trojan disguised at 360 total security and MBAM has virus

View previous topic View next topic Go down

trojan disguised at 360 total security and MBAM has virus

Post by jcarp27 on Fri 03 Apr 2015, 11:25 am

Hello, I am in trouble. My computer some reason downloaded 360 total security which I read is a trojan disguised as an anti-virus program. I tried removing it from my computer but it is not even in the program list to uninstall in control panel..that's when I knew I was in trouble. This all started when I realized my malwarebytes was infected and I could not remove malwarebytes with the malwarebytes cleaner and do a clean install, etc. Please help.

jcarp27

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2015-04-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by Superdave on Fri 03 Apr 2015, 12:41 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Please download AdwCleaner by Xplode onto your Desktop.

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.



If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.



AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.



AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
Can you run MBAM?

*************************************************
Please download Junkware Removal Tool to your desktop.

Warning! Once the scan is complete JRT will shut down your browser with NO warning.

Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by jcarp27 on Sun 05 Apr 2015, 4:26 am

alright dave I did all three scans. Thanks for the help sofar. Total Security 360 is still onmy computer. I just realized I probably should have turned it off while running scnas . Do I have to do it again?

jcarp27

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2015-04-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by Superdave on Sun 05 Apr 2015, 4:37 am

Somtimes these programs have their own uninstaller. Is it there in Start, All Programs?

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by jcarp27 on Mon 06 Apr 2015, 12:00 am

I used eraser to delete it from start -programs which I probably should not ahve done since it shows up in my taskbar etc

jcarp27

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2015-04-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by Superdave on Mon 06 Apr 2015, 4:39 am

Ok, here's another scan you can run while we're waiting.
Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.
  • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
  • Copy and paste the contents of these two log files in your next reply.


Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by jcarp27 on Sun 12 Apr 2015, 11:51 pm

AdwCleaner v4.200 - Logfile created 03/04/2015 at 20:11:08
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Joey - RECROOM-HP
# Running from : C:\Users\Joey\Downloads\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : APNMCP
[#] Service Deleted : BackupStack
Service Deleted : MobogenieService
[#] Service Deleted : YahooAUService
[#] Service Deleted : vToolbarUpdater18.3.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\Driver Manager
Folder Deleted : C:\ProgramData\Innovative Solutions
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Manager
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobogenie3
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\File Type Assistant
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\Mysearchdial
Folder Deleted : C:\Program Files (x86)\Coupons
Folder Deleted : C:\Program Files (x86)\Driver Manager
Folder Deleted : C:\Program Files (x86)\Mobogenie3
Folder Deleted : C:\Program Files (x86)\Innovative Solutions
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Common Files\Innovative Solutions
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Joey\AppData\Local\Temp\apn
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\Documents\Mobogenie
Folder Deleted : C:\Users\Janet L\mobogenieP2sp
Folder Deleted : C:\Users\Janet L\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Janet L\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Janet L\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Janet L\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Janet L\AppData\Local\Innovative Solutions
Folder Deleted : C:\Users\Janet L\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Janet L\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Janet L\AppData\Roaming\Mobogenie
Folder Deleted : C:\Users\Janet L\AppData\Roaming\RHEng
Folder Deleted : C:\Users\Janet L\Documents\Mobogenie
Folder Deleted : C:\Users\Jared\mobogenieP2sp
Folder Deleted : C:\Users\Jared\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Jared\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Jared\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Jared\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Jared\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Jared\AppData\Roaming\Mobogenie
Folder Deleted : C:\Users\Jared\Documents\Mobogenie
Folder Deleted : C:\Users\Jill\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Jill\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Jill\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Joey\mobogenieP2sp
Folder Deleted : C:\Users\Joey\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Joey\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Joey\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Joey\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Joey\AppData\Local\Mysearchdial
Folder Deleted : C:\Users\Joey\AppData\Local\Innovative Solutions
Folder Deleted : C:\Users\Joey\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Joey\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Joey\AppData\Roaming\Mobogenie
Folder Deleted : C:\Users\Joey\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\Joey\Documents\Mobogenie
Folder Deleted : C:\Users\Mom\AppData\Local\Mobogenie
Folder Deleted : C:\Users\recroom\mobogenieP2sp
Folder Deleted : C:\Users\recroom\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\recroom\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\recroom\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\recroom\AppData\Local\genienext
Folder Deleted : C:\Users\recroom\AppData\Local\Mobogenie
Folder Deleted : C:\Users\recroom\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\recroom\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\recroom\AppData\Roaming\Mobogenie
Folder Deleted : C:\Users\recroom\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\recroom\Documents\Mobogenie
Folder Deleted : C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\ltcrolsi.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Deleted : C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Folder Deleted : C:\Users\recroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Folder Deleted : C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm
Folder Deleted : C:\Users\Janet L\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\recroom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage
File Deleted : C:\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal
File Deleted : C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaaiabcopkplhgaedhbloeejhhankf_0.localstorage
File Deleted : C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaaaiabcopkplhgaedhbloeejhhankf_0.localstorage-journal
File Deleted : C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aaaaaiabcopkplhgaedhbloeejhhankf
File Deleted : C:\Users\Public\Desktop\Mobogenie3.lnk
File Deleted : C:\Users\Janet L\daemonprocess.txt
File Deleted : C:\Users\Janet L\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mobogenie3.lnk
File Deleted : C:\Users\Jared\daemonprocess.txt
File Deleted : C:\Users\Jared\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mobogenie3.lnk
File Deleted : C:\Users\Jill\daemonprocess.txt
File Deleted : C:\Users\Jill\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mobogenie3.lnk
File Deleted : C:\Users\Joey\daemonprocess.txt
File Deleted : C:\Users\Joey\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mobogenie3.lnk
File Deleted : C:\Users\recroom\daemonprocess.txt
File Deleted : C:\Users\recroom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mobogenie3.lnk
File Deleted : C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\ltcrolsi.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\ltcrolsi.default\user.js
File Deleted : C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage
File Deleted : C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.search.ask.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : MySearchDial
Task Deleted : ProgramRefresh-ATFST
Task Deleted : ProgramUpdateCheck
Task Deleted : Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eogikidelleflpkolmiiaeibjbaepila
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\eogikidelleflpkolmiiaeibjbaepila
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\apnwidgets.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\MobogenieAPKFile
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D95027A6-DD31-497C-A8E9-D8363E08A996}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\FileTypeAssistant
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Mobogenie
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\Mobogenie3
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\Mobogenie3
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apnwidgets.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] -

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ltcrolsi.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[ltcrolsi.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
[ltcrolsi.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[ltcrolsi.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
[ltcrolsi.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=file_14_20_ch&cd=2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0FtB0A0DyC0F0C0F0CyDtN0D0Tzu0SzzyCzztN1L2XzutBtFtBtDtFtCtAtFtDtN1L1CzutCyEtDtAt[...]
[ltcrolsi.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
[ltcrolsi.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.aflt", "file_14_20_ch");
[ltcrolsi.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0A0FtB0A0DyC0F0C0F0CyDtN0D0Tzu0SzzyCzztN1L2XzutBtFtBtDtFtCtAtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0BtDyD0AtD0E0AtGtA0A0D0[...]
[ltcrolsi.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cr", "1881932321");
[ltcrolsi.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.instlRef", "140305_b");

-\\ Google Chrome v41.0.2272.101

[C:\Users\Janet L\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [You must be registered and logged in to see this link.]
[C:\Users\Janet L\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [You must be registered and logged in to see this link.]
[C:\Users\Janet L\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aaaaaiabcopkplhgaedhbloeejhhankf
[C:\Users\Janet L\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
[C:\Users\Janet L\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : [You must be registered and logged in to see this link.]
[C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [You must be registered and logged in to see this link.]
[C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [You must be registered and logged in to see this link.]
[C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : aaaaaiabcopkplhgaedhbloeejhhankf
[C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
[C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : [You must be registered and logged in to see this link.]
[C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Startup_URLs] : [You must be registered and logged in to see this link.]
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [You must be registered and logged in to see this link.]
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [You must be registered and logged in to see this link.]
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : iagcajndpnfncplednpbnkahadegklfa
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aaaaaiabcopkplhgaedhbloeejhhankf
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : [You must be registered and logged in to see this link.]
[C:\Users\recroom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [You must be registered and logged in to see this link.]
[C:\Users\recroom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [You must be registered and logged in to see this link.]
[C:\Users\recroom\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aaaaaiabcopkplhgaedhbloeejhhankf
[C:\Users\recroom\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk
[C:\Users\recroom\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : [You must be registered and logged in to see this link.]

*************************

AdwCleaner[R0].txt - [37796 bytes] - [03/04/2015 20:08:28]
AdwCleaner[S0].txt - [36629 bytes] - [03/04/2015 20:11:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [36689 bytes] ##########

jcarp27

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2015-04-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by jcarp27 on Sun 12 Apr 2015, 11:52 pm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Joey on Sat 04/04/2015 at 12:48:24.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2979590561-1123509191-3539902371-1006\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update buzzsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util buzzsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C585D593-E7F3-4852-A200-561686EE02E4}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C585D593-E7F3-4852-A200-561686EE02E4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbea8524-8c72-4208-9d12-7fb73e9926eb}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{fbea8524-8c72-4208-9d12-7fb73e9926eb}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{C585D593-E7F3-4852-A200-561686EE02E4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{fbea8524-8c72-4208-9d12-7fb73e9926eb}



~~~ Files

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\AskPartnerNetwork"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/04/2015 at 12:59:24.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

jcarp27

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2015-04-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by jcarp27 on Sun 12 Apr 2015, 11:54 pm

Results of screen317's Security Check version 0.99.99  
Windows 7 Service Pack 1 x64 (UAC is disabled!)  
Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!  
Norton Internet Security  
360 Total Security        
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Genie Cleaner    
Java 7 Update 67  
Java(TM) 6 Update 31  
Java 8 Update 40  
Adobe Reader XI  
Google Chrome (41.0.2272.101)
Google Chrome (41.0.2272.118)
````````Process Check: objlist.exe by Laurent````````  
Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Symantec Norton Online Backup NOBuAgent.exe  
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

jcarp27

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2015-04-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by jcarp27 on Mon 13 Apr 2015, 12:33 am

Do I still need to run the malwarebytes anti-rootkit?

jcarp27

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2015-04-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by Superdave on Mon 13 Apr 2015, 3:56 am

Do I still need to run the malwarebytes anti-rootkit?
Only if it finds something.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by jcarp27 on Mon 13 Apr 2015, 11:10 am

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
[You must be registered and logged in to see this link.]

Database version:
main: v2015.04.12.03
rootkit: v2015.03.31.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
Joey :: RECROOM-HP [administrator]

4/12/2015 5:26:43 PM
mbar-log-2015-04-12 (17-26-43).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 711465
Time elapsed: 54 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Joey\AppData\Local\Temp\ICReinstall_adobe_flash_setup.exe (Trojan.Downloader) -> Delete on reboot. [7c375b108604dd59a47d20b56998be42]
C:\Users\Joey\Downloads\adobe_flash_setup.exe (Trojan.Downloader) -> Delete on reboot. [ae0581ea4d3dea4cc55c1db810f1e818]
C:\Users\Janet L\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [d2e12a41f793d85e21346d968b7b7987]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

jcarp27

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2015-04-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by jcarp27 on Mon 13 Apr 2015, 11:11 am

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
[You must be registered and logged in to see this link.]

Database version:
 main:    v2014.11.18.05
 rootkit: v2014.11.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
Joey :: RECROOM-HP [administrator]

4/12/2015 6:53:47 PM
mbar-log-2015-04-12 (18-53-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 671993
Time elapsed: 1 hour(s), 5 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

jcarp27

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2015-04-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by jcarp27 on Mon 13 Apr 2015, 11:11 am

hey dave I'll run the ESET scan tomorrow. I ran the malwarebytes anti-rootkit and did fixdamage.

jcarp27

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2015-04-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by Superdave on Mon 13 Apr 2015, 11:36 am

Ok, I'll take a look at the ESET scan when you post it. We're on the homeward stretch.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by jcarp27 on Mon 20 Apr 2015, 3:52 am

C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\ftacfg.exe.vir Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\TSASetup.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\tsassist.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\File Type Assistant\temp\~tmp.exe.vir a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialEng.dll.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialsrv.exe.vir a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\uninstall.exe.vir a variant of Win32/InstallCore.YX potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll.vir a variant of Win32/Toolbar.Escort.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Janet L\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Janet L\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Janet L\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Janet L\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Janet L\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Janet L\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.0_0\background.js.vir Win32/BrowseFox.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Jared\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.0_0\content.js.vir Win32/BrowseFox.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Joey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Joey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Joey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Joey\AppData\Local\Mysearchdial\1.8.29.0\uninstall.exe.vir a variant of Win32/InstallCore.YX potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\recroom\AppData\Local\genienext\nengine.dll.vir Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\recroom\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\recroom\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\recroom\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\recroom\AppData\Roaming\newnext.me\nengine.dll.vir Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\genienext\nengine.dll Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.0_0\background.js Win32/BrowseFox.B potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.0_0\content.js Win32/BrowseFox.B potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\DaemonProcess.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\Mobogenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\nengine.dll Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\UpdateMoboGenie.exe a variant of Win32/Mobogenie.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\BackupSetup.exe MSIL/MyPCBackup.D potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\MySearchDial.exe a variant of Win32/Toolbar.Funmoods.D potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\is16239984\mysearchdial.dll a variant of Win32/Toolbar.Escort.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\is16239984\mysearchdialEng.dll a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\is16239984\mysearchdialsrv.exe a variant of Win32/Toolbar.Montiera.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\is16239984\uninstall.exe a variant of Win32/InstallCore.YX potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\is1914646434\38929609_stp.EXE a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\is1914646434\51466792_stp.EXE a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Local\Temp\is1914646434\38930089_stp\BuzzSearchSetup.exe a variant of Win64/BrowseFox.BA potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\AppData\Roaming\newnext.me\nengine.dll Win32/NextLive.A potentially unwanted application deleted - quarantined
C:\Users\Janet L\Desktop\Mom\Downloads\BitZipperSetup [1].exe a variant of Win32/FileTypeAssistant.A potentially unwanted application deleted - quarantined
C:\Users\Jared\Desktop\WinZip180.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
C:\Users\Joey\AppData\Local\Temp\AdobeUpdateSetup.exe a variant of Win32/InstallCore.OJ potentially unwanted application deleted - quarantined
C:\Users\Joey\AppData\Local\Temp\icc.dll.171284324 a variant of Win32/InstallCore.YX potentially unwanted application deleted - quarantined
C:\Users\Joey\AppData\Local\Temp\icc.dll.171408563 a variant of Win32/InstallCore.YX potentially unwanted application deleted - quarantined
C:\Users\Joey\Downloads\BitZipperSetup.exe a variant of Win32/InstallCore.BY potentially unwanted application deleted - quarantined
C:\Users\Joey\Downloads\VuzeSetup-3855260-zbsb.exe a variant of Win32/InstallCore.OJ potentially unwanted application deleted - quarantined

jcarp27

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2015-04-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by Superdave on Mon 20 Apr 2015, 10:04 am

That looks good. How's your computer working now? Any other issues or questions before we clean up?

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by jcarp27 on Mon 20 Apr 2015, 10:06 am

What do I do about the total 360 security do I just use eraser to get rid of it? It does not show up in control panel under programs

jcarp27

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2015-04-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by Superdave on Mon 20 Apr 2015, 10:47 am

jcarp27 wrote:What do I do about the total 360 security do I just use eraser to get rid of it?  It does not show up in control panel under programs
Yes, if it doesn't show up in Uninstall programs or it doesn't have its own uninstaller, delete it.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by jcarp27 on Thu 30 Apr 2015, 10:31 am

Hi Dave, my computer is running really slow now..can you do anything to help?

jcarp27

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2015-04-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by Superdave on Sat 02 May 2015, 5:04 am

You will have to run all the scans that I suggested on the first page and post the logs.

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by jcarp27 on Sat 04 Jul 2015, 2:50 am

AdwCleaner v4.207 - Logfile created 03/07/2015 at 11:38:51
# Updated 21/06/2015 by Xplode
# Database : 2015-07-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Joey - RECROOM-HP
# Running from : C:\Users\Joey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DYYEJU6\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Avg_Update_0215tb
Folder Deleted : C:\ProgramData\Avg_Update_0814tb
Folder Deleted : C:\ProgramData\Avg_Update_1114tb
Folder Deleted : C:\ProgramData\Avg_Update_1214tb
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\Janet L\AppData\Local\PC_Drivers_Headquarters
Folder Deleted : C:\Users\recroom\AppData\Local\PC_Drivers_Headquarters
File Deleted : C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aaaaaiabcopkplhgaedhbloeejhhankf
File Deleted : C:\prefs.js

***** [ Scheduled tasks ] *****

Task Deleted : 1214tbUpdateInfo

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Avg Secure Update
Key Deleted : HKU\.DEFAULT\Software\AskToolbar
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKU\.DEFAULT\Software\Mobogenie
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1902}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v


-\\ Google Chrome v43.0.2357.130

[C:\Users\Janet L\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [You must be registered and logged in to see this link.]
[C:\Users\Janet L\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [You must be registered and logged in to see this link.]
[C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : [You must be registered and logged in to see this link.]
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [You must be registered and logged in to see this link.]
[C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [You must be registered and logged in to see this link.]
[C:\Users\recroom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [You must be registered and logged in to see this link.]
[C:\Users\recroom\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : [You must be registered and logged in to see this link.]

*************************

AdwCleaner[R0].txt - [37796 bytes] - [03/04/2015 20:08:28]
AdwCleaner[R1].txt - [3394 bytes] - [03/07/2015 11:34:43]
AdwCleaner[S0].txt - [37050 bytes] - [03/04/2015 20:11:08]
AdwCleaner[S1].txt - [3242 bytes] - [03/07/2015 11:38:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3301 bytes] ##########

jcarp27

Newbie Surfer
Newbie Surfer

Posts : 15
Joined : 2015-04-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by Superdave on Sat 11 Jul 2015, 6:23 am

I just want to touch base with you again. What's happening now with your computer?

Superdave
Tech Staff


Tech Staff

Posts : 4192
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: trojan disguised at 360 total security and MBAM has virus

Post by Sponsored content Today at 1:11 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum