Notebook utilizado pela gurizada infestado

Question

Por favor, alguem pode analisar esse log?

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 08:07:42, on 22/08/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
CHROME: 28.0.1500.95
FIREFOX: 22.0 (pt-BR)
Boot mode: Normal

Running processes:
C:\Windows\system32	askhost.exe
C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\CyberLink\YouCam\YouCamService.exe
C:\Program Files\PSafe\PSafeSysTray.exe
C:\Program Files\PSafe\PSafeWDS.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\PSafe\Protege\psprotege.exe
C:\Program Files\PSafe\SearchDesk\psSearchDesk.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Clownfish\Clownfish.exe
C:\Users\jp\AppData\Local\Beamrise\Application\beamrise.exe
C:\Program Files\PSafe\psMediaChannel.exe
C:\Users\jp\AppData\Local\Beamrise\Application\beamrise.exe
C:\Users\jp\AppData\Local\Beamrise\Application\beamrise.exe
C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Users\jp\AppData\Local\Beamrise\Application\beamrise.exe
C:\Users\jp\AppData\Local\Beamrise\Application\beamrise.exe
C:\Users\jp\AppData\Local\Beamrise\Application\beamrise.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Users\jp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Explorer.EXE
C:\Users\jp\AppData\Local\Beamrise\Application\beamrise.exe
C:\Windows\system32	askhost.exe
C:\Windows\system32	askeng.exe
C:\Users\jp\Pictures\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQCON/3
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://clikseguro.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
R3 - URLSearchHook: UsProvider Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files\Minibar\Minibar.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: LyricsTab - {08c73155-5d83-408f-9f35-f973da65dfc3} - C:\Program Files\LyricsTab\128.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O2 - BHO: WsSVRIEHelper - {65DEE40A-3E93-4cae-9F98-B8E06DCEE2BF} - C:\Video Converter Ultimate\SVRIEPlugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
O2 - BHO: MinibarBHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files\Minibar\Minibar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: SelectionLinksBHO - {F6222CB7-E738-4DA5-B305-28E5F1ED8B1E} - C:\Program Files\OApps\SelectionLinks.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - !{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s
O4 - HKLM\..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [YouCam Service] C:\Program Files\CyberLink\YouCam\YouCamService.exe /s
O4 - HKLM\..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe -atboottime
O4 - HKLM\..\Run: [BrowserPlugInHelper] C:\Video Converter Ultimate\BrowserPlugInHelper.exe
O4 - HKLM\..\Run: [PSafeTray] C:\Program Files\PSafe\PSafeSysTray.exe
O4 - HKLM\..\Run: [PSafeWDS] C:\Program Files\PSafe\PSafeWDS.exe
O4 - HKLM\..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start
O4 - HKLM\..\Run: [NokiaInternetModem_AppStart.exe] C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem_AppStart.exe -start C:\Program Files\Nokia\Nokia Internet Modem\NokiaInternetModem.exe
O4 - HKCU\..\Run: [Google Update] C:\Users\jp\AppData\Local\Google\Update\GoogleUpdate.exe /c
O4 - HKCU\..\Run: [Facebook Update] C:\Users\jp\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
O4 - HKCU\..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun
O4 - HKCU\..\Run: [Clownfish] C:\Program Files\Clownfish\Clownfish.exe
O4 - HKCU\..\Run: [lollipop] c:\users\jp\appdata\local\lollipop\lollipop.exe lollipop
O4 - HKCU\..\Run: [Beamrise] C:\Users\jp\AppData\Local\Beamrise\Application\beamrise.exe --no-startup-window --auto-launch-at-startup --profile-directory=Default
O4 - HKCU\..\Run: [{BCCDE721-9F4D-4396-9592-92DD865D965E}] C:\Users\jp\Pictures\Downloads\LeagueofLegends.exe /cmdloc HKCU\Software\Riot Games AiTemp\{BCCDE721-9F4D-4396-9592-92DD865D965E}
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVI&Ccedil;O LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVI&Ccedil;O LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVI&Ccedil;O DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVI&Ccedil;O DE REDE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Search - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files\Minibar\Minibar.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pscliks.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pscliks.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pscliks.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pscliks.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pscliks.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B20B766-CFFC-495A-B44B-5C15D03FE01E}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5C03E4C-FFC1-4A2C-A48A-A161C32E226C}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{4B20B766-CFFC-495A-B44B-5C15D03FE01E}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{4B20B766-CFFC-495A-B44B-5C15D03FE01E}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\browse~1\261070~1.41\{c16c1~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files\Baidu Security\Cloud Security\BAVSvc.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: Servi&ccedil;o do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servi&ccedil;o do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.229\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
O23 - Service: NkPtpEnumWT3 - Nikon Corporation - C:\Program Files\Nikon\WT-4 Setup Utility\NkPtpEnum.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PSafeSVC - PSafe S/A - C:\Program Files\PSafe\PSafesvc.exe
O23 - Service: PSafeWD - PSafe S.A. - C:\Program Files\PSafe\PSafeWD.exe
O23 - Service: PsClikSeguro - PSafe Tecnologia S.A. - C:\Program Files\PSafe\ClikSeguro\PsClikSeguro.exe
O23 - Service: PSProtegeSVC - PSafe S.A. - C:\Program Files\PSafe\Protege\psprotegesvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 16313 bytes

Answer

Ol&aacute; Core_Dump

:veja: Baixe o [COLOR=Purple]AdwCleaner[/COLOR] (...de [COLOR=Blue]Xplode[/COLOR]) e salve-o no Desktop (&Aacute;rea de Trabalho)

*Salve qualquer trabalho aberto e feche o seu navegador

*Execute-o, clique [Scan] e aguarde o t&eacute;rmino

*Clique [Clean] e aguarde o t&eacute;rmino

*Clique [Report] e cole o relat&oacute;rio

:veja: Baixe o [color=#800080]Junkware Removal Tool[/color] (...de [color=#0000FF]Oleg N. Scherbakov[/color]) e salve-o no Desktop (&Aacute;rea de Trabalho) 
 
*Feche o seu navegador (Firefox, IE, Google Chrome) 
 
*Clique com o bot&atilde;o direito do mouse no JRT e selecione https://www.hardware.com.br/static/c/m/3be632f976b4e4eb6d824a20c3fcfd76 
 
*Tecle [ENTER] 
 
*Ao surgir a mensagem The scan completed succesfully, feche a janela e cole o relat&oacute;rio JRT.txt localizado no Desktop

Answer

Tive que sair, mas vou seguir as instru&ccedil;&otilde;es e acrescento informa&ccedil;&otilde;es logo.

# AdwCleaner v3.000 - Report created 22/08/2013 at 20:40:33
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : jp - JP-HP
# Running from : C:\Users\jp\Pictures\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Bcool
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Folder Deleted : C:\Program Files\~BabylonToolbar
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DealPly
Folder Deleted : C:\Program Files\FindLyrics
Folder Deleted : C:\Program Files\GinyasBrowserCompanion
Folder Deleted : C:\Program Files\LyricsTab
Folder Deleted : C:\Program Files\Minibar
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\optimizer pro
Folder Deleted : C:\Program Files\Show-Lyrics
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\v-Grabber
Folder Deleted : C:\Program Files\Wondershare
Folder Deleted : C:\Program Files\Common Files\Wondershare
Folder Deleted : C:\Users\jp\Funmoods
Folder Deleted : C:\Users\jp\AppData\Local\APN
Folder Deleted : C:\Users\jp\AppData\Local\Conduit
Folder Deleted : C:\Users\jp\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\jp\AppData\Local\lollipop
Folder Deleted : C:\Users\jp\AppData\Local\Minibar
Folder Deleted : C:\Users\jp\AppData\Local\PackageAware
Folder Deleted : C:\Users\jp\AppData\Local\Wondershare
Folder Deleted : C:\Users\jp\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\jp\AppData\Local\Temp\Iminent
Folder Deleted : C:\Users\jp\AppData\Local\Temp\TempDir
Folder Deleted : C:\Users\jp\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\jp\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\jp\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\jp\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\jp\AppData\LocalLow\Minibar
Folder Deleted : C:\Users\jp\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\jp\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\jp\AppData\LocalLow\Bcool
Folder Deleted : C:\Users\jp\AppData\Roaming\Babylon
Folder Deleted : C:\Users\jp\AppData\Roaming\DealPly
Folder Deleted : C:\Users\jp\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\jp\AppData\Roaming\GinyasBrowserCompanion
Folder Deleted : C:\Users\jp\AppData\Roaming\iWin
Folder Deleted : C:\Users\jp\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\jp\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\jp\AppData\Roamingegistry mechanic
Folder Deleted : C:\Users\jp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\Users\jp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Downloader
Folder Deleted : C:\Users\jp\Documents\Object
Folder Deleted : C:\Users\jp\AppData\Roaming\Mozilla\Firefox\Profiles
n4oyb5k.default\ConduitCommon
Folder Deleted : C:\Users\jp\AppData\Roaming\Mozilla\Firefox\Profiles
n4oyb5k.default\Extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
Folder Deleted : C:\Users\jp\AppData\Roaming\Mozilla\Firefox\Profiles
n4oyb5k.default\Extensions	oolbar@ask.com
Folder Deleted : C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Folder Deleted : C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\edcidnblllcefpjkghblkohfckaleopj
Folder Deleted : C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions
oebaifjopccondbkcieccphcpijhdne
[!] Folder Deleted : C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions
oebaifjopccondbkcieccphcpijhdne
File Deleted : C:\END
File Deleted : C:\Uninstall.exe
File Deleted : C:\Users\jp\AppData\Local\funmoods.crx
File Deleted : C:\Users\jp\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\jp\AppData\Local\funmoods-speeddial_sf.crx
File Deleted : C:\Users\jp\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\jp\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Users\jp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
File Deleted : C:\Users\jp\Documents\Uninstall.exe
File Deleted : C:\Users\jp\AppData\Roaming\Mozilla\Firefox\Profiles
n4oyb5k.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\jp\AppData\Roaming\Mozilla\Firefox\Profiles
n4oyb5k.default\searchplugins\babylon1.xml
File Deleted : C:\Users\jp\AppData\Roaming\Mozilla\Firefox\Profiles
n4oyb5k.default\searchplugins\BabylonMngr.xml
File Deleted : C:\Users\jp\AppData\Roaming\Mozilla\Firefox\Profiles
n4oyb5k.default\searchplugins\browsemngr.xml
File Deleted : C:\Users\jp\AppData\Roaming\Mozilla\Firefox\Profiles
n4oyb5k.default\searchplugins\Conduit.xml
File Deleted : C:\Users\jp\AppData\Roaming\Mozilla\Firefox\Profiles
n4oyb5k.default\searchplugins\funmoods.xml
File Deleted : C:\Users\jp\AppData\Roaming\Mozilla\Firefox\Profiles
n4oyb5k.default\searchplugins\search.xml
File Deleted : C:\Users\jp\AppData\Roaming\Mozilla\Firefox\Profiles
n4oyb5k.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\jp\AppData\Roaming\Mozilla\Firefox\Profiles
n4oyb5k.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\jp\AppData\Roaming\Mozilla\Firefox\Profiles
n4oyb5k.default\user.js
File Deleted : C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\System32\Tasks\DealPlyUpdate
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\edcidnblllcefpjkghblkohfckaleopj
Key Deleted : HKCU\Software\Google\Chrome\Extensions
oebaifjopccondbkcieccphcpijhdne
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions
oebaifjopccondbkcieccphcpijhdne
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bho_project.bho_object
Key Deleted : HKLM\SOFTWARE\Classes\bho_project.bho_object.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [lollipop]
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Tutorials]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKCU\Software\582dd8de66eee41
Key Deleted : HKLM\SOFTWARE\582dd8de66eee41
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_counter-strike_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_counter-strike_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_hamachi (1)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_hamachi (1)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_minecraft-skinedit_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_minecraft-skinedit_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mozilla-firefox_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mozilla-firefox_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{539F76FD-084E-4858-86D5-62F02F54AE86}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKCU\Software\Minibar
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DealPly
Key Deleted : HKLM\Software\Minibar
Key Deleted : HKLM\Software\Tuto4PC
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\connect@LyricsTab.co
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

***** [ Browsers ] *****

-\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.Old.Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]

-\ Mozilla Firefox v22.0 (pt-BR)

[ File : C:\Users\jp\AppData\Roaming\Mozilla\Firefox\Profiles
n4oyb5k.default\prefs.js ]

Line Deleted : user_pref(browser.search.defaultengine, Ask.com);
Line Deleted : user_pref(browser.search.defaulturl, hxxp://www.bigseekpro.com/search/toolbar/hao123/{87D1B806-1B1F-7201-2A23-C1412D9D545B}?q={searchTerms});
Line Deleted : user_pref(extensions.asktb.InstallDir, C:\Program Files\Ask.com\);
Line Deleted : user_pref(extensions.asktb.abar-war-regex, conduit\.com);
Line Deleted : user_pref(extensions.asktb.apn_dbr, cr_26.0.1410.64);
Line Deleted : user_pref(extensions.asktb.autofill-competitor-query-enabled, true);
Line Deleted : user_pref(extensions.asktb.cbid, ^ACD);
Line Deleted : user_pref(extensions.asktb.config-updated, true);
Line Deleted : user_pref(extensions.asktb.cr-o, APN10014cr);
Line Deleted : user_pref(extensions.asktb.crumb, 2013.04.12+18.54.59-toolbar016iad-BR-U2FsdmFkb3IsQnJhemls);
Line Deleted : user_pref(extensions.asktb.default-channel-url-mask, hxxp://br.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar);
Line Deleted : user_pref(extensions.asktb.displaybehavior, );
Line Deleted : user_pref(extensions.asktb.displaytext, );
Line Deleted : user_pref(extensions.asktb.dtid, ^YYYYYY^YY^BR);
Line Deleted : user_pref(extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget, false);
Line Deleted : user_pref(extensions.asktb.dyn-weather-locid-weatherWidget, BRXX3272);
Line Deleted : user_pref(extensions.asktb.dyn-weather-tempunit-weatherWidget, C);
Line Deleted : user_pref(extensions.asktb.ff19-config-first-run, true);
Line Deleted : user_pref(extensions.asktb.fresh-install, false);
Line Deleted : user_pref(extensions.asktb.guid, a41f7c3c-af95-443a-af27-37f79dbbff75);
Line Deleted : user_pref(extensions.asktb.hpr, YES);
Line Deleted : user_pref(extensions.asktb.hxxp-header-whitelist-hosts, [\static-dev.en.dev.ask.com\, \ask.com\, \www.facebook.com\, \www.playsushi.com\, \WWW.google.com\, \hxxps://websearch.ask.com\, [...]
Line Deleted : user_pref(extensions.asktb.if, first);
Line Deleted : user_pref(extensions.asktb.keyword-toggled-in-session, false);
Line Deleted : user_pref(extensions.asktb.l, dis);
Line Deleted : user_pref(extensions.asktb.last-config-req, 1377168567312);
Line Deleted : user_pref(extensions.asktb.locale, pt_BR);
Line Deleted : user_pref(extensions.asktb.location, Salvador,Brazil);
Line Deleted : user_pref(extensions.asktb.lstation, );
Line Deleted : user_pref(extensions.asktb.new-tab-opt-out, true);
Line Deleted : user_pref(extensions.asktb.news-native-on, true);
Line Deleted : user_pref(extensions.asktb.o, APN10014);
Line Deleted : user_pref(extensions.asktb.overlay-reloaded-using-restart, true);
Line Deleted : user_pref(extensions.asktb.pstate, );
Line Deleted : user_pref(extensions.asktb.qsrc, 2871);
Line Deleted : user_pref(extensions.asktb.r, 20);
Line Deleted : user_pref(extensions.asktb.sa, YES);
Line Deleted : user_pref(extensions.asktb.saguid, 025D435C-F51A-4017-B551-7DBC3297D076);
Line Deleted : user_pref(extensions.asktb.search-suggestions-enabled, true);
Line Deleted : user_pref(extensions.asktb.silent-upgrade-from-pre-newtabs-build, false);
Line Deleted : user_pref(extensions.asktb.socialmini-first, true);
Line Deleted : user_pref(extensions.asktb.socialmini-interval, 1200000);
Line Deleted : user_pref(extensions.asktb.socialmini-max-char-ticker, 33);
Line Deleted : user_pref(extensions.asktb.socialmini-max-items, 30);
Line Deleted : user_pref(extensions.asktb.socialmini-native-on, true);
Line Deleted : user_pref(extensions.asktb.socialmini-speed, 10000);
Line Deleted : user_pref(extensions.asktb.socialmini-transition-first-open, false);
Line Deleted : user_pref(extensions.asktb.themeid, );
Line Deleted : user_pref(extensions.asktb.timeinstalled, 12/04/2013 22:55:20);
Line Deleted : user_pref(extensions.asktb.to, );
Line Deleted : user_pref(extensions.asktb.version, 5.15.23.42081);
Line Deleted : user_pref(extensions.asktb.volume, );
Line Deleted : user_pref(extensions.enabledAddons, plugin%40videofiledownload.com:1.5,pt-BR%40dellalibera.sf.net:2.1.1-2.0,service%40touchpdf.com:1.15,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2,%7B97A7836[...]
Line Deleted : user_pref(extensions.installCache, [{
ame\:\winreg-app-global\,\addons\:{\{BBDA0591-3099-440a-AA10-41764D9DB4DB}\:{\descriptor\:\C:\\ProgramData\\Norton\\{0C55C096-0F1D-4F28-AAA2-[...]
Line Deleted : user_pref(extensions.kango.storage.interstitial_splash_last_activity, 1375404022842);
Line Deleted : user_pref(extensions.kango.storage.interstitial_splash_show_chance, 100);
Line Deleted : user_pref(extensions.kango.storage.interstitial_splash_show_count, 0);
Line Deleted : user_pref(extensions.kango.storage.interstitial_splash_wait_time, 0);
Line Deleted : user_pref(extensions.kango.storage.minibar.config, {
ame\:\Hao123 toolbar\,\description\:\Hao123 toolbar\,\button\:{	ooltip\:\Search\,\icon\:\hxxp://www.bigspeedpro.com/button/%a[...]
Line Deleted : user_pref(extensions.kango.storage.minibar.homepageSet, \1\);
Line Deleted : user_pref(extensions.kango.storage.minibar.searchassistSet, \1\);
Line Deleted : user_pref(extensions.kango.storage.minibar.searchengineSet, \1\);
Line Deleted : user_pref(extensions.kango.storage.nero_google_search, \{}\);
Line Deleted : user_pref(extensions.kango.storage.nero_options, \{\\m1\\:{\\ads\\:{\
1\\:{\\url\\:\//ulayout.com/nero/matomy/google_post_results_728x90.html?aff_slug=hao123\\,\\width\\:[...]
Line Deleted : user_pref(extensions.kango.storage.ui.button.iconCache, \data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAAED0lEQVQ4ja3MTU+TBwDA8X4Ij7pEDDqUqDHb3FzmoRqjyaaZS4wuJh7U7WCiJFMRKDqth[...]
Line Deleted : user_pref(extensions.kango.storage.youtube_player_last_activity, 1374607660187);
Line Deleted : user_pref(extensions.kango.storage.youtube_player_show_chance, 10);
Line Deleted : user_pref(extensions.kango.storage.youtube_player_show_count, 0);
Line Deleted : user_pref(extensions.kango.storage.youtube_player_wait_time, 1374751659146);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewsbottom_last_activity, 1375403646478);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewsbottom_show_chance, 5);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewsbottom_show_count, 0);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewsbottom_wait_time, 0);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewsleft_last_activity, 1374607657495);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewsleft_show_chance, 10);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewsleft_show_count, 0);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewsleft_wait_time, 1374751656266);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewsright_last_activity, 1375403646473);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewsright_show_chance, 5);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewsright_show_count, 0);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewsright_wait_time, 0);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewsrightreplaceown_last_activity, 1374607657490);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewsrightreplaceown_show_chance, 10);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewsrightreplaceown_show_count, 0);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewsrightreplaceown_wait_time, 1374751656263);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewstop_last_activity, 1375403646476);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewstop_show_chance, 5);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewstop_show_count, 0);
Line Deleted : user_pref(extensions.kango.storage.youtube_youtubewstop_wait_time, 0);
Line Deleted : user_pref(keyword.URL, hxxp://www.bigseekpro.com/search/toolbar/hao123/{87D1B806-1B1F-7201-2A23-C1412D9D545B}?q=);

-\ Google Chrome v

[ File : C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [30993 octets] - [22/08/2013 20:36:53]
AdwCleaner[S0].txt - [30423 octets] - [22/08/2013 20:40:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [30484 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Starter x86
Ran by jp on 22/08/2013 at 21:04:53,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\browserpluginhelper
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\Tabs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{27DE7D30-BCCD-44D1-ADCB-A74A4259EBEF}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A0EFC4E-F167-4D0E-9C24-FC5519237993}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{55D63393-DB17-4A2B-9052-15D85B4B1344}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{65DEE40A-3E93-4CAE-9F98-B8E06DCEE2BF}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricstab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wondershare
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2233703
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FindLyrics_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\FindLyrics_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{12995981-2FD6-4BEE-9FB0-B1674E8E5E7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3891E201-DEDB-7C55-60E0-3AB9A9F7D9FF}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{482BF19C-7293-474E-BF66-A1138EECE779}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4AD564AD-2729-4250-B2DA-E1F9745C2FE3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3891E201-DEDB-7C55-60E0-3AB9A9F7D9FF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65DEE40A-3E93-4CAE-9F98-B8E06DCEE2BF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08c73155-5d83-408f-9f35-f973da65dfc3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{08c73155-5d83-408f-9f35-f973da65dfc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F6222CB7-E738-4DA5-B305-28E5F1ED8B1E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F6222CB7-E738-4DA5-B305-28E5F1ED8B1E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6222CB7-E738-4DA5-B305-28E5F1ED8B1E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F6222CB7-E738-4DA5-B305-28E5F1ED8B1E}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef

~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\LyricsTab Update
Successfully deleted: [File] C:\Windows\Tasks\LyricsTab Update.job
Successfully deleted: [File] C:\Windows\Tasksmschedule.job
Successfully deleted: [File] C:\Windows\system32\sho14D0.tmp
Successfully deleted: [File] C:\Windows\system32\sho1873.tmp
Successfully deleted: [File] C:\Windows\system32\sho23F8.tmp
Successfully deleted: [File] C:\Windows\system32\sho28F4.tmp
Successfully deleted: [File] C:\Windows\system32\sho34F8.tmp
Successfully deleted: [File] C:\Windows\system32\sho3AA5.tmp
Successfully deleted: [File] C:\Windows\system32\sho43B9.tmp
Successfully deleted: [File] C:\Windows\system32\sho4E13.tmp
Successfully deleted: [File] C:\Windows\system32\sho4F1.tmp
Successfully deleted: [File] C:\Windows\system32\sho5330.tmp
Successfully deleted: [File] C:\Windows\system32\sho5CE1.tmp
Successfully deleted: [File] C:\Windows\system32\sho5FE2.tmp
Successfully deleted: [File] C:\Windows\system32\sho6004.tmp
Successfully deleted: [File] C:\Windows\system32\sho6D26.tmp
Successfully deleted: [File] C:\Windows\system32\sho7AB8.tmp
Successfully deleted: [File] C:\Windows\system32\sho7F43.tmp
Successfully deleted: [File] C:\Windows\system32\sho827D.tmp
Successfully deleted: [File] C:\Windows\system32\sho8315.tmp
Successfully deleted: [File] C:\Windows\system32\sho8F87.tmp
Successfully deleted: [File] C:\Windows\system32\sho90C.tmp
Successfully deleted: [File] C:\Windows\system32\sho9435.tmp
Successfully deleted: [File] C:\Windows\system32\sho95CE.tmp
Successfully deleted: [File] C:\Windows\system32\shoA653.tmp
Successfully deleted: [File] C:\Windows\system32\shoA934.tmp
Successfully deleted: [File] C:\Windows\system32\shoAA05.tmp
Successfully deleted: [File] C:\Windows\system32\shoB1E2.tmp
Successfully deleted: [File] C:\Windows\system32\shoB2BD.tmp
Successfully deleted: [File] C:\Windows\system32\shoB50E.tmp
Successfully deleted: [File] C:\Windows\system32\shoB626.tmp
Successfully deleted: [File] C:\Windows\system32\shoBA69.tmp
Successfully deleted: [File] C:\Windows\system32\shoC055.tmp
Successfully deleted: [File] C:\Windows\system32\shoCF81.tmp
Successfully deleted: [File] C:\Windows\system32\shoCFCE.tmp
Successfully deleted: [File] C:\Windows\system32\shoD829.tmp
Successfully deleted: [File] C:\Windows\system32\shoD9AE.tmp
Successfully deleted: [File] C:\Windows\system32\shoE507.tmp
Successfully deleted: [File] C:\Windows\system32\shoE5DA.tmp
Successfully deleted: [File] C:\Windows\system32\shoE88C.tmp
Successfully deleted: [File] C:\Windows\system32\shoF0A1.tmp
Successfully deleted: [File] C:\Windows\system32\shoF0AC.tmp
Successfully deleted: [File] C:\Windows\system32\shoF5D.tmp
Successfully deleted: [File] C:\Windows\system32\wscm32.dll
Successfully deleted: [File] C:\Windows\system32\wscm64.dll

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\baidu
Successfully deleted: [Folder] C:\Users\jp\AppData\Roaming\baidu
Successfully deleted: [Folder] C:\Users\jp\appdata\local\cre
Successfully deleted: [Folder] C:\Program Files\baidu
Successfully deleted: [Folder] C:\Program Files\hao123.com
Successfully deleted: [Folder] C:\Users\jp\start menu\programs\browser manager
Successfully deleted: [Folder] C:\Windows\system32\ai_recyclebin
Successfully deleted: [Empty Folder] C:\Users\jp\appdata\local\{53588E6C-C3A1-4BEC-BE1A-EF7CFA53D192}
Successfully deleted: [Empty Folder] C:\Users\jp\appdata\local\{5E0603A8-5280-4026-B031-17A29C2DC169}
Successfully deleted: [Empty Folder] C:\Users\jp\appdata\local\{BAF43E2F-CABC-4E1C-A63B-A850C60F5879}
Successfully deleted: [Empty Folder] C:\Users\jp\appdata\local\{D134D580-1608-41CD-B7C6-787EF7CF1FE2}
Successfully deleted: [Folder] C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\jp\AppData\Roaming\mozilla\firefox\profiles
n4oyb5k.default\invalidprefs.js
Successfully deleted the following from C:\Users\jp\AppData\Roaming\mozilla\firefox\profiles
n4oyb5k.default\prefs.js

user_pref(browser.newtab.url, hxxp://br.hao123.com/?tn=smt_hp_hao123_br);
Emptied folder: C:\Users\jp\AppData\Roaming\mozilla\firefox\profiles
n4oyb5k.default\minidumps [16 files]

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\chgdeabpmphfhkoemjjglmilajldekbp

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/08/2013 at 21:09:49,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Answer

:veja: Baixe o [COLOR=#800080]Zoek[/COLOR] (...de [COLOR=#0000FF]Smeenk[/COLOR]) e salve-o no Desktop (&Aacute;rea de Trabalho)

*Clique com o bot&atilde;o direito do mouse no Zoek e selecione https://www.hardware.com.br/static/c/m/3be632f976b4e4eb6d824a20c3fcfd76 
 
*Cole as linhas em [COLOR=#8B0000]marrom[/COLOR] no espa&ccedil;o 
[color=#8B0000]
autoclean;
emptyalltemp;
uninstall-list;
[/color]
*Feche o seu navegador e clique [Run Script] 
 
*Durante o scan a mensagem abaixo ser&aacute; apresentada. Aguarde o t&eacute;rmino...pode demorar! 
 
Zoek.exe is running now. 
Do not start any browser windows, they will be closed automatically. 
Please wait! This window will close when finished. 
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log 
*Caso a reinicializa&ccedil;&atilde;o do PC seja solicitada, clique [OK]

:veja: Acesse [COLOR=#800080]este link[/COLOR] 
 
*Clique [Selecionar arquivo...], localize o relat&oacute;rio C:\zoek-results.txt e clique [Abrir] 
 
*Selecione 4 jours e clique [Cr&eacute;er le lien Cjoint] 
 
https://www.hardware.com.br/static/c/m/fb405a606703ea7bf37880bb8770d9e7  
 
*Cole o link criado ao lado de Le lien a &eacute;t&eacute; cr&eacute;&eacute;: 
 
https://www.hardware.com.br/static/c/m/cae86b35b8d8683484b25434c8be7fc9

Answer

N&atilde;o consegui iniciar o zoek.exe, nada aparece ap&oacute;s executar como administrador.

Answer

[quote=Core_Dump, post: 6658670]N&atilde;o consegui iniciar o zoek.exe, nada aparece ap&oacute;s executar como administrador.[/quote]
Ele demora uns segundos para abrir.

Mantenha o PC conectado a internet.

Answer

Realmente, demorou mas abriu. Depois posto o log.    http://cjoint.com/?3Hxdy4RcC3s

Answer

Core_Dump

Faz o upload no link conforme descrevi.

Desse jeito t&aacute; muito confuso!

Answer

Entendi o processo. Segue o link.  http://cjoint.com/?3Hxdy4RcC3s

Answer

:veja: Baixe o arquivo fix.txt (anexado)

:veja: Clique com o bot&atilde;o direito do mouse no Zoek e selecione https://www.hardware.com.br/static/c/m/3be632f976b4e4eb6d824a20c3fcfd76 
 
*Abra o arquivo fix.txt e cole o seu conte&uacute;do no Zoek

*Clique [Run Script] e cole o relat&oacute;rio apresentado

Answer

Wings, vou fazer como voc&ecirc; me recomendou. Tenho que acordar bem cedo, caso tu estejas dispon&iacute;vel, posso continuar esse processo amanh&atilde; &agrave; noite. J&aacute; notei uma melhora no desempenho do note.

Answer

[quote=Core_Dump, post: 6658720]Wings, vou fazer como voc&ecirc; me recomendou. Tenho que acordar bem cedo, caso tu estejas dispon&iacute;vel, posso continuar esse processo amanh&atilde; &agrave; noite. J&aacute; notei uma melhora no desempenho do note.[/quote]
Se assim desejas.......

Answer

Segue o log do Zoek ap&oacute;s executar o script.    Zoek.exe Version 4.0.0.4 Updated 19-08-2013 Tool run by jp on 23/08/2013 at 18:00:50,54. Microsoft Windows 7 Starter  6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\jp\Desktop\zoek.exe [Script inserted]   ==== Deleting CLSID Registry Keys ======================  HKEY_USERS\S-1-5-21-2744113749-1287246053-1129391905-1000\Software\Microsoft\Internet Explorer\SearchScopes\{92001F8A-C36B-473A-91E7-5BE0C81CF2B3} deleted successfully  ==== Deleting CLSID Registry Values ======================   ==== Registry Fix Code ======================  Windows Registry Editor Version 5.00  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]  &quot;Start Page&quot;=&quot;http:www.google.com.br&quot;   ==== Deleting Files \ Folders ======================  &quot;C:\Users\jp\AppData\Roaming\baidu&quot; not found   ==== EOF on 23/08/2013 at 18:11:19,13 ======================    http://cjoint.com/?3HxxqgjsP3r

Answer

:veja: Clique com o bot&atilde;o direito do mouse no Zoek e selecione https://www.hardware.com.br/static/c/m/3be632f976b4e4eb6d824a20c3fcfd76 
 
*Cole a linha em [COLOR=#8B0000]marrom[/COLOR] no espa&ccedil;o 
[COLOR=#8B0000]
shortcutfix;
C:\Users\jp\AppData\Roaming\baidu;fs
[/COLOR] 
*Clique [Run Script] e cole o relat&oacute;rio

:veja: Instale o [COLOR=#800080]MalwareBytes[/COLOR] (...de [COLOR=#0000FF] RubbeR DuckY[/COLOR]) 
 
*Antes de concluir a instala&ccedil;&atilde;o, desmarque a op&ccedil;&atilde;o Ativar trial gratuito do Malwarebytes Anti-Malware PRO 
 
*Aguarde o t&eacute;rmino da atualiza&ccedil;&atilde;o, selecione [Verifica&ccedil;&atilde;o R&aacute;pida], clique [Verificar] 
 
*Ao t&eacute;rmino, clique [OK] > [Ver Resultados] > [Remover Selecionados] 
 
*Cole o relat&oacute;rio apresentado

Answer

Relat&oacute;rio do Zoek:  http://cjoint.com/?3HAptfx8xP3   Resultado do Malwarebits:    http://cjoint.com/?3HAqA44cyki

Ferramentas

Mover Tópico