Sign in to follow this  
Walzie

Ads by DNS unlocker

Recommended Posts

I cannot get rid of this adware with the free, downloaded Ad-ware antivirus software. I run Windows XP service pack 3 and use Firefox. It does not show up on all websites, but does on most commerece websites. (i.e. The home depot, Pier 1, etc. ). I have attached the FRST scan and attached FRST.txt and addition.text. Please help. Thank you so much.

 

Computer virus neophyte.

Addition.txt

FRST.txt

Share this post


Link to post
Share on other sites

Hi Walzie,

 

Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Turn off all programs, including browsers.
Double-click on AdwCleaner to start the program.

Click on the Scan button.
Wait until the search has finished.

Click on the Log file button.
A report will be displayed, copy its content and paste into your reply, please.
If the report isn't displayed, it's available as C:\AdwCleaner\AdwCleaner[R0].txt.

Share this post


Link to post
Share on other sites

This is the report that came up after cleaning with AdwCleaner

 

# AdwCleaner v5.007 - Logfile created 13/09/2015 at 07:42:52
# Updated 08/09/2015 by Xplode
# Database : 2015-09-08.2 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Owner - DONNA
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner_5.007.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : BackupStack
[-] Service Deleted : CouponPrinterService
[-] Service Deleted : Viewpoint Manager Service

***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\BestDiscountApp
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\17683622089987477708
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\f568d89957f450cc
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\{76032c79-7c60-f6b0-7603-32c797c6b1e5}
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\{eadf99e0-7744-2fde-eadf-f99e07746781}
[-] Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[!] Folder Not Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[-] Folder Deleted : C:\Documents and Settings\Owner\Application Data\Viewpoint
[-] Folder Deleted : C:\Documents and Settings\Owner\Application Data\WSE_Vosteran
[-] Folder Deleted : C:\Documents and Settings\Owner\Application Data\1H1Q1V1N1N1O1R
[-] Folder Deleted : C:\Documents and Settings\Owner\Application Data\download Manager
[-] Folder Deleted : C:\Documents and Settings\Owner\Desktop\Start Menu\Programs\JustCloud
[-] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\SanctionedMedia
[-] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eeomphfmjpccfehfhdfjaobfdbpiccgg
[-] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\henmfoppjjkcencpbjaigfahdjlgpegn
[-] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd
[-] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kkhjakkgopekjlempoplnjclgedabddk
[-] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nbmblkkmdeobfklgefdnoakgkmcekhcg
[-] Folder Deleted : C:\Program Files\JustCloud
[-] Folder Deleted : C:\Program Files\Viewpoint
[-] Folder Deleted : C:\Program Files\savinshop
[-] Folder Deleted : C:\Program Files\WSE_Vosteran
[-] Folder Deleted : C:\Program Files\Coupons
[-] Folder Deleted : C:\Program Files\SeekerGeneration
[-] Folder Deleted : C:\Program Files\DNS Unlocker
[-] Folder Deleted : C:\Program Files\Yahoo!\Companion
[-] Folder Deleted : C:\Program Files\CoolSaleCouPon
[-] Folder Deleted : C:\Program Files\CoolSaleoCoauupon
[-] Folder Deleted : C:\Program Files\CoolSalleCOupoun
[!] Folder Not Deleted : C:\Program Files\Coupons
[-] Folder Deleted : C:\Program Files\deailster
[-] Folder Deleted : C:\Program Files\DEalSaFFindieroPro
[-] Folder Deleted : C:\Program Files\DeALsFFINderPRo
[-] Folder Deleted : C:\Program Files\DealsFinnddErPerrOO
[-] Folder Deleted : C:\Program Files\dealssTer
[-] Folder Deleted : C:\Program Files\DeaolsFiNderProi
[-] Folder Deleted : C:\Program Files\deownloaduitkeep
[-] Folder Deleted : C:\Program Files\diealstEr
[-] Folder Deleted : C:\Program Files\DiscouNtLLocattori
[-] Folder Deleted : C:\Program Files\doownlOaoDItkeeep
[-] Folder Deleted : C:\Program Files\downlloadiitkkeep
[-] Folder Deleted : C:\Program Files\downloadittkeep
[-] Folder Deleted : C:\Program Files\downloiaditkoeep
[-] Folder Deleted : C:\Program Files\eaasytosihopo
[-] Folder Deleted : C:\Program Files\ExtrAeSSHoPper
[-] Folder Deleted : C:\Program Files\FlexiBlEShopper
[-] Folder Deleted : C:\Program Files\FlexibleShopPerr
[-] Folder Deleted : C:\Program Files\FlexIbleShoPPpEr
[-] Folder Deleted : C:\Program Files\FLexiblleShopper
[-] Folder Deleted : C:\Program Files\PoroShouppeer
[-] Folder Deleted : C:\Program Files\PProShopPoer
[-] Folder Deleted : C:\Program Files\PriceDOwnloadder
[-] Folder Deleted : C:\Program Files\ProShoppeR
[-] Folder Deleted : C:\Program Files\rrealldEial
[-] Folder Deleted : C:\Program Files\SavEERAddon
[-] Folder Deleted : C:\Program Files\saveeron
[-] Folder Deleted : C:\Program Files\SaveRAddeOn
[-] Folder Deleted : C:\Program Files\SavEron
[-] Folder Deleted : C:\Program Files\saverono
[-] Folder Deleted : C:\Program Files\SaverPPreo
[-] Folder Deleted : C:\Program Files\SaveRPPro
[!] Folder Not Deleted : C:\Program Files\savinshOp
[-] Folder Deleted : C:\Program Files\shoipnnddrop
[-] Folder Deleted : C:\Program Files\SoftCiooup
[-] Folder Deleted : C:\Program Files\suRfkeeepit
[-] Folder Deleted : C:\Program Files\Surfkeepit
[-] Folder Deleted : C:\Program Files\topebeuyyer
[-] Folder Deleted : C:\Program Files\toppbuyEr
[-] Folder Deleted : C:\Program Files\TpErfectcoupooN
[-] Folder Deleted : C:\Program Files\ttopbuyeaR
[-] Folder Deleted : C:\Program Files\webbsavier
[-] Folder Deleted : C:\Program Files\WoowCoupaon
[-] Folder Deleted : C:\Program Files\Optimizer Pro 3.26

***** [ Files ] *****

[-] File Deleted : C:\Documents and Settings\Owner\Desktop\JustCloud.lnk
[-] File Deleted : C:\Documents and Settings\Owner\Desktop\Sync Folder.lnk
[-] File Deleted : C:\Documents and Settings\Owner\Desktop\Start Menu\Programs\Startup\JustCloud.lnk
[-] File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oilkkkefbalmbfppgjmgjoefbclebkce_0.localstorage
[-] File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeomphfmjpccfehfhdfjaobfdbpiccgg_0.localstorage
[-] File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eeomphfmjpccfehfhdfjaobfdbpiccgg_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_henmfoppjjkcencpbjaigfahdjlgpegn_0.localstorage
[-] File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_henmfoppjjkcencpbjaigfahdjlgpegn_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_idfnpgjblkahngbondojabhffkkdekbd_0.localstorage
[-] File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_idfnpgjblkahngbondojabhffkkdekbd_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kkhjakkgopekjlempoplnjclgedabddk_0.localstorage
[-] File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kkhjakkgopekjlempoplnjclgedabddk_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbmblkkmdeobfklgefdnoakgkmcekhcg_0.localstorage
[-] File Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbmblkkmdeobfklgefdnoakgkmcekhcg_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Superclean

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[-] Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
[-] Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
[-] Key Deleted : HKLM\SOFTWARE\Classes\MPCBContextMenu.ContextMenu
[-] Key Deleted : HKLM\SOFTWARE\Classes\MPCBContextMenu.IconGenerator
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\MPCBContextMenu
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\P0410E36F_97FD_443B_A02E_14A6EE50CDF4_.P0410E36F_97FD_443B_A02E_14A6EE50CDF4_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P0410E36F_97FD_443B_A02E_14A6EE50CDF4_.P0410E36F_97FD_443B_A02E_14A6EE50CDF4_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P057fa181_2850_44a6_9bb7_34dcb931302c_.P057fa181_2850_44a6_9bb7_34dcb931302c_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P057fa181_2850_44a6_9bb7_34dcb931302c_.P057fa181_2850_44a6_9bb7_34dcb931302c_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P1FC41564_828C_49C6_917F_129FD80103D8_.P1FC41564_828C_49C6_917F_129FD80103D8_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P1FC41564_828C_49C6_917F_129FD80103D8_.P1FC41564_828C_49C6_917F_129FD80103D8_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P2718F070_99E3_472F_BEAF_A925641F2C1A_.P2718F070_99E3_472F_BEAF_A925641F2C1A_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P2718F070_99E3_472F_BEAF_A925641F2C1A_.P2718F070_99E3_472F_BEAF_A925641F2C1A_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P35ad79cf_aadc_4b63_97db_b4539592f539_.P35ad79cf_aadc_4b63_97db_b4539592f539_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P35ad79cf_aadc_4b63_97db_b4539592f539_.P35ad79cf_aadc_4b63_97db_b4539592f539_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P563d1c9e_edc4_4211_8ed3_ff3e86513a45_.P563d1c9e_edc4_4211_8ed3_ff3e86513a45_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P563d1c9e_edc4_4211_8ed3_ff3e86513a45_.P563d1c9e_edc4_4211_8ed3_ff3e86513a45_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P572FAE30_BEBD_463F_A177_25B2906CD7DB_.P572FAE30_BEBD_463F_A177_25B2906CD7DB_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P572FAE30_BEBD_463F_A177_25B2906CD7DB_.P572FAE30_BEBD_463F_A177_25B2906CD7DB_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P72a00613_6c63_4523_a1ce_e6fca331cda8_.P72a00613_6c63_4523_a1ce_e6fca331cda8_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P72a00613_6c63_4523_a1ce_e6fca331cda8_.P72a00613_6c63_4523_a1ce_e6fca331cda8_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P8b7c0179_c9ee_42ef_8843_a214a2aca447_.P8b7c0179_c9ee_42ef_8843_a214a2aca447_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P8b7c0179_c9ee_42ef_8843_a214a2aca447_.P8b7c0179_c9ee_42ef_8843_a214a2aca447_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\Pb1b549e4_b671_4661_bca5_d216d8a9c871_.Pb1b549e4_b671_4661_bca5_d216d8a9c871_
[-] Key Deleted : HKLM\SOFTWARE\Classes\Pb1b549e4_b671_4661_bca5_d216d8a9c871_.Pb1b549e4_b671_4661_bca5_d216d8a9c871_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\PBFE546E7_9282_4A6C_829D_E6DB524AA670_.PBFE546E7_9282_4A6C_829D_E6DB524AA670_
[-] Key Deleted : HKLM\SOFTWARE\Classes\PBFE546E7_9282_4A6C_829D_E6DB524AA670_.PBFE546E7_9282_4A6C_829D_E6DB524AA670_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\Pc2893968_f486_4cea_8357_212808a2cd16_.Pc2893968_f486_4cea_8357_212808a2cd16_
[-] Key Deleted : HKLM\SOFTWARE\Classes\Pc2893968_f486_4cea_8357_212808a2cd16_.Pc2893968_f486_4cea_8357_212808a2cd16_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\Pc7aa7e55_ada5_4eee_adeb_478a755dd704_.Pc7aa7e55_ada5_4eee_adeb_478a755dd704_
[-] Key Deleted : HKLM\SOFTWARE\Classes\Pc7aa7e55_ada5_4eee_adeb_478a755dd704_.Pc7aa7e55_ada5_4eee_adeb_478a755dd704_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\Pcb62a86b_92c4_463c_affb_0787f047c228_.Pcb62a86b_92c4_463c_affb_0787f047c228_
[-] Key Deleted : HKLM\SOFTWARE\Classes\Pcb62a86b_92c4_463c_affb_0787f047c228_.Pcb62a86b_92c4_463c_affb_0787f047c228_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCBBD0A95_D514_4D06_9D5D_315B26C7DF90_.PCBBD0A95_D514_4D06_9D5D_315B26C7DF90_
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCBBD0A95_D514_4D06_9D5D_315B26C7DF90_.PCBBD0A95_D514_4D06_9D5D_315B26C7DF90_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCFAAA82E_8169_4B95_A52D_25A768324946_.PCFAAA82E_8169_4B95_A52D_25A768324946_
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCFAAA82E_8169_4B95_A52D_25A768324946_.PCFAAA82E_8169_4B95_A52D_25A768324946_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\PDD75A427_E021_466C_BB4B_2A479E1BD67D_.PDD75A427_E021_466C_BB4B_2A479E1BD67D_
[-] Key Deleted : HKLM\SOFTWARE\Classes\PDD75A427_E021_466C_BB4B_2A479E1BD67D_.PDD75A427_E021_466C_BB4B_2A479E1BD67D_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\Peef57d6e_180f_4a37_a868_22e9079d2bc9_.Peef57d6e_180f_4a37_a868_22e9079d2bc9_
[-] Key Deleted : HKLM\SOFTWARE\Classes\Peef57d6e_180f_4a37_a868_22e9079d2bc9_.Peef57d6e_180f_4a37_a868_22e9079d2bc9_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\Pf426d834_a7bf_4b0d_88ad_51f6e69df14a_.Pf426d834_a7bf_4b0d_88ad_51f6e69df14a_
[-] Key Deleted : HKLM\SOFTWARE\Classes\Pf426d834_a7bf_4b0d_88ad_51f6e69df14a_.Pf426d834_a7bf_4b0d_88ad_51f6e69df14a_.9
[-] Key Deleted : HKLM\SOFTWARE\14d48b9d-9716-dd98-9787-46a59e396de6
[-] Key Deleted : HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3070CF0C-F396-3DCA-87D6-9DBF3D77B610}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4529EB14-6B38-3CC4-9504-6EAB6C9E1255}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BEEA930F-CD8A-341E-B6B5-5BAF659685D5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03955F1-309E-34E9-A021-1399C3532273}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2097A1B6-E86A-4072-A32D-2249A3ECBC5A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0410E36F-97FD-443B-A02E-14A6EE50CDF4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{057fa181-2850-44a6-9bb7-34dcb931302c}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FC41564-828C-49C6-917F-129FD80103D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2718F070-99E3-472F-BEAF-A925641F2C1A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35ad79cf-aadc-4b63-97db-b4539592f539}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{563d1c9e-edc4-4211-8ed3-ff3e86513a45}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{572FAE30-BEBD-463F-A177-25B2906CD7DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{72a00613-6c63-4523-a1ce-e6fca331cda8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8b7c0179-c9ee-42ef-8843-a214a2aca447}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b1b549e4-b671-4661-bca5-d216d8a9c871}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BFE546E7-9282-4A6C-829D-E6DB524AA670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{c2893968-f486-4cea-8357-212808a2cd16}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{c7aa7e55-ada5-4eee-adeb-478a755dd704}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{cb62a86b-92c4-463c-affb-0787f047c228}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CBBD0A95-D514-4D06-9D5D-315B26C7DF90}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFAAA82E-8169-4B95-A52D-25A768324946}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD75A427-E021-466C-BB4B-2A479E1BD67D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{eef57d6e-180f-4a37-a868-22e9079d2bc9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{f426d834-a7bf-4b0d-88ad-51f6e69df14a}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{04A0F1FA-CF83-4ECD-9F68-D94D3F8A7622}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{10F67E56-58A9-4A52-A48A-A28A75FF9FBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BAB45F-0A8A-48B5-8C46-F2A8C7EEFAEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{598DCD74-3F5B-4E16-8749-057F426F232A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5ADB067E-40D9-49AD-BDFC-2DBD725D3842}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5DEBC66A-136E-4F2C-84CC-8A984EBA1195}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{94D4476C-892A-4FF2-AE91-1A5FB2D2F126}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBD6173B-4061-4104-BF2F-C8E81389DB27}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EB559340-3A8F-4456-B24D-160098054EF0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FCE74B5F-13A9-47C3-B69E-5210C1EECBEF}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1FC41564-828C-49C6-917F-129FD80103D8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b1b549e4-b671-4661-bca5-d216d8a9c871}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2893968-f486-4cea-8357-212808a2cd16}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBBD0A95-D514-4D06-9D5D-315B26C7DF90}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0410E36F-97FD-443B-A02E-14A6EE50CDF4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{057fa181-2850-44a6-9bb7-34dcb931302c}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1FC41564-828C-49C6-917F-129FD80103D8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2718F070-99E3-472F-BEAF-A925641F2C1A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{35ad79cf-aadc-4b63-97db-b4539592f539}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{563d1c9e-edc4-4211-8ed3-ff3e86513a45}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{572FAE30-BEBD-463F-A177-25B2906CD7DB}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{72a00613-6c63-4523-a1ce-e6fca331cda8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8b7c0179-c9ee-42ef-8843-a214a2aca447}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b1b549e4-b671-4661-bca5-d216d8a9c871}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BFE546E7-9282-4A6C-829D-E6DB524AA670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c2893968-f486-4cea-8357-212808a2cd16}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c7aa7e55-ada5-4eee-adeb-478a755dd704}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{cb62a86b-92c4-463c-affb-0787f047c228}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBD0A95-D514-4D06-9D5D-315B26C7DF90}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CFAAA82E-8169-4B95-A52D-25A768324946}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DD75A427-E021-466C-BB4B-2A479E1BD67D}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{eef57d6e-180f-4a37-a868-22e9079d2bc9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f426d834-a7bf-4b0d-88ad-51f6e69df14a}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{0410E36F-97FD-443B-A02E-14A6EE50CDF4}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{057fa181-2850-44a6-9bb7-34dcb931302c}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1FC41564-828C-49C6-917F-129FD80103D8}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{2718F070-99E3-472F-BEAF-A925641F2C1A}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{563d1c9e-edc4-4211-8ed3-ff3e86513a45}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{572FAE30-BEBD-463F-A177-25B2906CD7DB}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{72a00613-6c63-4523-a1ce-e6fca331cda8}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{b1b549e4-b671-4661-bca5-d216d8a9c871}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{BFE546E7-9282-4A6C-829D-E6DB524AA670}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{c2893968-f486-4cea-8357-212808a2cd16}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{CBBD0A95-D514-4D06-9D5D-315B26C7DF90}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{CFAAA82E-8169-4B95-A52D-25A768324946}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{DD75A427-E021-466C-BB4B-2A479E1BD67D}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{eef57d6e-180f-4a37-a868-22e9079d2bc9}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
[-] Key Deleted : HKU\.DEFAULT\Software\Viewpoint
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKCU\Software\Headlight
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\Optimizer Pro
[-] Key Deleted : HKCU\Software\SanctionedMedia
[-] Key Deleted : HKCU\Software\Viewpoint
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\WSE_Vosteran
[-] Key Deleted : HKCU\Software\Super Optimizer
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
[-] Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key Deleted : HKLM\SOFTWARE\InstallCore
[-] Key Deleted : HKLM\SOFTWARE\MetaStream
[-] Key Deleted : HKLM\SOFTWARE\Viewpoint
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\File Opener Packages
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2D471A31-4FA7-95BA-1880-D441113ED736}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{779D1843-0043-65D2-D781-8614F17B6222}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Vosteran
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.3
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\JustCloud
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.3
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\File Opener Packages
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1B8A71D1-31D4-EE6A-C32F-836E0BFFA6D3}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Manager
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE_Vosteran
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7540FDBD-7FDC-30AE-3778-815CB87DBE46}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1C52B8B6-FFA2-12F6-0A5A-E8301F96A568}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.1.3
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AE9B04F2-E9E8-162C-829B-52C116B3EFCC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{10A0E600-D246-BD63-F465-4C849C688998}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CA8C94BE-9F47-1B2E-90F8-D8C07119BD96}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{FE139F4C-CE5B-121A-8A2D-191FA2226094}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7E7FAE3D-3358-D280-8DBF-E8E2D94326D1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{594FD08C-0622-F9B8-CB02-7C1355D33CB8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\JustCloud
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.1.3
[!] Key Not Deleted : HKU\S-1-5-21-2529006832-1256799619-874574627-1003\Software\AppDataLow\Software\adawarebp
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-2529006832-1256799619-874574627-1003\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
[-] Data Restored : HKU\S-1-5-21-2529006832-1256799619-874574627-1003\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****

[-] [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : aol.com
[-] [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : ask.com
[-] [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : vosteran.com
[-] [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://Vosteran.com/?f=7&a=vst_ggfc_15_02_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtD0D0CyCtD0B0DyB0CyE0FtDyBtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0EzztDtD0F0FzytGyCzytBtBtGtDtC0BtBtGtAzytA0BtGtD0Azz0BtAyC0EtDyBtDtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCzyyD0AyC0A0FtGtB0EtByEtGyEyCyCyEtG0BtC0EyBtGtD0A0EtAyB0Fzz0FzytDyCyE2Q&cr=70912124&ir=
[-] [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_02_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtD0D0CyCtD0B0DyB0CyE0FtDyBtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0EzztDtD0F0FzytGyCzytBtBtGtDtC0BtBtGtAzytA0BtGtD0Azz0BtAyC0EtDyBtDtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCzyyD0AyC0A0FtGtB0EtByEtGyEyCyCyEtG0BtC0EyBtGtD0A0EtAyB0Fzz0FzytDyCyE2Q&cr=70912124&ir=
[-] [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : eeomphfmjpccfehfhdfjaobfdbpiccgg
[-] [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : henmfoppjjkcencpbjaigfahdjlgpegn
[-] [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : idfnpgjblkahngbondojabhffkkdekbd
[-] [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : kkhjakkgopekjlempoplnjclgedabddk
[-] [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : nbmblkkmdeobfklgefdnoakgkmcekhcg
[-] [C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://Vosteran.com/?f=1&a=vst_ggfc_15_02_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtD0D0CyCtD0B0DyB0CyE0FtDyBtN0D0Tzu0StCtCtDyEtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyD0EzztDtD0F0FzytGyCzytBtBtGtDtC0BtBtGtAzytA0BtGtD0Azz0BtAyC0EtDyBtDtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytCzyyD0AyC0A0FtGtB0EtByEtGyEyCyCyEtG0BtC0EyBtGtD0A0EtAyB0Fzz0FzytDyCyE2Q&cr=70912124&ir=

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [33563 bytes] ##########

Share this post


Link to post
Share on other sites

A lot of adware was removed by AdwCleaner. Let us see the current status of the computer:

Please, start FRST and select Addition.txt.

Scan with FRST and attach the two new log files.

Share this post


Link to post
Share on other sites

1.

AV: Ad-Aware Antivirus (Disabled - Out of date) {22CB8761-914A-11CF-B705-00AA0062CBB7}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Ad-Aware Firewall (Disabled) {9211320F-6C40-4035-BBDE-3C96ED504F33}

Please, uninstall Microsoft Security Essentials and enable Ad-Aware for better protection.

2. When using an operating system with many vulnerabilities, it's very important to not add more vulnerabilities by running old versions of programs. Vulnerabilities in operating system and programs can often be exploited by a web page to infect the computer. Use Secunias Software Inspector to check which old versions with vulnerabilities that you have.
http://www.bleepingcomputer.com/tutorials/detect-vulnerable-programs-with-secunia-psi/describes how to install and use the program.

3.Have you or an adware configured policy restrictions on Internet Explorer and Google Chrome?

4. CHR dev: Chrome dev build detected! <======= ATTENTION
Chrome is configured to receive versions meant to be used by developers. Such versions have lower security than the normal released versions. The only way to get back the normal versions is:
Uninstall Chrome, restart the computer and delete the folder C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome before installing Chrome again.


5. Please, save RougueKiller on the Desktop. http://www.adlice.com/softwares/roguekiller/
Click on one of the first three button labeled "Portable 32 bits".
For 64 bits Windows: Click on one of the first three button labeled "Portable 64 bits".

Turn off all running programs and remove any external drives and other devices connected with USB etc. except mouse and keyboard.

Start RougueKiller (in Vista and Windows 7 right-click the program and select "Run as administrator"). If it won't start, try several times. If you still are unsuccessful, rename the file to winlogon.exe.

Wait until "Prescan" has finished.
Click on "Scan" button in upper right corner.
Wait until the scan has finished.
Click on "Report" button.
A report will be created.
Please, post it in your reply.


6. Do you recognize these programs?
Can all these folders be deleted?
2015-08-28 04:50 - 2015-07-05 09:04 - 00000000 ____D C:\Program Files\Arrogant Money
2015-08-28 04:45 - 2015-07-28 17:31 - 00000000 ____D C:\Program Files\Dream Afar New Tab
2015-08-28 04:45 - 2015-02-24 08:58 - 00000000 ____D C:\Program Files\Effective Measure Community Plugin
2015-08-28 04:43 - 2015-07-10 06:51 - 00000000 ____D C:\Program Files\Lightning Speed DialExt
2015-08-28 04:43 - 2015-05-21 08:49 - 00000000 ____D C:\Program Files\Meeting Scheduler for Google Calendar
2015-08-28 04:43 - 2015-04-06 08:20 - 00000000 ____D C:\Program Files\gemoji chrome
2015-08-28 04:42 - 2015-06-24 07:04 - 00000000 ____D C:\Program Files\Muzli Design Breakfast
2015-08-28 04:41 - 2015-07-27 08:35 - 00000000 ____D C:\Program Files\PageRank
2015-08-28 04:41 - 2015-07-13 07:59 - 00000000 ____D C:\Program Files\Print
2015-08-28 04:40 - 2015-07-28 17:28 - 00000000 ____D C:\Program Files\sAveeReboox
2015-08-28 04:40 - 2015-06-04 09:58 - 00000000 ____D C:\Program Files\Remote Desktop auto discovery
2015-08-28 04:40 - 2015-02-03 12:23 - 00000000 ____D C:\Program Files\ReactorExtender
2015-08-28 04:38 - 2015-07-28 17:29 - 00000000 ____D C:\Program Files\savereboxx
2015-08-28 04:37 - 2015-07-28 17:31 - 00000000 ____D C:\Program Files\saverebox
2015-08-28 04:35 - 2015-07-31 16:41 - 00000000 ____D C:\Program Files\Super Auto Refresh
2015-08-28 04:34 - 2015-03-16 08:50 - 00000000 ____D C:\Program Files\Zoominto
2015-08-28 04:34 - 2015-02-25 08:49 - 00000000 ____D C:\Program Files\uWhisp
2015-08-28 04:34 - 2015-02-03 12:46 - 00000000 ____D C:\Program Files\Windows 8 App Store
2015-08-27 09:30 - 2015-08-12 08:08 - 00000000 ____D C:\Program Files\ Drive Quick Create


7. Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
IE trusted site: HKU\S-1-5-21-2529006832-1256799619-874574627-1003\...\internet -> internet
IE trusted site: HKU\S-1-5-21-2529006832-1256799619-874574627-1003\...\mcafee.com -> hxxp://mcafee.com
IE trusted site: HKU\S-1-5-21-2529006832-1256799619-874574627-1003\...\mcafee.com -> hxxps://mcafee.com
HKLM\...\Run: [] => [X]
HKLM\...\runonceex: [] => [X]
HKU\S-1-5-21-2529006832-1256799619-874574627-1003\...\MountPoints2: {5d4899d2-8b3c-11de-8e98-0010dc60bd7c} - G:\setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Tcpip\..\Interfaces\{A1C6EDAE-7517-46BA-B1EC-237A17C774ED}: [NameServer] 199.203.131.145,82.163.143.167
earchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2529006832-1256799619-874574627-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2529006832-1256799619-874574627-1003 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
Toolbar: HKU\S-1-5-21-2529006832-1256799619-874574627-1003 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} 
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-10-01] (Coupons, Inc.)
CHR Extension: ( Drive Quick Create) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckcbfnpodigdcbjjmhmolhkhlfbepnca [2015-08-12]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
S2 WMSLService; C:\WINDOWS\inf\svchost.exe [X]
S4 hpt3xx; no ImagePath
S0 szkg; system32\DRIVERS\szkg.sys [X]
2015-08-27 18:31 - 2015-08-28 04:34 - 00000000 ____D C:\Program Files\SystemSafeguard
2015-08-27 09:31 - 2015-08-28 04:40 - 00000000 ____D C:\Program Files\ProcessMaker
2015-08-27 09:31 - 2015-08-28 04:35 - 00000000 ____D C:\Program Files\SectionDouble
2015-08-27 09:30 - 2015-08-27 09:30 - 00000000 _____ C:\Documents and Settings\Owner\Local Settings\Temp.dat
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[8da6].job => c:\documents and settings\all users\application data\{76032c79-7c60-f6b0-7603-32c797c6b1e5}\hqghumeaylnlf.exe <==== ATTENTION
2015-08-14 16:11 - 2015-09-12 16:11 - 00000416 _____ C:\WINDOWS\Tasks\Bidaily Synchronize Task[8da6].job
Folder: C:\22df0fe2fcf3edef6bfd36
Folder: C:\0566745e070e80274aeb196f691f
Folder: C:\aedb7381137061bb9aae42b9445c33
Folder: C:\Documents and Settings\Owner\My Documents\HpReg_Backup
Folder: C:\Documents and Settings\All Users\Application Data\658662426
Folder: C:\Documents and Settings\Owner\Local Settings\Application Data\647w8y7f5547
File: C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPCustPartic.exe
File: c:\docume~1\owner\applic~1\upload~1\online tray phone.exe
CMD: ipconfig /flushdns
Reboot:

and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished and the computer is restarted.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.

Share this post


Link to post
Share on other sites

Thank you for your reply.

 

Re: 1.

I thought that I had uninstalled Mircrosoft security essentials. I will try again.

 

Re:3.

About the restrictions of Chrome or Explorer, I am not sure. I have tried a lot of things to get rid of this, and I may have put restrictions on it at one point. I only use the Mozilla browser.

 

Re: 6.

I do not recognize any of these programs except Arrogant Money. That was removed by Microsoft Security Essentials about a week ago when this all started.

 

I will impliment the rest of the fixes and get back to you. I have a lot of work to do today, so it will be later this afternoon. So far, these things look promising! I am excited to get this fixed. Thank you agian in advance for your efforts. They are not for nothin'!

: )

Share this post


Link to post
Share on other sites

Re: 6.

Try to delete all the folders I listed.

 

You're welcome :)

Share this post


Link to post
Share on other sites

OK. I was out of the virus killing business for a little while. The power supply died on the PC in question, and I had to wait to get the new one while it was on life support in the kitchen. I finally found time today to impliment your suggestions.

 

1. I did not find a copy of Mircosoft Security essentials to uninstall. I assume that I did that somewhere along the way and it was just showing from an earlier FRST scan.

 

2. I was not able to install the Secunias software. I will try again after we get this under control, and then see about updating older software. Not suer if that will work, but I cannot work around it right now.

 

3. I am unaware if I have configured policy restrictions. Can you help identify if I have?

 

4. I deleted chrome. I don't need it. I downloaded it to see if I would get some more functionality out of a busiess program that I was using, and it did not help.

 

5. Roage killer report is attached.

 

6. I think that I successfully deleted all the listed file folders.

 

7. Attached Fixlog.txt.

 

Thank you again for any help. I am VERY grateful!

 

 

 

 

 

 

 

 

 

rk_C.tmp.txt

 

Fixlog.txt

Share this post


Link to post
Share on other sites

3. Yes, they can be removed by FRST.

 

Please, start FRST, select Addition.txt and scan the computer to let me see the current status of the computer.

 

My pleasure :)

Share this post


Link to post
Share on other sites

Hi Walzie,

I'll tell you when you need to delete something :)


1. AV: Ad-Aware Antivirus (Disabled - Out of date) {22CB8761-914A-11CF-B705-00AA0062CBB7}
Is there a problem with keeping Ad-Aware updated?


2. Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2529006832-1256799619-874574627-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION
CHR HKU\S-1-5-21-2529006832-1256799619-874574627-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-07-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-07-16] (Oracle Corporation)
2015-09-28 07:00 - 2007-08-03 08:28 - 00000270 ____H C:\WINDOWS\Tasks\BF1BF1218340668D.job
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
Task: C:\WINDOWS\Tasks\BF1BF1218340668D.job => c:\docume~1\owner\applic~1\upload~1\online tray phone.exe
c:\docume~1\owner\applic~1\upload~1\online tray phone.exe
2015-08-28 04:50 - 2015-07-05 09:04 - 00000000 ____D C:\Program Files\Arrogant Money
2015-08-28 04:45 - 2015-07-28 17:31 - 00000000 ____D C:\Program Files\Dream Afar New Tab
2015-08-28 04:45 - 2015-02-24 08:58 - 00000000 ____D C:\Program Files\Effective Measure Community Plugin
2015-08-28 04:43 - 2015-07-10 06:51 - 00000000 ____D C:\Program Files\Lightning Speed DialExt
2015-08-28 04:43 - 2015-05-21 08:49 - 00000000 ____D C:\Program Files\Meeting Scheduler for Google Calendar
2015-08-28 04:43 - 2015-04-06 08:20 - 00000000 ____D C:\Program Files\gemoji chrome
2015-08-28 04:42 - 2015-06-24 07:04 - 00000000 ____D C:\Program Files\Muzli Design Breakfast
2015-08-28 04:41 - 2015-07-27 08:35 - 00000000 ____D C:\Program Files\PageRank
2015-08-28 04:41 - 2015-07-13 07:59 - 00000000 ____D C:\Program Files\Print
2015-08-28 04:40 - 2015-07-28 17:28 - 00000000 ____D C:\Program Files\sAveeReboox
2015-08-28 04:40 - 2015-06-04 09:58 - 00000000 ____D C:\Program Files\Remote Desktop auto discovery
2015-08-28 04:40 - 2015-02-03 12:23 - 00000000 ____D C:\Program Files\ReactorExtender
2015-08-28 04:38 - 2015-07-28 17:29 - 00000000 ____D C:\Program Files\savereboxx
2015-08-28 04:37 - 2015-07-28 17:31 - 00000000 ____D C:\Program Files\saverebox
2015-08-28 04:35 - 2015-07-31 16:41 - 00000000 ____D C:\Program Files\Super Auto Refresh
2015-08-28 04:34 - 2015-03-16 08:50 - 00000000 ____D C:\Program Files\Zoominto
2015-08-28 04:34 - 2015-02-25 08:49 - 00000000 ____D C:\Program Files\uWhisp
2015-08-28 04:34 - 2015-02-03 12:46 - 00000000 ____D C:\Program Files\Windows 8 App Store
2015-08-27 09:30 - 2015-08-12 08:08 - 00000000 ____D C:\Program Files\ Drive Quick Create
C:\Documents and Settings\All Users\Application Data\658662426 
C:\Documents and Settings\Owner\Local Settings\Application Data\647w8y7f5547
DeleteJunctionsInDirectory: C:\WINDOWS\$NtUninstallKB10320$
Reboot:

and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished and computer has rebooted.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.

Share this post


Link to post
Share on other sites

Good!

 

1. Please, start Notepad.
Copy all text that is in the box:

CreateRestorePoint:
C:\WINDOWS\$NtUninstallKB10320$
Reboot:
and paste in Notepad. Check that no files have been split on two lines.
Save the file as fixlist.txt on the desktop.

Exit all programs.
Start FRST, please.
Click the Fix button.
Wait until the tool has finished and the computer is restarted.

It creates a log file, called Fixlog.txt, on the desktop.
Please, paste the content of that file in your reply.

 

 

2. Scan with AdwCleaner and if it finds something, please paste the log.

 

 

3. Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Deselect Remove found threats.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

 

 

4. Do you still have Ads by DNS unlocker or any other problem?

Share this post


Link to post
Share on other sites

1. Please, let AdwCleaner remove what it has found.

 

 

2. Please, scan with FRST and attach the two new logs.

Share this post


Link to post
Share on other sites

If Addition.txt isn't selected, please select it, and don't change anything else.

Share this post


Link to post
Share on other sites

Just Cloud is something that I used once as it was a free "locker" for some files that I was sharing. I don't think that there is anything in there now. I will research and let you know if I "need" it.

 

I don't seem to have an updated version of Internet Explorer. I never used it anyway because it was so slow. Microsoft will not let me update it since my op. system is outdated, and they no longer support XP. Now that I deleted Chrome per your suggestion, I can no longer access it. Not sure if this is a problem, but the Sales Force folks want me to use Google Chrome. Any suggestions?

Addition.txt

FRST.txt

Share this post


Link to post
Share on other sites

1. Why isn't Ad-Aware updated and running?

It's very important to have an updated antivirus program and a firewall running, specially in an XP computer.

 

 

2. Do you have Ads by DNS Unlocker in Firefox?

 

 

3. Secunia PSI is installed.

 

 

4. The following script will empty the recycle bins and the folders for temporary files, please check if you want to keep any files stored in those locations.

Please, start Notepad.

Copy all text that is in the box:

CreateRestorePoint:
CloseProcesses:
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
CMD: ipconfig /flushdns
EmptyTemp:
and paste in Notepad. Check that no files have been split on two lines.

Save the file as fixlist.txt on the desktop.

 

Exit all programs.

Start FRST, please.

Click the Fix button.

Wait until the tool has finished.

 

It creates a log file, called Fixlog.txt, on the desktop.

Please, paste the content of that file in your reply.

 

 

5. Can you install Chrome?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this