Solved Can't Get Rid of NextCoup, NexteCoup, Ppriicee Chop, or SaveMasss

[steph07]

I have been able to remove the extensions, but they won't stay away!

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  gpt.ini;z 
  C:\Windows\System32\GroupPolicy;v
  C:\Windows\SysWOW64\GroupPolicy;v
  process;
  services-list;
  systemspecs;
  startupall;
  skipfix-iedefaults;
  firefoxlook;
  chromelook;
  filesrcm;
  installedprogs;

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[steph07]

Zoek.exe v5.0.0.0 Updated 04-August-2014
Tool run by Owner on Wed 08/06/2014 at 8:30:38.33.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Owner\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

8/6/2014 8:35:41 AM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Photoshop Elements 6.0
Adobe Reader XI
Aimersoft DRM Media Converter(Build 1.5.3.0)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
Autumn Flair
Best Buy pc app
Bing Bar
Bing Bar Platform
Bonjour
Catalina Savings Printer
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CenturyLink Installer
CenturyLink Personal Digital VaultT
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HD Audio
Coupon Printer for Windows
CouponPrinterPlugin
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
FamilySearch Indexing 3.7.11
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HandBrake 0.9.8
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Deskjet 3050 J610 series Product Improvement Study
HP Photo Creations
HP Update
HPDiagnosticCoreDll
iTunes
Java 7 Update 65
Java Auto Updater
Java(TM) 6 Update 17
Junk Mail filter update
Label@Once 1.0
LeapFrog Connect
LeapFrog My Pals Plugin
Let's Go To The Zoo-(2CK)
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Report Viewer Redistributable 2008 (KB971118)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 5.9.0
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MyCenturyLink Toolbar
Phonics Made Easy
PlayReady PC Runtime amd64
QuickTime
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2767915) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Sentinel System Driver Installer 7.5.0
Serif PagePlus Starter Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SES Driver
Silhouette Studio
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
VLC media player 2.0.4
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Center
Windows Mobile Device Center Driver Update

==== Running Processes ======================

C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Owner\Downloads\zoek.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

==== Services (whitelist) ======================
Powered by E Dev

R2 - [AdobeActiveFileMonitor6.0] - Adobe Active File Monitor V6 - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
R2 - [AMD External Events Utility] - AMD External Events Utility - C:\windows\system32\atiesrxx.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - [BBSvc] - BingBar Service - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
R2 - [Bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - [CouponPrinterService] - Coupon Printer Service - C:\Program Files (x86)\Coupons\CouponPrinterService.exe
R2 - [cvhsvc] - Client Virtualization Handler - "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
R2 - [MBAMScheduler] - MBAMScheduler - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
R2 - [MBAMService] - MBAMService - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
R2 - [Motorola Device Manager] - Motorola Device Manager Service - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
R2 - [MsMpSvc] - Microsoft Antimalware Service - "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
R2 - [SDScannerService] - Spybot-S&D 2 Scanner Service - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
R2 - [SDUpdateService] - Spybot-S&D 2 Updating Service - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
R2 - [SDWSCService] - Spybot-S&D 2 Security Center Service - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
R2 - [sftlist] - Application Virtualization Client - "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
R2 - [TODDSrv] - TOSHIBA Optical Disc Drive Service - C:\Windows\system32\TODDSrv.exe
R2 - [TosCoSrv] - TOSHIBA Power Saver - "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
R2 - [TOSHIBA eco Utility Service] - TOSHIBA eco Utility Service - "C:\Program Files\TOSHIBA\TECO\TecoService.exe"
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
R2 - [WSearch] - Windows Search - C:\windows\system32\SearchIndexer.exe /Embedding
R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
R3 - [sftvsa] - Application Virtualization Service Agent - "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
R3 - [TMachInfo] - TMachInfo - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
R3 - [TOSHIBA HDD SSD Alert Service] - TOSHIBA HDD SSD Alert Service - "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
R3 - [TPCHSrv] - TPCH Service - "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"
R3 - [VSS] - Volume Shadow Copy - C:\windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S2 - [sppsvc] - Software Protection - C:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - [ALG] - Application Layer Gateway Service - C:\windows\System32\alg.exe
S3 - [BBUpdate] - BBUpdate - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
S3 - [COMSysApp] - COM+ System Application - C:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\windows\ehome\ehRecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - C:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - C:\windows\system32\fxssvc.exe
S3 - [FLEXnet Licensing Service] - FLEXnet Licensing Service - "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - [gusvc] - Google Software Updater - "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
S3 - [IDriverT] - InstallDriver Table Manager - "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\windows\system32\IEEtwCollector.exe /V
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - C:\windows\System32\msdtc.exe
S3 - [msiserver] - Windows Installer - C:\windows\system32\msiexec.exe /V
S3 - [NisSrv] - Microsoft Network Inspection - "c:\Program Files\Microsoft Security Client\NisSrv.exe"
S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
S3 - [PerfHost] - Performance Counter DLL Host - C:\windows\SysWow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - C:\windows\System32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - C:\windows\servicing\TrustedInstaller.exe
S3 - [vds] - Virtual Disk - C:\windows\System32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\windows\system32\Wat\WatAdminSvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - "C:\windows\system32\wbengine.exe"
S3 - [wmiApSrv] - WMI Performance Adapter - C:\windows\system32\wbem\WmiApSrv.exe
S4 - [aspnet_state] - ASP.NET State Service - C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

==== Folders Found ======================


==== Files Found ======================


==== Folders Found In C:\Windows\System32\GroupPolicy ======================

2011-01-05 18:06:18 d-----w- C:\Windows\System32\GroupPolicy\Machine
2011-01-05 18:06:18 d-----w- C:\Windows\System32\GroupPolicy\User

==== Files Found In C:\Windows\System32\GroupPolicy ======================

2014-08-04 13:05:00 165 ----a-w- D75C6D5A265764EA24D9F06E740D2DB5 C:\Windows\System32\GroupPolicy\gpt.ini

==== Files Found In C:\Windows\SysWOW64\GroupPolicy ======================

2014-08-04 13:05:00 11 ----a-w- EC3584F3DB838942EC3669DB02DC908E C:\Windows\SysWOW64\GroupPolicy\gpt.ini

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3835 MB
CPU Info: AMD Turion(tm) II P540 Dual-Core Processor
CPU Speed: 2390.8 MHz
Sound Card: Speakers (Conexant SmartAudio H |
Speakers (WsAudio_DeviceS(4)) |
Speakers (WsAudio_DeviceS(3)) |
Speakers (WsAudio_DeviceS(2)) |
Speakers (WsAudio_DeviceS(5)) |
Speakers (WsAudio_DeviceS(1)) |
Display Adapters: ATI Mobility Radeon HD 4200 Series | ATI Mobility Radeon HD 4200 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) #2 | Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW TS-L633C
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 454.2GB | Q: 0.0MB
Hard Disks - Free: C: 143.6GB | Q: 0.0MB
Manufacturer *: Insyde Corp.
BIOS Info: AT/AT COMPATIBLE | 09/09/10 | TOSQCI - 3
Time Zone: Mountain Standard Time
Motherboard *: AMD Corp. Guam
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Spybot - Search and Destroy disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Google Chrome 36.0.1985.125
Internet Explorer Version: 11.0.9600.17207
Mozilla Firefox version: 14.0.1 (x86 en-US)
Google Chrome version: 36.0.1985.125
Adobe Reader version: 11.0.0.379
Sun Java version: 1.7.0_65 (32-bit)
Flash Player version: 14.0.0.145

==== Files Recently Created / Modified ======================

====== C:\windows ====
====== C:\Users\Owner\AppData\Local\Temp ====
====== Java Cache =====
====== C:\windows\SysWOW64 =====
2014-08-05 03:02:51 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\windows\SysWOW64\sho4231.tmp
2014-08-04 23:50:47 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\windows\SysWOW64\sqlite3.dll
2014-08-04 09:09:21 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\windows\SysWOW64\sho3366.tmp
2014-07-25 19:15:33 7F26D694BC7E78958BE38D1D9AAFC2B9 272808 ----a-w- C:\windows\SysWOW64\javaws.exe
2014-07-25 19:15:27 FFAECE8AEC1D9CCDCEC1C55C2CA450BA 175528 ----a-w- C:\windows\SysWOW64\java.exe
2014-07-25 19:15:27 67BE34FBF29E783691C713517102E67E 175528 ----a-w- C:\windows\SysWOW64\javaw.exe
2014-07-25 19:15:27 419094DF76A32252ECD70730382029ED 98216 ----a-w- C:\windows\SysWOW64\WindowsAccessBridge-32.dll
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
2014-08-05 03:58:27 718517EFE7F333559AFAA57919C885C6 1370 ----a-w- C:\windows\Sysnative\.crusader
2014-08-04 21:31:20 82446D358A9FB51CB9DA32A5C901D7A0 21040 ----a-w- C:\windows\Sysnative\sdnclean64.exe
====== C:\windows\Sysnative\drivers =====
2014-08-05 03:21:07 FCE2251FE4464DCAA2F4684F19A8EE9B 32512 ----a-w- C:\windows\Sysnative\drivers\hitmanpro37.sys
2014-08-05 02:31:13 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-08-05 02:24:05 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\windows\Sysnative\drivers\mbam.sys
2014-08-05 02:24:05 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\windows\Sysnative\drivers\mbamchameleon.sys
2014-08-05 02:24:05 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\windows\Sysnative\drivers\mwac.sys
2014-07-12 21:46:22 FA886682CFC5D36718D3E436AACF10B9 497152 ----a-w- C:\windows\Sysnative\drivers\afd.sys
====== C:\windows\Tasks ======
2014-08-04 21:31:49 -------- d-----w- C:\windows\Sysnative\Tasks\Safer-Networking
====== C:\windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-08-04 12:55:17 -------- d-----w- C:\PROGRA~2\JoniCoupOn
2014-07-25 19:15:46 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
======= C: =====
====== C:\Users\Owner\AppData\Roaming ======
2014-08-04 13:05:02 -------- d-----w- C:\Users\Owner\AppData\Locallow\{F10BB791-C3DF-662B-E777-4D4B1D221088}
2014-08-04 12:57:49 -------- d-----w- C:\Users\Owner\AppData\Locallow\{0F76D3D5-657E-5625-ED2E-C2EBD7BD944B}
2014-08-04 12:46:01 -------- d-sh--w- C:\Users\Owner\AppData\Locallow\EmieUserList
2014-08-04 12:45:46 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieUserList
2014-08-04 12:45:46 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieSiteList
2014-08-04 12:45:09 -------- d-sh--w- C:\Users\Owner\AppData\Locallow\EmieSiteList
2014-08-04 06:28:54 -------- d-----w- C:\Users\Owner\AppData\Locallow\{543B028A-B32E-9861-0E56-08015361F99B}
2014-08-04 02:47:12 -------- d-----w- C:\Users\Owner\AppData\Locallow\{936F6500-D4E3-C5A6-6F6F-7C40B3531D30}
2014-07-21 13:56:46 -------- d-----w- C:\Users\Owner\AppData\Locallow\{5FA9DF11-8B70-7FF3-02AC-F2DD917BB8F1}
2014-07-21 13:55:49 -------- d-----w- C:\Users\Owner\AppData\Locallow\{E899D79B-0BE6-C3FC-93AD-88AE5BE1E7D7}
2014-07-21 13:55:35 -------- d-----w- C:\Users\Owner\AppData\Local\Packages
2014-07-21 13:55:32 -------- d-----w- C:\Users\Owner\AppData\Locallow\{99E39367-E067-A7E7-3891-46003218BCCB}
2014-07-21 13:55:28 -------- d-----w- C:\Users\Owner\AppData\Local\Comodo
2014-07-21 13:55:28 -------- d-----w- C:\Users\Mcx1-OWNER-PC\AppData\Local\Comodo
2014-07-21 13:55:28 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-21 13:55:28 -------- d-----w- C:\Users\Guest\AppData\Local\Comodo
2014-07-21 13:55:28 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo
2014-07-21 13:55:27 -------- d-----w- C:\Users\Mcx1-OWNER-PC\AppData\Local\Google
2014-07-21 13:55:27 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-21 13:55:27 -------- d-----w- C:\Users\Guest\AppData\Local\Google
2014-07-21 13:55:27 -------- d-----w- C:\Users\Administrator\AppData\Local\Google
====== C:\Users\Owner ======
2014-08-05 23:53:46 CC57BF56EB9C3BF266B60EB1E7CC7EF5 2094080 ----a-w- C:\Users\Owner\Downloads\FRST64.exe
2014-08-05 03:20:28 -------- d-----w- C:\ProgramData\HitmanPro
2014-08-05 03:17:13 0C20503483D6FBAF0DF97D7043BB5583 11188736 ----a-w- C:\Users\Owner\Downloads\HitmanPro_x64.exe
2014-08-05 02:19:57 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-04 23:58:43 065B9F528580B2C8A54E9A14C6890685 1361309 ----a-w- C:\Users\Owner\Downloads\adwcleaner_3.302 (1).exe
2014-08-04 23:48:11 065B9F528580B2C8A54E9A14C6890685 1361309 ----a-w- C:\Users\Owner\Downloads\adwcleaner_3.302.exe
2014-08-04 02:46:57 -------- d-----w- C:\ProgramData\JoniCoupOn
2014-07-21 13:55:36 -------- d-----w- C:\ProgramData\46a33570a7ab9c25
2014-07-21 13:55:27 -------- d-----w- C:\Users\HomeGroupUser$\AppData
2014-07-21 13:55:27 -------- d-----w- C:\Users\Guest\AppData
2014-07-21 13:55:27 -------- d-----w- C:\Users\Administrator\AppData

====== C: exe-files ==
2014-08-05 23:53:46 CC57BF56EB9C3BF266B60EB1E7CC7EF5 2094080 ----a-w- C:\Users\Owner\Downloads\FRST64.exe
2014-08-05 03:17:13 0C20503483D6FBAF0DF97D7043BB5583 11188736 ----a-w- C:\Users\Owner\Downloads\HitmanPro_x64.exe
2014-08-05 02:19:57 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\Owner\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-04 23:58:43 065B9F528580B2C8A54E9A14C6890685 1361309 ----a-w- C:\Users\Owner\Downloads\adwcleaner_3.302 (1).exe
2014-08-04 23:48:11 065B9F528580B2C8A54E9A14C6890685 1361309 ----a-w- C:\Users\Owner\Downloads\adwcleaner_3.302.exe
2014-08-04 23:36:27 6B8BD7FED703C91667F242469184C9C7 317440 ----a-w- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyltpg.default\hotfix-update\FirefoxInstallLauncher.exe
2014-08-04 23:32:44 310578F044482A93CAA0703841C3339E 29836648 ----a-w- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyltpg.default\hotfix-update\Firefox Setup 30.0.exe
=== C: other files ==
2014-08-05 03:21:07 FCE2251FE4464DCAA2F4684F19A8EE9B 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2014-08-05 02:31:13 8A50D5304E6AE48664CF5838EC32F647 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-05 02:24:05 F92B0E478C0FAA6D6661E6E977247E60 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-05 02:24:05 9D9ED48F841EA37AA5310D54B9E5D3C7 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-05 02:24:05 15E8ABC06843672955CE26A009533BAD 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-04 23:32:43 B0D4161E0ED7CFAFA3A0FA54217439D2 226542 ----a-w- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyltpg.default\extensions\firefox-hotfix@mozilla.org.xpi

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60"
"Bing Bar"="C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
"Adobe Photo Downloader"="C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
"VMM Mode Selection"="C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe"
"CenturyLinkTouchPointAgent"="C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe /autostart"
"Qwest Personal Digital Vault"="C:\Program Files (x86)\CenturyLink Personal Digital Vault\QwestPersonalDigitalVault.exe /m"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Aimersoft Helper Compact.exe"="C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Monitor"="C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"TWebCamera"=""C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t"
"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"
"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe "
"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe "
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe "
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe "
"Teco"=""%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r"
"SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe "
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"command"=""
"item"=""
"hkey"="HKLM"
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosNC]
"command"="%ProgramFiles%\\Toshiba\\BulletinBoard\\TosNcCore.exe"
"item"="TosNC"
"hkey"="HKLM"
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TosReelTimeMonitor]
"command"="%ProgramFiles%\\TOSHIBA\\ReelTime\\TosReelTimeMonitor.exe"
"item"="TosReelTimeMonitor"
"hkey"="HKLM"
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"


==== Startup Folders ======================

2010-09-13 07:41:04 838 ----a-w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
2010-09-13 07:41:04 838 ----a-w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
2011-01-05 18:06:52 838 ----a-w- C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
2011-02-10 03:48:15 1307 ----a-w- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

==== Task Scheduler Jobs ======================

C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [07/13/2014 04:12 PM]
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:6C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [Undetermined Task]

==== Other Scheduled Tasks ======================

"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\HPCustParticipation HP Deskjet 3050 J610 series" ["C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe"]
"C:\windows\SysNative\tasks\Motorola Device Manager Engine" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\windows\SysNative\tasks\Motorola Device Manager Initial Update" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\windows\SysNative\tasks\User_Feed_Synchronization-{DAE1B50D-BE27-4ADB-87C7-557927235C60}" [C:\windows\system32\msfeedssync.exe]
"C:\windows\SysNative\tasks\{3E06F5BB-7692-4985-B9AC-3A02CD2F515A}" [C:\Program Files (x86)\Skype\\Phone\Skype.exe]
"C:\windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"]
"C:\windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"]
"C:\windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"msntoolbar@msn.com"="C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyltpg.default
- NextCoup - %ProfilePath%\extensions\fci1u@sryuoyw.edu
- NexteCoup - %ProfilePath%\extensions\iavqxn@uouyeasog.org
- DeialEXpreSs - %ProfilePath%\extensions\ozyf1vtm@kalvztcv.edu
- JooniiCoUpon - %ProfilePath%\extensions\qzd_oiea@mioatsdx.co.uk
- SavEMasss - %ProfilePath%\extensions\r8o@mirtra.com
- Undetermined - %ProfilePath%\extensions\staged
- PPriiceeChop - %ProfilePath%\extensions\tdx_0nyst@aqlbs-.com
- MySearch - %ProfilePath%\extensions\voc@daczzg.com
- CenturyLink - %ProfilePath%\extensions\{A317CB83-299C-4FC8-9ED7-2D64117D98EE}
- Firefox Old Version Update Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hk6ycl9s.default-1407195672748
4390CCD3790F8D9C427C0C29590C62D7 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
1FFDEA3D309253A9A3D6C68AE210E3FA - C:\Users\Owner\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll - CouponPrinterPlugin
FA77C368D108519B3C77AE043846DAC9 - C:\Users\Owner\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npPrintUtil.dll - Coupon Printer Plugin

Profilepath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyltpg.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
1FFDEA3D309253A9A3D6C68AE210E3FA - C:\Users\Owner\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll - CouponPrinterPlugin
FA77C368D108519B3C77AE043846DAC9 - C:\Users\Owner\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npPrintUtil.dll - Coupon Printer Plugin

Profilepath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xnhyqddq.default-1407277925763
4390CCD3790F8D9C427C0C29590C62D7 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
1FFDEA3D309253A9A3D6C68AE210E3FA - C:\Users\Owner\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll - CouponPrinterPlugin
FA77C368D108519B3C77AE043846DAC9 - C:\Users\Owner\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npPrintUtil.dll - Coupon Printer Plugin


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cnpkmcjgpcihgfnkcjapiaabbbplkcmf - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx[]
jfjbflachhjbdbhfgknpgcgpchaikkok - C:\Users\Owner\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx[03/12/2013 03:02 PM]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
jfjbflachhjbdbhfgknpgcgpchaikkok - C:\Users\Owner\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx[03/12/2013 03:02 PM]

SavEMasss - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj
SavEMasss - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj
SavEMasss - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj
SavEMasss - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj
SavEMasss - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj
SavEMasss - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj
SavEMasss - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj
SavEMasss - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj
SavEMasss - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj
SavEMasss - Mcx1-OWNER-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - Mcx1-OWNER-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - Mcx1-OWNER-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - Mcx1-OWNER-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - Mcx1-OWNER-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj
SavEMasss - Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj
SavEMasss - Mcx1-OWNER-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - Mcx1-OWNER-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - Mcx1-OWNER-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - Mcx1-OWNER-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - Mcx1-OWNER-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj
SavEMasss - Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj
SavEMasss - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
Google Voice Search Hotword (Beta) - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
NextCoup - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
Google Search - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
NexteCoup - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
Pin It Button - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic
PPriiceeChop - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
Google Wallet - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
SavEMasss - Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj

==== Chromium Startpages ======================

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "https://www.google.com/",
"startup_urls": [ "http://www.google.com/" ],


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/ig?brand=TSND&bmod=TSND"
"Default_Page_URL"="http://www.google.com/ig?brand=TSND&bmod=TSND"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{657235A0-ECC2-491F-B411-A23C4195A090} Google Url="http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSND"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Wed 08/06/2014 at 8:49:47.22 ======================

 

[TwinHeadedEagle]

First, go to Control Panel and uninstall following (skip lines that cannot be uninstalled):
- Best Buy pc app
- Catalina Savings Printer
- CouponPrinterPlugin
- Java(TM) 6 Update 17

SpyBot S&D Warning

MVPS.org is no longer recommending SpyBot S&D due to very poor testing results (scroll down and read under Freeware Antispyware Products).
My advice is to get rid of this program. To do so:

• Press the
  
  + R on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for SpyBot, right-click the entry and click Uninstall.

This is optional, but please consider it.

Fix with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  C:\Windows\System32\GroupPolicy\Machine;fs
  C:\Windows\System32\GroupPolicy\User;fs
  C:\Windows\System32\GroupPolicy\gpt.ini;f
  C:\Windows\SysWOW64\GroupPolicy\gpt.ini;f
  C:\PROGRA~2\JoniCoupOn;fs
  C:\ProgramData\46a33570a7ab9c25;fs
  C:\Users\HomeGroupUser$\AppData;fs
  C:\Users\Guest\AppData;fs
  C:\Users\Administrator\AppData;fs
  C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk;f
  C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk;f
  C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk;f
  NextCoup;ff
  DeialEXpreSs;ff
  JooniiCoUpon;ff
  SavEMasss;ff
  PPriiceeChop;ff
  MySearch;ff
  jfjbflachhjbdbhfgknpgcgpchaikkok;chr
  abcpllpnlfecpkgllijbbaghohlmlkoj;chr
  bmjmjmgbphoaepodkjbjifjikjlbnmhc;chr
  fobnnjcmcpfdagobaaimbppicijafnoh;chr
  kcidgfnfbahmbgknpmkoagnbbdaeaiag;chr
  autoclean;
  emptyalltemp;
  ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[steph07]

Zoek.exe v5.0.0.0 Updated 04-August-2014
Tool run by Owner on Wed 08/06/2014 at 9:56:20.87.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Owner\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-08-06-144947.log 48173 bytes

==== System Restore Info ======================

8/6/2014 10:08:50 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hk6ycl9s.default-1407195672748

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20140806_1026_.backup

ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyltpg.default

user.js not found
---- Lines valueApps removed from prefs.js ----
user_pref("valueApps.storage.mam_gk_userId", "33313839333138372D653035312D343730662D626665322D613232356637653361383561");
---- Lines extensions.8_fHqxbym removed from prefs.js ----
user_pref("extensions.8_fHqxbym.epoch", "1407243234");
user_pref("extensions.8_fHqxbym.url", "http://toolkitstyle.us/sync2/?q=hfZ...rMCMlNhd9Fqda6rTwFrHk7rHwMBzqUojw9rdYEqdwGqjr
---- Lines extensions.INv removed from prefs.js ----
user_pref("extensions.INv.epoch", "1407243234");
user_pref("extensions.INv.url", "http://onlinediir.com/sync2/?q=hfZ9...d9Fqda5rdnEqTs6rdkMBzqUojw9rdYEqdwGqjrHqGh7hf
---- Lines extensions.LpiarxKXTCxe removed from prefs.js ----
user_pref("extensions.LpiarxKXTCxe.epoch", "1407243234");
user_pref("extensions.LpiarxKXTCxe.url", "http://transferbox.us/sync2/?q=hfZ9...olljtNtVh7n0rjnEqHsFrjr8qjw8tMFHhd9Fqda5rdnFr
---- Lines extensions.QIVz removed from prefs.js ----
user_pref("extensions.QIVz.epoch", "1407281335");
user_pref("extensions.QIVz.url", "http://jpigetjson.info/sync2/?q=hfZ...MCMlNhd9Fqda5rdnFrTk6rjCMBzqUojw9rdYEqdsHrTYH
---- Lines extensions.RB07 removed from prefs.js ----
user_pref("extensions.RB07.epoch", "1407243234");
user_pref("extensions.RB07.url", "http://jpi-syncs.info/sync2/?q=hfZ9...heDUojw9rdYEqdaGrTYFrShIC7n0rjnEpda9rjs8rHaFt
---- Lines extensions.ouJMN removed from prefs.js ----
user_pref("extensions.ouJMN.epoch", "1407243233");
user_pref("extensions.ouJMN.url", "http://installsunny.us/sync2/?q=hfZ...tVh7n0rjnEqHsFrjr8qjr9tMFHhd9Fqda5rdnFrTkHqjr
---- Lines extensions.yx0nTcFvbGWR removed from prefs.js ----
user_pref("extensions.yx0nTcFvbGWR.epoch", "1407281335");
user_pref("extensions.yx0nTcFvbGWR.url", "http://veterancanadacenterzillion.n...ojwFrjwFtMqLDe49CNU0llrMCMlNhd9Fqda5rdnFrHa9r
---- FireFox user.js and prefs.js backups ----

prefs_20140806_1026_.backup

ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xnhyqddq.default-1407277925763

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20140806_1026_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\PROGRA~2\JoniCoupOn deleted
C:\ProgramData\46a33570a7ab9c25 deleted
C:\Users\HomeGroupUser$\AppData deleted
C:\Users\Guest\AppData deleted
C:\Users\Administrator\AppData deleted
C:\Users\Owner\AppData\LocalLow\{543B028A-B32E-9861-0E56-08015361F99B} deleted
C:\Users\Owner\AppData\LocalLow\{936F6500-D4E3-C5A6-6F6F-7C40B3531D30} deleted
C:\Users\Owner\AppData\LocalLow\{F10BB791-C3DF-662B-E777-4D4B1D221088} deleted
C:\Users\Owner\AppData\Local\Packages\windows_ie_ac_001\AC\{543B028A-B32E-9861-0E56-08015361F99B} deleted
C:\Users\Owner\AppData\Local\Packages\windows_ie_ac_001\AC\{936F6500-D4E3-C5A6-6F6F-7C40B3531D30} deleted
C:\Users\Owner\AppData\Local\Packages\windows_ie_ac_001\AC\{F10BB791-C3DF-662B-E777-4D4B1D221088} deleted
C:\PROGRA~3\JoniCoupOn deleted
C:\Users\Owner\AppData\Roaming\Aspex Research & Technology deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\Best Buy pc app deleted
C:\Users\Owner\AppData\Local\CRE deleted
C:\Users\Owner\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FamilySearch deleted
C:\Users\Owner\Searches deleted
C:\Users\Owner\Downloads\CatalinaSavingsPrinter.exe deleted
C:\Users\Owner\Downloads\CouponActivator.exe deleted
C:\Users\Owner\Downloads\couponprinter.exe deleted
C:\Users\Owner\Downloads\CouponPrinterCPS (1).exe deleted
C:\Users\Owner\Downloads\CouponPrinterCPS (2).exe deleted
C:\Users\Owner\Downloads\CouponPrinterCPS (3).exe deleted
C:\Users\Owner\Downloads\CouponPrinterCPS.exe deleted
C:\windows\wininit.ini deleted
C:\components deleted
C:\windows\Syswow64\sho170D.tmp deleted
C:\windows\Syswow64\sho17D6.tmp deleted
C:\windows\Syswow64\sho19D7.tmp deleted
C:\windows\Syswow64\sho19D8.tmp deleted
C:\windows\Syswow64\sho1BEA.tmp deleted
C:\windows\Syswow64\sho2147.tmp deleted
C:\windows\Syswow64\sho2AAC.tmp deleted
C:\windows\Syswow64\sho2B26.tmp deleted
C:\windows\Syswow64\sho2BB3.tmp deleted
C:\windows\Syswow64\sho2BF1.tmp deleted
C:\windows\Syswow64\sho2F79.tmp deleted
C:\windows\Syswow64\sho2F7D.tmp deleted
C:\windows\Syswow64\sho3366.tmp deleted
C:\windows\Syswow64\sho34A8.tmp deleted
C:\windows\Syswow64\sho3794.tmp deleted
C:\windows\Syswow64\sho3C10.tmp deleted
C:\windows\Syswow64\sho3CA5.tmp deleted
C:\windows\Syswow64\sho40E7.tmp deleted
C:\windows\Syswow64\sho4231.tmp deleted
C:\windows\Syswow64\sho425.tmp deleted
C:\windows\Syswow64\sho4344.tmp deleted
C:\windows\Syswow64\sho465.tmp deleted
C:\windows\Syswow64\sho471E.tmp deleted
C:\windows\Syswow64\sho4876.tmp deleted
C:\windows\Syswow64\sho48D2.tmp deleted
C:\windows\Syswow64\sho4FF5.tmp deleted
C:\windows\Syswow64\sho5228.tmp deleted
C:\windows\Syswow64\sho5347.tmp deleted
C:\windows\Syswow64\sho5986.tmp deleted
C:\windows\Syswow64\sho5998.tmp deleted
C:\windows\Syswow64\sho5B4F.tmp deleted
C:\windows\Syswow64\sho6AF3.tmp deleted
C:\windows\Syswow64\sho6B80.tmp deleted
C:\windows\Syswow64\sho6B90.tmp deleted
C:\windows\Syswow64\sho6FE4.tmp deleted
C:\windows\Syswow64\sho75C5.tmp deleted
C:\windows\Syswow64\sho75DD.tmp deleted
C:\windows\Syswow64\sho7751.tmp deleted
C:\windows\Syswow64\sho77A7.tmp deleted
C:\windows\Syswow64\sho77E9.tmp deleted
C:\windows\Syswow64\sho7C92.tmp deleted
C:\windows\Syswow64\sho7FBE.tmp deleted
C:\windows\Syswow64\sho805C.tmp deleted
C:\windows\Syswow64\sho83D4.tmp deleted
C:\windows\Syswow64\sho874B.tmp deleted
C:\windows\Syswow64\sho8BBC.tmp deleted
C:\windows\Syswow64\sho9261.tmp deleted
C:\windows\Syswow64\sho9655.tmp deleted
C:\windows\Syswow64\sho9974.tmp deleted
C:\windows\Syswow64\sho9A11.tmp deleted
C:\windows\Syswow64\sho9B20.tmp deleted
C:\windows\Syswow64\sho9F30.tmp deleted
C:\windows\Syswow64\shoA4AA.tmp deleted
C:\windows\Syswow64\shoA68C.tmp deleted
C:\windows\Syswow64\shoA7C3.tmp deleted
C:\windows\Syswow64\shoA91D.tmp deleted
C:\windows\Syswow64\shoAF85.tmp deleted
C:\windows\Syswow64\shoB0A3.tmp deleted
C:\windows\Syswow64\shoB0BC.tmp deleted
C:\windows\Syswow64\shoB2FB.tmp deleted
C:\windows\Syswow64\shoB413.tmp deleted
C:\windows\Syswow64\shoB8AE.tmp deleted
C:\windows\Syswow64\shoB964.tmp deleted
C:\windows\Syswow64\shoBA79.tmp deleted
C:\windows\Syswow64\shoBE60.tmp deleted
C:\windows\Syswow64\shoCDBD.tmp deleted
C:\windows\Syswow64\shoCDC0.tmp deleted
C:\windows\Syswow64\shoCEE4.tmp deleted
C:\windows\Syswow64\shoD1F0.tmp deleted
C:\windows\Syswow64\shoDB14.tmp deleted
C:\windows\Syswow64\shoDB61.tmp deleted
C:\windows\Syswow64\shoDBD1.tmp deleted
C:\windows\Syswow64\shoDC1D.tmp deleted
C:\windows\Syswow64\shoDDA1.tmp deleted
C:\windows\Syswow64\shoE3BE.tmp deleted
C:\windows\Syswow64\shoE418.tmp deleted
C:\windows\Syswow64\shoE42E.tmp deleted
C:\windows\Syswow64\shoE69.tmp deleted
C:\windows\Syswow64\shoE7B4.tmp deleted
C:\windows\Syswow64\shoE7D3.tmp deleted
C:\windows\Syswow64\shoE97C.tmp deleted
C:\windows\Syswow64\shoEC53.tmp deleted
C:\windows\Syswow64\shoEFCC.tmp deleted
C:\windows\Syswow64\shoEFE1.tmp deleted
C:\windows\Syswow64\shoF6BD.tmp deleted
C:\windows\Syswow64\shoF806.tmp deleted
C:\windows\Syswow64\shoF94F.tmp deleted
C:\windows\Syswow64\shoF9EC.tmp deleted
C:\windows\Syswow64\shoFC2C.tmp deleted
C:\windows\Syswow64\shoFCA6.tmp deleted
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyltpg.default\qwesttoolbar deleted
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyltpg.default\extensions\staged deleted
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyltpg.default\extensions\fci1u@sryuoyw.edu deleted
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyltpg.default\extensions\iavqxn@uouyeasog.org deleted
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyltpg.default\extensions\ozyf1vtm@kalvztcv.edu deleted
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyltpg.default\extensions\qzd_oiea@mioatsdx.co.uk deleted
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyltpg.default\extensions\r8o@mirtra.com deleted
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyltpg.default\extensions\tdx_0nyst@aqlbs-.com deleted
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyltpg.default\extensions\voc@daczzg.com deleted
"C:\windows\SysNative\GroupPolicy\gpt.ini" deleted
"C:\Windows\SysWOW64\GroupPolicy\gpt.ini" deleted
"C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk" deleted
"C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk" deleted
"C:\Users\Mcx1-OWNER-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk" deleted
"C:\Users\Owner\AppData\Local\{28F14FAD-D0D0-48B7-A037-6B9C9799CFE2}" deleted
"C:\Users\Owner\AppData\Local\{2A9F6106-35CA-4242-9E76-303EC5E5966B}" deleted
"C:\Users\Owner\AppData\Local\{A058DE9B-DB62-43D1-8358-C71484F385C2}" deleted
"C:\Users\Owner\AppData\Local\{BB169BCF-80B1-4777-8449-83026DBB2300}" deleted
"C:\Users\Owner\AppData\Roaming\Silhouette Studio Debug" deleted
"C:\PROGRA~2\Coupons\CouponPrinterService.exe" deleted
"C:\PROGRA~2\Coupons\CouponPrinterService.exe" deleted
"C:\PROGRA~2\Coupons" not deleted
"C:\PROGRA~2\Coupons" not deleted
"C:\Users\wangzhisong" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"msntoolbar@msn.com"="C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyltpg.default
- CenturyLink - %ProfilePath%\extensions\{A317CB83-299C-4FC8-9ED7-2D64117D98EE}
- Firefox Old Version Update Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hk6ycl9s.default-1407195672748
4390CCD3790F8D9C427C0C29590C62D7 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash

Profilepath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x5hyltpg.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash

Profilepath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xnhyqddq.default-1407277925763
4390CCD3790F8D9C427C0C29590C62D7 - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cnpkmcjgpcihgfnkcjapiaabbbplkcmf - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx[]
jfjbflachhjbdbhfgknpgcgpchaikkok - C:\Users\Owner\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
jfjbflachhjbdbhfgknpgcgpchaikkok - C:\Users\Owner\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx[]

SavEMasss - Mcx1-OWNER-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - Mcx1-OWNER-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - Mcx1-OWNER-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - Mcx1-OWNER-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - Mcx1-OWNER-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj
SavEMasss - Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj
SavEMasss - Mcx1-OWNER-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - Mcx1-OWNER-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - Mcx1-OWNER-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - Mcx1-OWNER-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - Mcx1-OWNER-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj
SavEMasss - Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj
SavEMasss - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
Google Voice Search Hotword (Beta) - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
NextCoup - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
Google Search - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
NexteCoup - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
Pin It Button - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic
PPriiceeChop - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
Google Wallet - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
SavEMasss - Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj
NextCoup - Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc
NexteCoup - Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh
PPriiceeChop - Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag
MySearch - Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj

==== Chromium Startpages ======================

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "https://www.google.com/",
"startup_urls": [ "http://www.google.com/" ],


==== Chrome Fix ======================

C:\Users\Mcx1-OWNER-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj deleted successfully
C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj deleted successfully
C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj deleted successfully
C:\Users\Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\abcpllpnlfecpkgllijbbaghohlmlkoj deleted successfully
C:\Users\Mcx1-OWNER-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc deleted successfully
C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc deleted successfully
C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc deleted successfully
C:\Users\Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bmjmjmgbphoaepodkjbjifjikjlbnmhc deleted successfully
C:\Users\Mcx1-OWNER-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh deleted successfully
C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh deleted successfully
C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh deleted successfully
C:\Users\Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fobnnjcmcpfdagobaaimbppicijafnoh deleted successfully
C:\Users\Mcx1-OWNER-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag deleted successfully
C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag deleted successfully
C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag deleted successfully
C:\Users\Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kcidgfnfbahmbgknpmkoagnbbdaeaiag deleted successfully
C:\Users\Mcx1-OWNER-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj deleted successfully
C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj deleted successfully
C:\Users\Mcx1-OWNER-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj deleted successfully
C:\Users\Owner\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj deleted successfully
C:\Users\Owner\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pjelgclloabpanecbolpjbceagpnoeaj deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/ig?brand=TSND&bmod=TSND"
"Default_Page_URL"="http://www.google.com/ig?brand=TSND&bmod=TSND"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com/ig?brand=TSND&bmod=TSND"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{657235A0-ECC2-491F-B411-A23C4195A090} Google Url="http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSND"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1468394519-2353461913-2919014698-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-1468394519-2353461913-2919014698-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-1468394519-2353461913-2919014698-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-1468394519-2353461913-2919014698-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-1468394519-2353461913-2919014698-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F10BB791-C3DF-662B-E777-4D4B1D221088} deleted successfully
HKEY_USERS\S-1-5-21-1468394519-2353461913-2919014698-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F10BB791-C3DF-662B-E777-4D4B1D221088} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F10BB791-C3DF-662B-E777-4D4B1D221088} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F10BB791-C3DF-662B-E777-4D4B1D221088} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{F10BB791-C3DF-662B-E777-4D4B1D221088} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F10BB791-C3DF-662B-E777-4D4B1D221088} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F10BB791-C3DF-662B-E777-4D4B1D221088} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F10BB791-C3DF-662B-E777-4D4B1D221088} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\msntoolbar@msn.com deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jfjbflachhjbdbhfgknpgcgpchaikkok deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\jfjbflachhjbdbhfgknpgcgpchaikkok deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.8 deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Mcx1-OWNER-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\hk6ycl9s.default-1407195672748\Cache will be emptied at reboot
C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\x5hyltpg.default\Cache emptied successfully
C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\xnhyqddq.default-1407277925763\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=852 folders=268 79559701 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Mcx1-OWNER-PC\AppData\Local\Temp will be emptied at reboot
C:\Users\Owner\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Owner\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Coupons" not found
"C:\PROGRA~2\Coupons" not found

==== EOF on Wed 08/06/2014 at 10:49:14.09 ======================

 

[TwinHeadedEagle]

How is your PC now?

 

[steph07]

The extensions are gone! Thank you so much!

 

[TwinHeadedEagle]

Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.

Recommended reading:
​

MUST READ - security tips: Computer Security - a short guide to staying safer online. Simple and easy ways to keep your computer safe and secure on the Internet

MUST READ - general maintenance: What to do if your Computer is running slowly?

Recommended additional software:
​

TFC - to clean unneeded temporary files.

Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

McShield - to prevent infections spread by removable media.

CryptoPrevent - to secure yourself from very severe CryptoLocker infection.

Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.


• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;

Remove disinfection tools

Create registry backup

Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​

Stay safe,
TwinHeadedEagle

 

[TwinHeadedEagle]

Since this issue appears to be resolved, I am closing the topic. If that is not the case and you need or wish to continue with this topic, please contact me or any staff member with the address of the thread.

Other members who need assistance please start your own topic in a new thread. Thanks!