¤¤¤¤¤¤¤¤¤¤ | Shortcut_Module | g3n-h@ckm@n | 06.05.2014.2 ¤¤¤¤¤ Vista | 7 | 8 | 8.1 - 32/64 bits ¤¤¤¤¤ - Start 23:22:14 - 06/05/2014 update on : 06/05/2014 | 13.30 by g3n-h@ckm@n Contact : http://www.sosvirus.net Boot : Normal System : Windows 7 Ultimate (32 bits) Ultimate RAM memory = Total (MB) : 3011 | Free (MB) : 1824 Pagefile = Total (MB) : 6019 | Free (MB) : 4663 Virtual = Total (MB) : 2097 | Free (MB) : 1920 Registry saved, to restore : C:\Shortcut_Module\Save\Clean\ERDNT.exe ¤¤¤¤¤¤¤¤¤¤ | Windows Updates No windows updates detected !!! ~ Service Pack 1 not installed !!! ¤¤¤¤¤¤¤¤¤¤ | Browsers IE : 8.0.7600.16385 (?© Microsoft Corporation. All rights reserved.?) FF : 28.0.0.5186 (©Firefox and Mozilla Developers; available under the MPL 2 license.) ¤¤¤¤¤¤¤¤¤¤ | Security AV : avast! Internet Security Enabled AS : Windows Defender Enabled FW : avast! Internet Security Enabled WMI : OK WU: Windows Update Service [Auto(2)] = Started AS: Windows Defender [Auto(2)] = Started FW: Windows FireWall Service [Auto(2)] = Started ¤¤¤¤¤¤¤¤¤¤ | FlashPlayer FlashPlayer ActiveX : 12.0.0.70 FlashPlayer Plugin : 12.0.0.43 ¤¤¤¤¤¤¤¤¤¤ | Killed processes 1604 | [Owner : SYSTEM |Parent : 532] - (.Taiwan Shui Mu Chih Ching Technology Limited. - update service.) - (1.4.8.7624) = C:\Program Files\WinZipper\winzipersvc.exe 1728 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7600.16385) = C:\Windows\System32\spoolsv.exe 1828 | [Owner : SYSTEM |Parent : 532] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.701.3.3014) = C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 1936 | [Owner : SYSTEM |Parent : 532] - (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) - (4.50.897.500) = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe 2304 | [Owner : ÃäíÓ |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7600.16385) = C:\Windows\System32\taskhost.exe 2508 | [Owner : ÃäíÓ |Parent : 2460] - (.Microsoft Corporation - ãÓÊßÔÝ Windows.) - (6.1.7600.16385) = C:\Windows\explorer.exe 3200 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7600.16385) = C:\Windows\System32\SearchIndexer.exe 3292 | [Owner : NETWORK SERVICE |Parent : 532] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7600.16385) = C:\Program Files\Windows Media Player\wmpnetwk.exe 3932 | [Owner : ÃäíÓ |Parent : 2508] - (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day for every prayer time. It covers more than 6 million cities, towns, and villages all over the world. .) - (4.4.0.0) = C:\Program Files\Athan\Athan.exe 4080 | [Owner : ÃäíÓ |Parent : 2508] - (.Intel Corporation - hkcmd Module.) - (8.15.10.2869) = C:\Windows\System32\hkcmd.exe 2452 | [Owner : ÃäíÓ |Parent : 2508] - (.Intel Corporation - persistence Module.) - (8.15.10.2869) = C:\Windows\System32\igfxpers.exe 3688 | [Owner : ÃäíÓ |Parent : 2508] - (.Islamware, www.islamware.com - .) - (2.0.0.0) = C:\Program Files\Azkary\Azkary.exe 3412 | [Owner : ÃäíÓ |Parent : 2508] - (.Skype Technologies S.A. - Skype. Take a deep breath .) - (3.2.0.145) = C:\Program Files\Skype\Phone\Skype.exe 2896 | [Owner : ÃäíÓ |Parent : 2508] - (.Tonec Inc. - Internet Download Manager (IDM).) - (6.18.9.2) = C:\Program Files\Internet Download Manager\IDMan.exe 2932 | [Owner : ÃäíÓ |Parent : 2508] - (.BitTorrent Inc. - BitTorrent.) - (7.9.1.30889) = C:\Users\ÃäíÓ\AppData\Roaming\BitTorrent\BitTorrent.exe 2832 | [Owner : ÃäíÓ |Parent : 2508] - (.Microsoft Corporation - ýýÇáÃÏæÇÊ ÇáÐßíÉ Úáì ÓØÍ ÇáãßÊÈ áÜ Windows.) - (6.1.7600.16385) = C:\Program Files\Windows Sidebar\sidebar.exe 3624 | [Owner : ÃäíÓ |Parent : 2508] - (. - .) - (0.0.0.0) = C:\Program Files\WebcamMax\wcmmon.exe 2216 | [Owner : ÃäíÓ |Parent : 2896] - (.Tonec Inc. - Internet Download Manager agent for click monitoring in IE-based browsers.) - (6.18.7.1) = C:\Program Files\Internet Download Manager\IEMonitor.exe 1972 | [Owner : ÃäíÓ |Parent : 3412] - (.Skype Technologies - Skype Extras Manager.) - (1.2.0.255) = C:\Program Files\Skype\Plugin Manager\skypePM.exe 4232 | [Owner : ÃäíÓ |Parent : 2508] - (.Microsoft Corporation - Internet Explorer.) - (8.0.7600.16385) = C:\Program Files\Internet Explorer\iexplore.exe 4028 | [Owner : ÃäíÓ |Parent : 4232] - (.Microsoft Corporation - Internet Explorer.) - (8.0.7600.16385) = C:\Program Files\Internet Explorer\iexplore.exe 4428 | [Owner : ÃäíÓ |Parent : 688] - (.Internet Download Manager, Tonec Inc. - Broker for reading of IDM settings.) - (6.18.7.1) = C:\Program Files\Internet Download Manager\idmBroker.exe 5400 | [Owner : ÃäíÓ |Parent : 688] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller 12.0 r0.) - (12.0.0.70) = C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe 5608 | [Owner : ÃäíÓ |Parent : 2896] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) - (8.0.7600.16385) = C:\Program Files\Internet Explorer\ielowutil.exe 5116 | [Owner : ÃäíÓ |Parent : 688] - (.Intel Corporation - igfxsrvc Module.) - (8.15.10.2869) = C:\Windows\System32\igfxsrvc.exe ¤¤¤¤¤¤¤¤¤¤ | Running processes 324 | [Owner : SYSTEM |Parent : 4] - (.Microsoft Corporation - Windows Session Manager.) - (6.1.7600.16385) = C:\Windows\System32\smss.exe 420 | [Owner : SYSTEM |Parent : 404] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe 472 | [Owner : SYSTEM |Parent : 404] - (.Microsoft Corporation - ýýÊØÈíÞ ÈÏÁ ÊÔÛíá Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe 484 | [Owner : SYSTEM |Parent : 464] - (.Microsoft Corporation - Client Server Runtime Process.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe 532 | [Owner : SYSTEM |Parent : 472] - (.Microsoft Corporation - Services and Controller app.) - (6.1.7600.16385) = C:\Windows\System32\services.exe 560 | [Owner : SYSTEM |Parent : 464] - (.Microsoft Corporation - ÊØÈíÞ ÊÓÌíá ÏÎæá Windows.) - (6.1.7600.16385) = C:\Windows\System32\winlogon.exe 572 | [Owner : SYSTEM |Parent : 472] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7600.16385) = C:\Windows\System32\lsass.exe 580 | [Owner : SYSTEM |Parent : 472] - (.Microsoft Corporation - ýýÎÏãÉ ÅÏÇÑÉ ÌáÓÇÊ ÇáÚãá ÇáãÍáíÉ.) - (6.1.7600.16385) = C:\Windows\System32\lsm.exe 688 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 788 | [Owner : NETWORK SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 864 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 916 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 944 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 1032 | [Owner : LOCAL SERVICE |Parent : 864] - (.Microsoft Corporation - Windows Audio Device Graph Isolation .) - (6.1.7600.16385) = C:\Windows\System32\audiodg.exe 1120 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 1236 | [Owner : NETWORK SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 1424 | [Owner : SYSTEM |Parent : 532] - (.AVAST Software - avast! Service.) - (8.0.1482.45) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe 1504 | [Owner : SYSTEM |Parent : 532] - (.AVAST Software - avast! firewall service.) - (8.0.1482.45) = C:\Program Files\AVAST Software\Avast\afwServ.exe 1756 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 1904 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 1228 | [Owner : NETWORK SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 2476 | [Owner : ÃäíÓ |Parent : 916] - (.Microsoft Corporation - Desktop Window Manager.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe 3004 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 3032 | [Owner : ÃäíÓ |Parent : 2508] - (.AVAST Software - avast! Antivirus.) - (8.0.1482.45) = C:\Program Files\AVAST Software\Avast\AvastUI.exe 3888 | [Owner : LOCAL SERVICE |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 4972 | [Owner : SYSTEM |Parent : 532] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe 5584 | [Owner : ÃäíÓ |Parent : 2896] - (. - Shortcut_Module.) - (6.5.2014.2) = C:\Users\ÃäíÓ\Downloads\Programs\Shortcut_Module.exe 1040 | [Owner : ÃäíÓ |Parent : 5584] - (. - Process Stopper.) - (1.0.0.0) = C:\Shortcut_Module\Protect_Module.exe ¤¤¤¤¤¤¤¤¤¤ | RUN 04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" 04 - HKLM\..\Run : [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui 04 - HKLM\..\Run : [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 04 - HKLM\..\Run : [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin 04 - HKLM\..\Run : [Athan] C:\Program Files\Athan\Athan.exe 04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe 04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe 04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe 04 - HKLM\..\Run : [Azkary] C:\Program Files\Azkary\Azkary 04 - HKLM\..\Run : [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe 04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized 04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [Facebook Update] "C:\Users\ÃäíÓ\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver 04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [BackgroundContainer] "C:\Windows\system32\Rundll32.exe" "C:\Users\ÃäíÓ\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun 04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [AdobeBridge] 04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [xdm] C:\Users\ÃäíÓ\AppData\Local\XDM\xdm.exe -m 04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot 04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [BitTorrent] "C:\Users\ÃäíÓ\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED 04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun 04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [WebcamMaxAutoRun] "C:\Program Files\WebcamMax\wcmmon.exe" -a 04 - HKU\S-1-5-21-2052750500-952412447-4240874956-1000\..\Run : [Defrag] "C:\Program Files\baidu\Spark\BaiduDefragFiles.exe" AutoStart 1 ¤¤¤¤¤¤¤¤¤¤ | Services Service in functioning : WINDEFEND Stopped service : WINDEFEND Service in functioning : MMCSS Service in functioning : Dhcp Stopped service : Dhcp Service in functioning : WMPNetworkSvc Stopped service : WMPNetworkSvc Service in functioning : TcpIp Service in functioning : SSDPSRV Service in functioning : MPSSvc Stopped service : MPSSvc Service in functioning : LanmanServer Service in functioning : DNScache Stopped service : DNScache Deleted successfully : HKLM\..\ControlSet001\Services\winzipersvc : 16 Deleted successfully : HKLM\..\ControlSet002\Services\winzipersvc : 16 ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\Windows\System32\Drivers\etc\hosts : Reseted successfully ¤¤¤¤¤¤¤¤¤¤ | Register Deleted successfully : HKLM\Software\Classes\WinZipper.001 Deleted successfully : HKLM\Software\Classes\WinZipper.arj Deleted successfully : HKLM\Software\Classes\WinZipper.bzip2 Deleted successfully : HKLM\Software\Classes\WinZipper.cpio Deleted successfully : HKLM\Software\Classes\WinZipper.dmg Deleted successfully : HKLM\Software\Classes\WinZipper.gz Deleted successfully : HKLM\Software\Classes\WinZipper.hfs Deleted successfully : HKLM\Software\Classes\WinZipper.lha Deleted successfully : HKLM\Software\Classes\WinZipper.lzma Deleted successfully : HKLM\Software\Classes\WinZipper.rpm Deleted successfully : HKLM\Software\Classes\WinZipper.swm Deleted successfully : HKLM\Software\Classes\WinZipper.taz Deleted successfully : HKLM\Software\Classes\WinZipper.tbz2 Deleted successfully : HKLM\Software\Classes\WinZipper.tpz Deleted successfully : HKLM\Software\Classes\WinZipper.vhd Deleted successfully : HKLM\Software\Classes\WinZipper.xar Deleted successfully : HKLM\Software\Classes\WinZipper.z Deleted successfully : HKLM\Software\Classes\WinZipper.7z Deleted successfully : HKLM\Software\Classes\WinZipper.cab Deleted successfully : HKLM\Software\Classes\WinZipper.fat Deleted successfully : HKLM\Software\Classes\WinZipper.lzh Deleted successfully : HKLM\Software\Classes\WinZipper.squashfs Deleted successfully : HKLM\Software\Classes\WinZipper.tbz Deleted successfully : HKLM\Software\Classes\WinZipper.txz Deleted successfully : HKLM\Software\Classes\WinZipper.xz Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\DOMStorage\buenosearch.com Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\buenosearch.com Deleted successfully : HKLM\Software\Classes\CLSID\{1E31C3D5-7372-45E0-B061-CDC14AD97404} : MC Web Search Scope Deleted successfully : HKLM\Software\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} : ISearchQueryHelper Deleted successfully : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\desksvc Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\winzipersvc Deleted successfully : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc Deleted successfully : HKLM\Software\Microsoft\Tracing\amt_qvo6_RASAPI32 Deleted successfully : HKLM\Software\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 Deleted successfully : HKLM\Software\Microsoft\Tracing\DaemonProcess_RASAPI32 Deleted successfully : HKLM\Software\Microsoft\Tracing\deskSvc_RASAPI32 Deleted successfully : HKLM\Software\Microsoft\Tracing\FindRightSetup_RASAPI32 Deleted successfully : HKLM\Software\Microsoft\Tracing\Mobogenie_RASAPI32 Deleted successfully : HKLM\Software\Microsoft\Tracing\MyBuenoTB_RASAPI32 Deleted successfully : HKLM\Software\Microsoft\Tracing\Plus-HD-7_RASAPI32 Deleted successfully : HKLM\Software\Microsoft\Tracing\RegCleaner_RASAPI32 Deleted successfully : HKLM\Software\Microsoft\Tracing\RegCleanPro_RASAPI32 Deleted successfully : HKLM\Software\Microsoft\Tracing\ToolbarHelper_RASAPI32 Deleted successfully : HKLM\Software\Microsoft\Tracing\updateWebfuii_RASAPI32 Deleted successfully : HKLM\Software\Microsoft\Tracing\utilWebfuii_RASAPI32 Deleted successfully : HKLM\Software\Microsoft\Tracing\Webfuii_RASAPI32 Deleted successfully : HKLM\Software\Microsoft\Tracing\Webfuii_Setup_RASAPI32 Deleted successfully : HKLM\Software\Microsoft\Tracing\winzipersvc_RASAPI32 Deleted successfully : HKLM\Software\Microsoft\Tracing\WinZipperdl_RASAPI32 Deleted successfully : HKLM\Software\Microsoft\Tracing\amt_qvo6_RASMANCS Deleted successfully : HKLM\Software\Microsoft\Tracing\avg-secure-search-installer_RASMANCS Deleted successfully : HKLM\Software\Microsoft\Tracing\DaemonProcess_RASMANCS Deleted successfully : HKLM\Software\Microsoft\Tracing\deskSvc_RASMANCS Deleted successfully : HKLM\Software\Microsoft\Tracing\FindRightSetup_RASMANCS Deleted successfully : HKLM\Software\Microsoft\Tracing\Mobogenie_RASMANCS Deleted successfully : HKLM\Software\Microsoft\Tracing\MyBuenoTB_RASMANCS Deleted successfully : HKLM\Software\Microsoft\Tracing\Plus-HD-7_RASMANCS Deleted successfully : HKLM\Software\Microsoft\Tracing\RegCleaner_RASMANCS Deleted successfully : HKLM\Software\Microsoft\Tracing\ToolbarHelper_RASMANCS Deleted successfully : HKLM\Software\Microsoft\Tracing\updateWebfuii_RASMANCS Deleted successfully : HKLM\Software\Microsoft\Tracing\utilWebfuii_RASMANCS Deleted successfully : HKLM\Software\Microsoft\Tracing\Webfuii_RASMANCS Deleted successfully : HKLM\Software\Microsoft\Tracing\winzipersvc_RASMANCS Deleted successfully : HKLM\Software\Google\Chrome\Extensions\acfoobbgoakpihljnfedbcfaipcdlfhk Deleted successfully : HKLM\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp : C:\Users\ÃäíÓ\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp : C:\Users\ÃäíÓ\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx Deleted successfully : HKLM\SOFTWARE\Driver-Soft Deleted successfully : HKLM\SOFTWARE\hdcode Deleted successfully : HKLM\SOFTWARE\SP Global Deleted successfully : HKLM\SOFTWARE\Uniblue Deleted successfully : HKLM\SOFTWARE\winzipersvc Deleted successfully : HKLM\SOFTWARE\SProtector Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Trolltech Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\AppDataLow\Software\BackgroundContainer Deleted successfully : HKU\S-1-5-18\Software\AppDataLow\Software\Plus-HD-7.6 Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} : eBayTB.dll Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{57F02779-3D88-4958-8AD3-83C12D86ADC7} : advancedsearchbar.dll Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{92085AD4-F48A-450D-BD93-B28CC7DF67CE} : eBayTB.dll Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CDEEC43D-3572-4E95-A2A5-F519D29F00C0} : advancedsearchbar.dll Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{850AB670-134E-4069-B46B-61EB2BF99834} : C:\Program Files\Plus-HD-7.6 Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDC57FED-831B-46FA-B0A4-8CC313E464D3} : C:\Program Files\Plus-HD-7.6 Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E277A28D-3221-4F94-B75C-8483C55F7FED} : C:\Program Files\Plus-HD-7.6 Deleted successfully : HKU\S-1-5-21-2052750500-952412447-4240874956-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA352DCA-F1F0-45D5-8640-70F73F843A1E} : C:\Program Files\Plus-HD-7.6 Deleted successfully : HKLM\Software\Classes\Installer\Features\1040110900063D11C8EF10054038389C : AlwaysInstalled Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinZipper Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65B1D117-20D8-44F6-BF95-13493E8A6935} : \Desk 365 RunAsStdUser Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B488A0E1-99A4-4449-B76F-ACE72B94FDD0} : \YourFile DownloaderUpdate Deleted successfully : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C27F2A6E-7EA5-4352-9289-D12F339B53F0} : \BackgroundContainer Startup Task Deleted successfully : [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]|[mobilegeni daemon] : C:\Program Files\Mobogenie\DaemonProcess.exe Deleted successfully : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Windows\CurrentVersion\Run]|[BackgroundContainer] : "C:\Windows\system32\Rundll32.exe" "C:\Users\ÃäíÓ\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun ¤¤¤¤¤¤¤¤¤¤ | IFEO ¤¤¤¤¤¤¤¤¤¤ | Folders Deleted successfully : C:\Windows\System32\Tasks\BackgroundContainer Startup Task Deleted successfully : C:\Program Files\WinZipper Deleted successfully : C:\Program Files\Counter-Strike 1.6\vstdlib.dll (Copyright (C) 2005 Valve Corporation.-.Steam) vstdlib_ s.dll Deleted successfully : C:\Program Files\Counter-Strike 1.6\vstdlib_s.dll (Copyright (C) 2005 Valve Corporation.-.Steam) vstdlib_ s.dll Deleted successfully : C:\Windows\System32\NdfEventView.xml () Deleted successfully : C:\Users\All Users\InstallMate Deleted successfully : C:\Users\All Users\Uniblue Deleted successfully : C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WinZipper Deleted successfully : C:\Users\ÃäíÓ\.android Deleted successfully : C:\Users\ÃäíÓ\daemonprocess.txt (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\AVG SafeGuard toolbar Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Internet Explorer\DOMStore\VABQ23RN\www.qvo6[1].xml (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Internet Explorer\DOMStore\XENEQIKX\www.buenosearch[1].xml (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Webfuii_iels (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UH9XY8K\qvo6_fr_simple_ad1[1].html (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UH9XY8K\qvo6_fr_simple_ad1[2].html (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UH9XY8K\qvo6_simple_fr_newad[1].html (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O6HRRH2G\buenosearch_com[1].htm (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_22f13535aafd4365e21555a6c1c1ca2d9d2f827_cab_105a82a8 Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_3c5fcbdd24b1ce51b492b1193e21285fb3bb5_cab_1d42bcd4 Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_42011dec0396a6f9dd59d7dcb1e27ca2d7f3b4_cab_0bfd52d6 Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_501a97907727a7fe5dcad6a2c8122b71672683ac_cab_14a21c2f Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_5813b76d30427cba495a7e37b92c894f6fced333_cab_165ed1c3 Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_6ee3c9f78d3a1f87db7426badc7afecf2992cf7b_cab_10625826 Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_88ebbfbccacdc725b7a63f8a7f66d8bb1914ef3a_cab_013a3261 Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_a040d3b429e4986c8ff33fcc792d8c3fbda260ca_cab_1036932c Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_b83a8b81ca31577d37d344c335b065f783f76ce8_cab_0e8bf562 Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_bdfe4c47e28f6031c95ab4d18eeaba96935a7ba_0afe73df Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_WinZipper.exe_bdfe4c47e28f6031c95ab4d18eeaba96935a7ba_cab_0f4bb426 Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Microsoft\Windows\WER\ReportQueue\NonCritical_SpyHunter-Instal_49acf3243408ae8b2dcd87d65e010a0217334_cab_1f240d9c Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Opera\Opera\icons\en.softonic.com.idx (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Opera\Opera\icons\need-for-speed-underground.ar.softonic.com.idx (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Opera\Opera\icons\need-for-speed-underground.en.softonic.com.idx (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Opera\Opera\icons\vube.com.idx (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Opera\Opera\icons\www.dzango.tv.idx (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Opera\Opera\icons\www.half-life.deltauk.net.idx (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Spark\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Spark\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Spark\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\MKF3BDQK\fbstatic-a.akamaihd.net Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Spark\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\MKF3BDQK\macromedia.com\support\flashplayer\sys\#fbstatic-a.akamaihd.net Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Temp\jrt\browsermngr_keys.cfg (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Temp\jrt\browsermngr_values.cfg (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Temp\jrt\datamngr_del.reg (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Local\Temp\jrt\FFbrowsermngr.dat (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\SRRKP3Q4\www.buenosearch[1].xml (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\amazon Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\eIntaller Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\WinZipper Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\IDM\DwnlData\ÃäíÓ\driverscanner_13 Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\IDM\DwnlData\ÃäíÓ\fbcdn-video-a_akamaihd_net_459 Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\IDM\DwnlData\ÃäíÓ\UnityWebPlayer_514 Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\IDM\DwnlData\ÃäíÓ\www_torntv-downloader-dl_info_449 Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\IDM\DwnlData\ÃäíÓ\www_torntv-tvv_org_518 Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\IDM\DwnlData\ÃäíÓ\trjsetup690_434\trjsetup690.exe (Copyright © 1999-2014 Simply Super Software .-.Trojan Remover ) Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XH4BMALF\fbstatic-a.akamaihd.net Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#dzango.blob.core.windows.net Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#fbstatic-a.akamaihd.net Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#keek-a.akamaihd.net Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s3.amazonaws.com Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.movshare.net Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Microsoft\Windows\Cookies\Low\ÃäíÓ@buenosearch[2].txt (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Microsoft\Windows\Cookies\Low\ÃäíÓ@ilivid[2].txt (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Microsoft\Windows\Cookies\Low\ÃäíÓ@lp.ilivid[1].txt (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Microsoft\Windows\Cookies\Low\ÃäíÓ@qvo6[2].txt (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Microsoft\Windows\Cookies\Low\ÃäíÓ@search.conduit[1].txt (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Microsoft\Windows\Cookies\Low\ÃäíÓ@www.buenosearch[2].txt (.-.) Deleted successfully : [ÃäíÓ | FF] : addon@geniusinstaller.com = addon@geniusinstaller Deleted successfully : [ÃäíÓ | FF] : asjiaffjh@virqlbv.net = asjiaffjh@virqlbv Deleted successfully : [ÃäíÓ | FF] : eagleget_ffext@eagleget.com = eagleget_ffext@eagleget Deleted successfully : [ÃäíÓ | FF] : {96f454ea-9d38-474f-b504-56193e00c1a5} = Conduit Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\CT3289075\conduit.xml (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\CT3289075\CT3289075.searchProtectorData (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\gm_scripts\Blacked_Out_-_(Rounded_Corners)_NO_ADS!\Blacked_Out_-_(Rounded_Corners)_NO_ADS!.user.js (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\searchplugins\buenosearch.xml (.-.) Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\searchplugins\utorrentcontrolv6-customized-web-search.xml (.-.) Deleted successfully : C:\Users\ÃäíÓ\Documents\Mobogenie Deleted successfully : C:\Users\ÃäíÓ\Documents\SnagIt Deleted successfully : C:\Users\ÃäíÓ\Downloads\com.google.android.apps.translate_quickdownload_304_2.apk (.-.) Deleted successfully : C:\Users\ÃäíÓ\Downloads\Programs\driverscanner.exe (Uniblue Systems Ltd .-.DriverScanner ) Deleted successfully : C:\Users\ÃäíÓ\Downloads\Programs\Mobogenie_Setup_2.2.1_21.exe (.-.) Deleted successfully : C:\Program Files\Mozilla Firefox\browser\searchplugins\amazondotcom.xml (.-.) Deleted successfully : C:\Program Files\Mozilla Firefox\browser\searchplugins\eBay.xml (.-.) Deleted successfully : C:\Program Files\Mozilla Firefox\browser\searchplugins\qvo6.xml (.-.) ¤¤¤¤¤¤¤¤¤¤ | Hijack.Shortcut Disinfected : C:\Users\ÃäíÓ\Desktop\YouTube.lnk : C:\Program Files\baidu\Spark\Spark.exe (hxxp://www.youtube.com --useraction=youtube) ¤¤¤¤¤¤¤¤¤¤ | Proxy Repaired : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\PhishingFilter]|[EnabledV8] : 0 -> 1 Repaired : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hijack.Internet Explorer Repaired : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : Preserve -> http://www.google.com/ Repaired : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/ Repaired : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/ Repaired : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/ Repaired : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/ Repaired : [HKU\S-1-5-21-2052750500-952412447-4240874956-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main\Window Title]|[] : -> Internet Explorer Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : -> http://www.google.com/ Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/ Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[BrowserMngr Start Page] : -> http://www.google.com/ Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[CustomizeSearch] : -> http://www.google.com/ Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Bar] : -> http://www.google.com/ Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Start Page] : -> http://www.google.com/ Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Local Page] : -> C:\Windows\system32\blank.htm Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Search Page] : -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Search_URL] : -> http://go.microsoft.com/fwlink/?LinkId=54896 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[Default_Page_URL] : -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[BrowserMngr Start Page] : -> http://www.google.com/ Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[CustomizeSearch] : -> http://www.google.com/ ¤¤¤¤¤¤¤¤¤¤ | Hijack.Google Chrome [ÃäíÓ] : fckenojfmfijmbkigoajddgondmfhefd = : Safe and secure surfing - Protect your web browser from ads and pop unders while surfing the internet - GeniusXX Safe ads ¤¤¤¤¤¤¤¤¤¤ | Hijack.Firefox [ÃäíÓ] Deleted successfully : C:\Users\ÃäíÓ\AppData\Roaming\Mozilla\Firefox\Profiles\itpaaoqb.default\sessionstore.js [ÃäíÓ] Deleted successfully : user_pref("CT3289075.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=15&CUI=UN30805091177079268&SSPV=&Lay=1&UM=\"}"); [ÃäíÓ] Deleted successfully : user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1399360343); [ÃäíÓ] Deleted successfully : user_pref("browser.syncPromoViewsLeftMap", "{\"passwords\":0,\"bookmarks\":0,\"addons\":0}"); [ÃäíÓ] Deleted successfully : user_pref("extensions.Webfuii.aul", "1394946430530"); [ÃäíÓ] Deleted successfully : user_pref("extensions.Webfuii.is", "kbmadvztdz"); [ÃäíÓ] Deleted successfully : user_pref("extensions.Webfuii.ug", "4BBF96C9-A20D-4E97-8C81-7A305DC331F4"); [ÃäíÓ] Deleted successfully : user_pref("extensions.YoutubeDownloader@PeterOlayev.com.addonVersion", "2.2.9"); [ÃäíÓ] Deleted successfully : user_pref("extensions.addon@geniusinstaller.com.install-event-fired", true); [ÃäíÓ] Deleted successfully : user_pref("extensions.asjiaffjh@virqlbv.net.install-event-fired", true); [ÃäíÓ] Deleted successfully : user_pref("extensions.bootstrappedAddons", "{}"); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.admin", false); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.aflt", "babsst"); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}"); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.autoRvrt", "false"); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.dfltLng", "en"); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.excTlbr", false); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.ffxUnstlRst", true); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.id", "9c00a5f5000000000000062163d7c346"); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.instlDay", "16163"); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.instlRef", "sst"); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.newTab", false); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.prdct", "buenosearch"); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.prtnrId", "buenosearch"); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.rvrt", "false"); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.smplGrp", "none"); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.tlbrId", "base"); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.vrsn", "1.8.28.7"); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.712:10:52"); [ÃäíÓ] Deleted successfully : user_pref("extensions.buenosearch.vrsni", "1.8.28.7"); [ÃäíÓ] Deleted successfully : user_pref("extensions.eagleget_ffext@eagleget.com.install-event-fired", true); [ÃäíÓ] Deleted successfully : user_pref("extensions.getAddons.databaseSchema", 5); [ÃäíÓ] Deleted successfully : user_pref("extensions.ui.lastCategory", "addons://list/extension"); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_bgcolor", false); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_colorspace", ""); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_command", ""); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_downloadfonts", false); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_duplex", 896); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_edge_bottom", 0); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_edge_left", 0); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_edge_right", 0); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_edge_top", 0); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_evenpages", true); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_footercenter", ""); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_footerleft", "&PT"); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_footerright", "&D"); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_headercenter", ""); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_headerleft", "&T"); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_headerright", "&U"); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_in_color", true); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_margin_bottom", "0.5"); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_margin_left", "0.5"); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_margin_right", "0.5"); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_margin_top", "0.5"); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_oddpages", true); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_orientation", 0); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_page_delay", 50); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_data", 9); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_height", " 11.00"); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_name", ""); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_size_type", 0); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_size_unit", 1); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_paper_width", " 8.50"); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_plex_name", ""); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_resolution", 88832); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_resolution_name", ""); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_reversed", false); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_scaling", " 1.00"); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_shrink_to_fit", true); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_to_file", false); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_to_filename", ""); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_unwriteable_margin_bottom", 0); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_unwriteable_margin_left", 0); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_unwriteable_margin_right", 0); [ÃäíÓ] Deleted successfully : user_pref("print.printer_SnagIt_9.print_unwriteable_margin_top", 0); [ÃäíÓ] : plugin@playgame.com.xpi : - - [ÃäíÓ] : YoutubeDownloader@PeterOlayev.com.xpi : - - [ÃäíÓ] : {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} : - - [ÃäíÓ] : {af95cc15-3b9b-45ae-8d9b-98d08eda3111}.xpi : - - [ÃäíÓ] : {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi : - - [ÃäíÓ] : {e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi : - - ¤¤¤¤¤¤¤¤¤¤ | Opera ¤¤¤¤¤¤¤¤¤¤ | Hijack.StartMenuInternet Repaired : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=ST9500325AS_6VEVCDARXXXX6VEVCDAR&ts=1375970578 -> "C:\Program Files\Internet Explorer\iexplore.exe" ¤¤¤¤¤¤¤¤¤¤ | AppInit_DLLs [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 ¤¤¤¤¤¤¤¤¤¤ | Hijack.Javascript ¤¤¤¤¤¤¤¤¤¤ | Firewall Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]|[EnableFirewall] : 1 -> 0 ¤¤¤¤¤¤¤¤¤¤ | Temporary files [All Users] Temporary files deleted : 0 Ko [Default] Temporary files deleted : 0 Ko [Default User] Temporary files deleted : 0 Ko [Public] Temporary files deleted : 0 Ko [ÃäíÓ] Temporary files deleted : 875689 Ko [????] Temporary files deleted : 0 Ko [C:\Windows\Temp] Temporary files deleted : 31331 Ko [C:\Temp] Temporary files deleted : 0 Ko Other(s) report(s) [X] : [33123 Ko] Analyzed elements : 148728 | Infected : 280 ¤¤¤¤¤¤¤¤¤¤ |EOF| ¤¤¤¤¤¤¤¤¤¤ | 06:45:22 | [44 Ko]