C626DB6DAC3\cnsg13DC.tmp.vir Win32/Adware.ConvertAd.KE application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\00000000-1430166802-0000-0000-6C626DB6DAC3\rnsg13DD.exe.vir a variant of Win32/Adware.ConvertAd.KJ application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\00000000-1430166802-0000-0000-6C626DB6DAC3\Uninstall.exe.vir Win32/Adware.ConvertAd.PY application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\00000000-1430166821-0000-0000-6C626DB6DAC3\onsx56C1.tmp.vir a variant of Win32/Adware.ConvertAd.KK application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\00000000-1430166821-0000-0000-6C626DB6DAC3\pnsc56E1.exe.vir Win32/Adware.ConvertAd.NK application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\00000000-1430166821-0000-0000-6C626DB6DAC3\rnsh56B0.exe.vir a variant of Win32/Adware.ConvertAd.KJ application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\00000000-1430166821-0000-0000-6C626DB6DAC3\snsh56AF.tmp.vir Win32/Adware.ConvertAd.KI application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\00000000-1430166821-0000-0000-6C626DB6DAC3\Uninstall.exe.vir Win32/Adware.ConvertAd.PY application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\gmsd_us_493\upgmsd_us_493.exe.vir a variant of Win32/Adware.EoRezo.AJ application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\gmsd_us_598\upgmsd_us_598.exe.vir a variant of Win32/Adware.EoRezo.AJ application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\SmartWeb\SmartWebApp.exe.vir a variant of Win32/PriceGong.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\SmartWeb\SmartWebHelper.exe.vir a variant of Win32/PriceGong.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\SmartWeb\swhk.dll.vir a variant of Win32/PriceGong.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Local\SmartWeb\__u.exe.vir a variant of Win32/PriceGong.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Roaming\Pm0e50znwWBxLJ8cg43lbd.exe.vir a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Roaming\ASPackage\ASPackage.exe.vir a variant of Win32/Adware.ConvertAd.OV.gen application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\973ba634716b4639a1c150b40c@5afc24a09e55466bb60878000.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\veggy@veggyAddon.com\chrome\content\main.js.vir JS/Kryptik.I trojan
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\overlay.js.vir JS/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Max\AppData\Roaming\WSE_Taplika\UpdateProc\bkup.dat.vir VBS/Kryptik.DY trojan
C:\AdwCleaner\Quarantine\C\WINDOWS\apppatch\apppatch64\vcldr64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\WINDOWS\apppatch\nbin\VC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\cherimoya.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\innfd_1_10_0_14.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\netfilter64.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\qrnfd_1_10_0_12.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\webTinstMKTN84.sys.vir Win64/Adware.AddLyrics.K application
C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{c6c40e9a-dba9-495a-bc9d-28d2a9896230}Gw64.sys.vir a variant of Win64/NetFilter.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\WINDOWS\SysWOW64\Gambali.dll.vir a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\WINDOWS\SysWOW64\WebWatcherLSP.dll.vir a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\FRST\Quarantine\C\AI_RecycleBin\{C5F607E6-9A81-4E5E-9AB3-0F9F27C78303}\3\Strongvault\StrongVaultApp.exe.xBAD MSIL/Adware.StrongVault.A application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SBIEBrowserHelperObject.dll a variant of Win32/SBWatchman.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SCHelper.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci32.dll a variant of Win32/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smci64.dll a variant of Win64/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi32.exe a variant of Win32/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smi64.exe a variant of MSIL/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\smu.exe a variant of Win64/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\SMUninstall.exe Win32/SpeedBit.B.gen potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\Goobzo\GBUpdate\Updater.exe a variant of Win32/ShopperPro.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbici32.dll a variant of Win32/SBWatchman.H potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbici64.dll a variant of Win64/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbii32.exe a variant of Win32/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbii64.exe a variant of MSIL/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbiu.exe a variant of Win64/SBWatchman.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\System\SysMenu.dll.xBAD a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Program Files\Common Files\System\SysMenu64.dll.xBAD a variant of Win32/SBWatchman.D potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\CinemaPlus_2.0V16.05\fef6a2a9-8460-491b-90e9-cb89ec8fe404-1-6.exe a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\CinemaPlus_2.0V16.05\fef6a2a9-8460-491b-90e9-cb89ec8fe404-1-7.exe a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\CinemaPlus_2.0V16.05\fef6a2a9-8460-491b-90e9-cb89ec8fe404-10.exe a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\CinemaPlus_2.0V16.05\fef6a2a9-8460-491b-90e9-cb89ec8fe404-4.exe a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\CinemaPlus_2.0V16.05\fef6a2a9-8460-491b-90e9-cb89ec8fe404-5.exe a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\CinemaPlus_2.0V16.05\UninstallBrw.exe a variant of Win32/Toolbar.CrossRider.CO potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\CinemaPlus_2.0V16.05\utils.exe a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Coupoon\iiwjljrnpc64.exe a variant of Win64/Adware.Adpeak.F application
C:\FRST\Quarantine\C\Program Files (x86)\Coupoon\nfapi.dll a variant of Win64/NetFilter.A potentially unsafe application
C:\FRST\Quarantine\C\Program Files (x86)\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-6.exe a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-1-7.exe a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-10.exe a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-4.exe a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Ge-Force\ae7e27e2-d0d7-4feb-8fb0-24133894cfee-5.exe a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Ge-Force\utils.exe a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\gmsd_us_585\gmsd_us_585.exe.xBAD a variant of Win32/AdWare.EoRezo.AU application
C:\FRST\Quarantine\C\Program Files (x86)\gmsd_us_585\gmsd_us_585\gamesdesktop_widget.exe a variant of Win32/AdWare.EoRezo.AU application
C:\FRST\Quarantine\C\Program Files (x86)\gmsd_us_585\gmsd_us_585\gmsd_us_585.exe a variant of Win32/AdWare.EoRezo.AU application
C:\FRST\Quarantine\C\Program Files (x86)\gmsd_us_585\gmsd_us_585\predm.exe a variant of Win32/Adware.EoRezo.AZ application
C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.91\OptimizerPro.exe a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.91\OptProGuard.exe a variant of Win32/Adware.SpeedingUpMyPC.AD application
C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.91\OptProHelper.dll a variant of Win32/OptimizerPro.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.91\OptProLauncher.exe a variant of Win32/Adware.SpeedingUpMyPC.AC application
C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.91\OptProMon.dll a variant of Win32/Adware.MultiPlug.IX application
C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.91\OptProReminder.exe a variant of Win32/Adware.SpeedingUpMyPC.AE application
C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.91\OptProSchedule.exe a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.91\OptProSmartScan.exe a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.91\OptProStart.exe Win32/Adware.SpeedingUpMyPC.AG application
C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.91\OptProUninstaller.exe a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\FRST\Quarantine\C\Program Files (x86)\Optimizer Pro 3.91\Uninstall_OptimizerPro.exe a variant of Win32/TrojanDropper.Addrop.F trojan
C:\FRST\Quarantine\C\Program Files (x86)\ospd_us_1014\ospd_us_1014.exe.xBAD a variant of Win32/AdWare.EoRezo.AU application
C:\FRST\Quarantine\C\Program Files (x86)\ospd_us_1014\ospd_us_1014\onesoftperday_widget.exe a variant of Win32/AdWare.EoRezo.AU application
C:\FRST\Quarantine\C\Program Files (x86)\Papas Pizzeria\Papas Pizzeria.exe a variant of Win32/Adware.MultiPlug.JY application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\PathMaxxbho.dll a variant of Win32/BrowseFox.AE potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\PathMaxxUninstall.exe a variant of Win32/BrowseFox.AY potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\updatePathMaxx.exe a variant of MSIL/BrowseFox.G potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\bin\c6c40e9adba9495abc9d.dll a variant of Win32/BrowseFox.N potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\bin\c6c40e9adba9495abc9d28d2a9896230.dll a variant of Win32/BrowseFox.M potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\bin\c6c40e9adba9495abc9d28d2a989623064.dll a variant of Win64/BrowseFox.CK potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\bin\c6c40e9adba9495abc9d64.dll a variant of Win64/BrowseFox.CI potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\bin\PathMaxx.BrowserAdapter.exe Win32/BrowseFox.AX potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\bin\PathMaxx.BrowserAdapter64.exe Win64/BrowseFox.CP potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\bin\PathMaxx.expext.exe a variant of Win32/BrowseFox.AA potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\bin\PathMaxx.expextdll.dll a variant of Win64/BrowseFox.CJ potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\bin\PathMaxx.PurBrowse64.exe a variant of Win64/BrowseFox.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\bin\utilPathMaxx.exe a variant of MSIL/BrowseFox.G potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\bin\plugins\PathMaxx.BrowserAdapter.dll a variant of MSIL/BrowseFox.L potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\bin\plugins\PathMaxx.CompatibilityChecker.dll a variant of MSIL/BrowseFox.N potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\bin\plugins\PathMaxx.ExpExt.dll a variant of MSIL/BrowseFox.G potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\bin\plugins\PathMaxx.FFUpdate.dll a variant of MSIL/BrowseFox.G potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PathMaxx\bin\plugins\PathMaxx.PurBrowseG.dll a variant of MSIL/BrowseFox.H potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PriceLess\Lzx2S8VM3W3fng.dll a variant of Win32/Adware.MultiPlug.KM application
C:\FRST\Quarantine\C\Program Files (x86)\PriceLess\Lzx2S8VM3W3fng.exe a variant of Win32/Adware.MultiPlug.JY application
C:\FRST\Quarantine\C\Program Files (x86)\PriceLess\Lzx2S8VM3W3fng.x64.dll a variant of Win64/Adware.MultiPlug.H application
C:\FRST\Quarantine\C\Program Files (x86)\RapidMediaConverter\RapidMediaConverterApp.exe a variant of Win32/Verti.K potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\manifest.json JS/ShopperPro.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.dll a variant of Win32/ShopperPro.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.exe a variant of Win32/ShopperPro.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro64.dll a variant of Win64/ShopperPro.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\SPRemove.exe Win32/SpeedBit.B.gen potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\Updater.exe a variant of Win32/ShopperPro.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\FireFox\content\overlay.js JS/ShopperPro.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\jsdrv.exe a variant of Win32/ShopperPro.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1841\jsdrv.exe a variant of Win32/ShopperPro.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Super Optimizer\SuperOptimizer.exe a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\FRST\Quarantine\C\Program Files (x86)\Super Optimizer\SupOptGuard.exe a variant of Win32/Adware.SpeedingUpMyPC.AD application
C:\FRST\Quarantine\C\Program Files (x86)\Super Optimizer\SupOptHelper.dll a variant of Win32/OptimizerPro.B potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Super Optimizer\SupOptLauncher.exe a variant of Win32/Adware.SpeedingUpMyPC.AC application
C:\FRST\Quarantine\C\Program Files (x86)\Super Optimizer\SupOptReminder.exe a variant of Win32/Adware.SpeedingUpMyPC.AE application
C:\FRST\Quarantine\C\Program Files (x86)\Super Optimizer\SupOptSchedule.exe a variant of Win32/Adware.SpeedingUpMyPC.AL application
C:\FRST\Quarantine\C\Program Files (x86)\Super Optimizer\SupOptSmartScan.exe a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\FRST\Quarantine\C\Program Files (x86)\Super Optimizer\SupOptStart.exe a variant of Win32/Adware.SpeedingUpMyPC.AG application
C:\FRST\Quarantine\C\Program Files (x86)\Super Optimizer\SupOptStats.dll a variant of Win32/Adware.MultiPlug.IX application
C:\FRST\Quarantine\C\Program Files (x86)\Supporter\Supporter.dll a variant of Win32/SProtector.Q potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SysFiles\HealthcareGovTool.exe a variant of Win32/Toolbar.Besttoolbars.I potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SysFiles\WebWatcherCert.dll a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SysFiles\WebWatcherLSP.dll a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SysFiles\WebWatcherLSP.exe a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SysFiles\WebWatcherProxy.exe a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelper.exe a variant of Win32/SBWatchman.D potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe a variant of Win32/SBWatchman.D potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\YTDownloader\converter.exe a variant of Win32/SBWatchman.D potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\YTDownloader\DownloadAPI.dll a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\YTDownloader\DownloadHelper.exe a variant of Win32/SBWatchman.D potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\YTDownloader\sbmntr.sys a variant of Win32/SBWatchman.D potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe a variant of Win32/ShopperPro.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\YTDownloader\YTDownloader.exe a variant of Win32/SBWatchman.G potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\YTDownloader\YTDUninstall.exe a variant of Win32/SBWatchman.D potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\Browser\prompt.exe a variant of MSIL/Adware.PullUpdate.L.gen application
C:\FRST\Quarantine\C\ProgramData\c1c05f7061d940b085ed209085e4a787\c1c05f7061d940b085ed209085e4a787.exe a variant of Win32/Adware.PicColor.AB application
C:\FRST\Quarantine\C\ProgramData\DQZCqeZhJD\SwdrFREjyLh.exe.xBAD a variant of MSIL/Adware.PullUpdate.G.gen application
C:\FRST\Quarantine\C\ProgramData\DQZCqeZhJD\DQZCqeZhJD\dat\PKgqIwLNr.dll a variant of MSIL/Adware.PullUpdate.K.gen application
C:\FRST\Quarantine\C\ProgramData\DQZCqeZhJD\DQZCqeZhJD\dat\TgTQTt.exe a variant of MSIL/Adware.PullUpdate.G.gen application
C:\FRST\Quarantine\C\ProgramData\DQZCqeZhJD\DQZCqeZhJD\dat\TzpiDJ.dll a variant of MSIL/Adware.PullUpdate.K.gen application
C:\FRST\Quarantine\C\ProgramData\DQZCqeZhJD\DQZCqeZhJD\dat\XXOTpJO.exe a variant of MSIL/Adware.PullUpdate.G.gen application
C:\FRST\Quarantine\C\ProgramData\e29c40da53af42a3895e10c22c3d76c2\e29c40da53af42a3895e10c22c3d76c2.exe a variant of Win32/Adware.PicColor.AE application
C:\FRST\Quarantine\C\ProgramData\NetEngine\bin\D10\netengine.exe.xBAD a variant of MSIL/Adware.PullUpdate.P application
C:\FRST\Quarantine\C\ProgramData\Radio\prompt.exe.xBAD a variant of MSIL/Adware.PullUpdate.L.gen application
C:\FRST\Quarantine\C\ProgramData\ShopperPro\ShopperPro.dll a variant of Win32/ShopperPro.A potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\ShopperPro\ShopperPro64.dll a variant of Win64/ShopperPro.A potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\{18c1d0f7-b873-4d6b-18c1-1d0f7b8743de}\hqghumeaylnlf.exe a variant of Win32/Adware.SpeedingUpMyPC.AA application
C:\FRST\Quarantine\C\ProgramData\{20563ee8-ab9c-4ef3-2056-63ee8ab9fba2}\hqghumeaylnlf.exe a variant of Win32/Adware.SpeedingUpMyPC.AA application
C:\FRST\Quarantine\C\ProgramData\{327cb5fd-4a9d-c1e5-327c-cb5fd4a9d7f5}\hqghumeaylnlf.exe a variant of Win32/Adware.SpeedingUpMyPC.AA application
C:\FRST\Quarantine\C\ProgramData\{9af26980-7f72-f498-9af2-269807f7a601}\pricelessinstaller.exe a variant of Win32/Adware.MultiPlug.KP application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\00000000-1430166663-0000-0000-6C626DB6DAC3\bnslFE2A.exe a variant of Win32/Adware.ConvertAd.KG application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\30034\Updater.exe a variant of Win32/Amonetize.EP potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\avabvyxvdy\avabvyxvdy.exe a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\avabvyxvdy\pbqrmvbub a variant of Win32/ClientConnect.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\gmsd_us_585\upgmsd_us_585.exe a variant of Win32/Adware.EoRezo.AJ application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Installer\Installgeforce_5348\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Installer\Installgeforce_8865\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Installer\Installshopperpro_5348\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Installer\Installshopperpro_8865\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Installer\Install_12280\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Installer\Install_13204\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Installer\Install_18077\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Installer\Install_18256\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Installer\Install_19783\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Installer\Install_21149\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Installer\Install_24936\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Installer\Install_27195\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Installer\Install_29589\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Installer\Install_29735\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Installer\Install_30843\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Installer\Install_8310\DCytdkietut_tutdk_setup.exe a variant of Win32/SpeedBit.F potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\CJEXS4BH\OfferInstaller[1].exe a variant of MSIL/Adware.Imali.A application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\CJEXS4BH\VOsrv[1].exe a variant of Win32/Adware.ConvertAd.OT application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\CJEXS4BH\VuuPC_VO2_8907[1].exe a variant of Win32/InstallMonetizer.BC potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\F9AFFZ6K\imali_bundle[1].exe a variant of Win32/Adware.Imali.A application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\F9AFFZ6K\infonaut-setup-1.10.0.14[1].exe multiple threats
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\F9AFFZ6K\mediaplayer[1].exe a variant of Win32/DownloadAssistant.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\F9AFFZ6K\Setup[1].exe a variant of Win32/InstallCore.PK potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\F9AFFZ6K\SmartWebInstaller[1].exe a variant of Win32/PriceGong.C potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\K4O0T7E9\Setup[2].exe multiple threats
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\OMP2X8E9\setup[1].exe a variant of Win32/Toolbar.CrossRider.CN potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\OMP2X8E9\setup[2].exe a variant of Win32/Packed.ScrambleWrapper.O potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\OMP2X8E9\setup_gmsd_us[1].exe multiple threats
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\3389952AAE22DA2ED67443DF8D4C99E6AFA71E4B.xBAD JS/Kryptik.I trojan
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\C25179E407B636BD1E8670AA50916F244E050F71.xBAD JS/Kryptik.I trojan
C:\FRST\Quarantine\C\Users\Max\AppData\Local\ospd_us_1014\upospd_us_1014.exe.xBAD a variant of Win32/Adware.EoRezo.AJ application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\ospd_us_1014\Download\majmp_gentleeeuu.exe.xBAD multiple threats
C:\FRST\Quarantine\C\Users\Max\AppData\Local\SmartWeb\SmartWebApp.exe a variant of Win32/PriceGong.C potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\SmartWeb\SmartWebHelper.exe a variant of Win32/PriceGong.C potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\SmartWeb\swhk.dll a variant of Win32/PriceGong.C potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\SmartWeb\__u.exe a variant of Win32/PriceGong.C potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Temp\bes7A25.exe.xBAD a variant of MSIL/Adware.Imali.A application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Temp\ICReinstall_nss6A1F.tmp.xBAD a variant of Win32/InstallCore.PK potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Temp\nsi3E52.tmp.xBAD Win32/BrowseFox.AV potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Temp\nsp160B.exe.xBAD a variant of Win32/ClientConnect.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Temp\nss6A1F.tmp.xBAD a variant of Win32/InstallCore.PK potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Temp\nss7D93.tmp.xBAD a variant of Win32/InstallMonetizer.BC potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_70.exe Win32/BrowseFox.AV potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Temp\is-RJEP8.tmp\gentlemjmp_ieeuu.exe.xBAD multiple threats
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Temp\is45637729\1308283_stp\icc.dll.xBAD a variant of Win32/InstallCore.YX potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Temp\nskAA97.tmp\HTMLTester2.exe Win32/InstallMonetizer.BB potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Local\Temp\nskAA97.tmp\nsPage_LoadOffer.dll a variant of Win32/InstallMonetizer.BC potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\LKVYT.exe.xBAD a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\P5FrFNBceXRT1W20d5av.exe.xBAD a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\PcMb9sgy4Hax8V4w.exe.xBAD a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\XBNK.exe.xBAD a variant of Win32/Toolbar.CrossRider.CH potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\jnsiF0DB.tmp.xBAD Win32/Adware.ConvertAd.GJ application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\nsaB737.tmpfs.xBAD Win32/Adware.ConvertAd.GU application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\00000000-1429243423-0000-0000-6C626DB6DAC3\rnseE713.exe Win32/Adware.ConvertAd.HW application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\00000000-1429243423-0000-0000-6C626DB6DAC3\00000000-1429243423-0000-0000-6C626DB6DAC3\vnss962E.tmp a variant of Win32/Adware.ConvertAd.KZ.gen application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\jnsp89F0.tmp.xBAD a variant of Win32/Adware.ConvertAd.KF application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\nsr4204.tmpfs.xBAD a variant of Win32/Adware.ConvertAd.KD application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\00000000-1430191811-0000-0000-6C626DB6DAC3\rnsj6D0E.exe a variant of Win32/Adware.ConvertAd.KJ application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\00000000-1430191811-0000-0000-6C626DB6DAC3\00000000-1430191811-0000-0000-6C626DB6DAC3\vnsh1D9F.tmp a variant of Win32/Adware.ConvertAd.KZ.gen application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\00000000-1430191812-0000-0000-6C626DB6DAC3\vnsd1F57.tmp a variant of Win32/Adware.ConvertAd.KZ.gen application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\TTSD90021300@PYDKGV101145942.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\veggy@veggyAddon.com\chrome\content\main.js JS/Kryptik.I trojan
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\overlay.js JS/ShopperPro.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF10.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF11.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF12.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF13.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF14.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF15.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF16.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF17.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF18.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF19.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF2.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF20.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF21.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF22.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF23.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF24.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF25.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF26.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF27.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF28.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF4.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF5.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF6.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF7.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF8.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\Extensions\{DF617E43-5240-3D21-C902-79D00DCEE789}\components\DatamngrHlpFF9.dll a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Users\Max\Downloads\iain.banks.the.wasp.factory_10924_i53165781_il345.exe.xBAD a variant of Win32/Amonetize.DW potentially unwanted application
C:\FRST\Quarantine\C\Windows\lah.exe.xBAD a variant of Win32/TrojanDownloader.Adcurl.A trojan
C:\FRST\Quarantine\C\Windows\SysFilesController\SysFiles_backup.exe.xBAD a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\FRST\Quarantine\C\Windows\SysHealthController\SysFiles_backup.exe.xBAD a variant of Win32/Packed.Komodia.A potentially unwanted application
C:\FRST\Quarantine\C\Windows\TEMP\1863f8ql.exe.xBAD multiple threats
C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe Win32/Toolbar.Iminent.G potentially unwanted application
C:\Program Files (x86)\Common Files\Umbrella\Umbrella221.exe a variant of Win32/Toolbar.Iminent.J potentially unwanted application
C:\Program Files (x86)\gmsd_us_608\gamesdesktop_widget.exe a variant of Win32/AdWare.EoRezo.AU application
C:\Program Files (x86)\gmsd_us_608\gmsd_us_608.exe a variant of Win32/AdWare.EoRezo.AU application
C:\Program Files (x86)\gmsd_us_608\predm.exe a variant of Win32/Adware.EoRezo.AZ application
C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll a variant of Win32/Toolbar.Iminent.E potentially unwanted application
C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll a variant of Win32/Toolbar.Iminent.E potentially unwanted application
C:\Program Files (x86)\Iminent\inst\Bootstrapper\IminentUninstall.exe a variant of Win32/Toolbar.Iminent.K potentially unwanted application
C:\Users\Max\AppData\Local\00000000-1431767532-0000-0000-6C626DB6DAC3\bnsyDEE9.exe a variant of Win32/Adware.ConvertAd.OU application
C:\Users\Max\AppData\Local\gmsd_us_608\upgmsd_us_608.exe a variant of Win32/Adware.EoRezo.AJ application
C:\Users\Max\AppData\Local\gmsd_us_608\Download\myoffergroup_us6.exe multiple threats
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\F9AFFZ6K\sprz[1].exe Win32/Toolbar.Perion.L potentially unwanted application
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\K4O0T7E9\9521f896-c8cf-4b5f-aeb4-0e60616ff5fb[1].exe a variant of Win32/Toolbar.Iminent.E potentially unwanted application
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\K4O0T7E9\Iminent[1].exe a variant of Win32/Toolbar.Iminent.K potentially unwanted application
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\K4O0T7E9\Setup[1].exe a variant of Win32/InstallCore.PK potentially unwanted application
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\K4O0T7E9\setup_gmsd_us[1].exe a variant of Win32/Adware.EoRezo.AZ application
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\OMP2X8E9\mediaplayer[1].exe a variant of Win32/DownloadAssistant.A potentially unwanted application
C:\Users\Max\AppData\Local\Microsoft\Windows\INetCache\IE\OMP2X8E9\SmartWebInstaller[1].exe a variant of Win32/PriceGong.C potentially unwanted application
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\9BE5209DB4BBBD550FD08C6300BE104EF0A4ACDD JS/Kryptik.I trojan
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\F2A4316C607672AA82926923CEC3971907E0F2A5 JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\Max\AppData\Local\Mozilla\Firefox\Profiles\174u8fal.default\cache2\entries\F2A4F3F4EBABF7E1BC2E01189A26269B9B520122 JS/Kryptik.I trojan
C:\Users\Max\AppData\Local\SmartWeb\SmartWebApp.exe a variant of Win32/PriceGong.C potentially unwanted application
C:\Users\Max\AppData\Local\SmartWeb\SmartWebHelper.exe a variant of Win32/PriceGong.C potentially unwanted application
C:\Users\Max\AppData\Local\SmartWeb\swhk.dll a variant of Win32/PriceGong.C potentially unwanted application
C:\Users\Max\AppData\Local\SmartWeb\__u.exe a variant of Win32/PriceGong.C potentially unwanted application
C:\Users\Max\AppData\Local\Temp\7460.exe a variant of Win32/Toolbar.CrossRider.CN potentially unwanted application
C:\Users\Max\AppData\Local\Temp\9067.exe a variant of Win32/Packed.ScrambleWrapper.O potentially unwanted application
C:\Users\Max\AppData\Local\Temp\ICReinstall_nsx95B2.tmp a variant of Win32/InstallCore.PK potentially unwanted application
C:\Users\Max\AppData\Local\Temp\nsd8879.tmp Win32/BrowseFox.AV potentially unwanted application
C:\Users\Max\AppData\Local\Temp\nsgDF40.tmp a variant of Win32/Toolbar.Iminent.K potentially unwanted application
C:\Users\Max\AppData\Local\Temp\nsx95B2.tmp a variant of Win32/InstallCore.PK potentially unwanted application
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\11.exe a variant of Win32/Adware.EoRezo.AZ application
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\150.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\380.exe a variant of Win32/Adware.EoRezo.AZ application
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\385.exe a variant of Win32/Adware.EoRezo.AZ application
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\392.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\399.exe a variant of Win32/Adware.EoRezo.AZ application
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\420.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\436.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_airwebbar_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_AmNuvision_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_boost_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_bubbledock_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_BubbleSound_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_CubepileShopperz_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_infonaut_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_linkey_pariente_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_navright_imali_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_optimizerpro_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_pcrossbrowser_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_pmediaconverter_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_priceless_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_priceless_p_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_pwebbar_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_SByoutube_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_sb_driverupdater_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_secureprotect_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_StormWatch_Boost_Verti_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_superpct_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-C7SHE.tmp\package_superpc_installer_multilang.exe multiple threats
C:\Users\Max\AppData\Local\Temp\is-V2FKJ.tmp\gentlemjmp_ieeuu.exe multiple threats
C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\hnse94BF.tmp a variant of Win32/Adware.ConvertAd.PA application
C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\jnse7CDF.tmp a variant of Win32/Adware.ConvertAd.OO application
C:\Users\Max\AppData\Roaming\00000000-1431792690-0000-0000-6C626DB6DAC3\nss4EDB.tmp a variant of Win32/Adware.ConvertAd.OT application
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\extensions\AVJYFVOD75109374@HCDE39471360.com\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Windows\apppatch\apppatch64\VCLdr64.dll_1432269666548 a variant of Win32/ClientConnect.A potentially unwanted application
Operating memory multiple threats

As always, thank you very much for your help, I appreciate it.

Max
maximusdowns
Regular Member
 
Posts: 66
Joined: August 4th, 2012, 4:11 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 283 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware