Computer Security & Viruses/Final Discount Spyware immovable

Advertisement


Question
QUESTION: Hi Mr. Benosky,

I receive my updates by way of FileHippo. When I noticed Final Discount in my Add or Remove programs, I tried to uninstall. I use Chrome now, but a message strangely appears in the old Internet Explorer window that I don't use anymore. It reads, in part, "If you would like to uninstall, please enter the numbers and characters below." There are NO numbers or characters at all to enter.

My friend is an IT guy. He installed Ad-Aware to no effect. I have Norton 360 (all levels are aggressive and extreme), but since I'm not as savvy as my friend, I started looking for ways to uninstall this. I added AVG Anti-Virus from the internet and discovered a Trojan among other spyware. Final Discount still doesn't come out.

I have a Windows XP. It's a Dell. Whatever questions I can answer, I will do so promptly, but I'm asking for your immediate intervention. Thank you for your time during your busy schedule.

Sincerely,

David

P.S. I will be trying your instructions for HijackThis!

ANSWER: Hi David

I am assuming you mean the adware "Finding Discount", not "Final Discount".  Please follow the instructions posted by InadequateInfirmity here:

http://www.bleepingcomputer.com/forums/t/565703/cannot-uninstall-a-program-named

After downloading and running the programs listed, please post me the log for Adware Removal Tool, and the log for Malwarebytes Anti-Rootkit, and let me know how the computer is performing.

Brian

---------- FOLLOW-UP ----------

QUESTION: Hi Brian,

My computer is dramatically faster and unhindered. However, Finding Discount is still stuck in my computer. It was quite a wrestling match! The computer was slowing down more and more, and I had to reboot a few times. Every time I used the mini toolbox, the AVG Anti-Virus would alert me that the report had some kind of virus attached. It would then disappear. I ignored it and finally got through the entire process.

Maybe I should try it again?

As requested, I am leaving the reports for you to see:


MINITOOLBOX:

MiniToolBox by Farbar  Version: 30-11-2014
Ran by winuser (administrator) on 06-02-2015 at 00:29:59
Running from "C:\Documents and Settings\winuser\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1         d3oxij66pru1i3.cloudfront.net
127.0.0.1       localhost
127.0.0.1         d3oxij66pru1i3.cloudfront.net

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



       Host Name . . . . . . . . . . . . : winuser-a04d1de

       Primary Dns Suffix  . . . . . . . :

       Node Type . . . . . . . . . . . . : Unknown

       IP Routing Enabled. . . . . . . . : No

       WINS Proxy Enabled. . . . . . . . : No

       DNS Suffix Search List. . . . . . : nyc.rr.com



Ethernet adapter Local Area Connection 2:



       Connection-specific DNS Suffix  . : nyc.rr.com

       Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

       Physical Address. . . . . . . . . : 00-13-72-28-26-52

       Dhcp Enabled. . . . . . . . . . . : Yes

       Autoconfiguration Enabled . . . . : Yes

       IP Address. . . . . . . . . . . . : 192.168.0.2

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

       Default Gateway . . . . . . . . . : 192.168.0.1

       DHCP Server . . . . . . . . . . . : 192.168.0.1

       DNS Servers . . . . . . . . . . . : 209.18.47.61

         209.18.47.62

       Lease Obtained. . . . . . . . . . : Friday, February 06, 2015 12:21:25 AM

       Lease Expires . . . . . . . . . . : Friday, February 06, 2015 1:21:25 AM

Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    google.com
Addresses:  74.125.226.73, 74.125.226.71, 74.125.226.69, 74.125.226.78
    74.125.226.70, 74.125.226.64, 74.125.226.65, 74.125.226.68, 74.125.226.66
    74.125.226.67, 74.125.226.72



Pinging google.com [74.125.226.2] with 32 bytes of data:



Reply from 74.125.226.2: bytes=32 time=16ms TTL=51

Reply from 74.125.226.2: bytes=32 time=14ms TTL=51



Ping statistics for 74.125.226.2:

   Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

   Minimum = 14ms, Maximum = 16ms, Average = 15ms

Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  206.190.36.45, 98.139.183.24, 98.138.253.109



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=98ms TTL=45

Reply from 206.190.36.45: bytes=32 time=103ms TTL=45



Ping statistics for 206.190.36.45:

   Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

   Minimum = 98ms, Maximum = 103ms, Average = 100ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=48

Reply from 127.0.0.1: bytes=32 time<1ms TTL=48



Ping statistics for 127.0.0.1:

   Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

   Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 72 28 26 52 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
         0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.2     10
       127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1     1
     192.168.0.0    255.255.255.0      192.168.0.2     192.168.0.2     10
     192.168.0.2  255.255.255.255        127.0.0.1       127.0.0.1     10
   192.168.0.255  255.255.255.255      192.168.0.2     192.168.0.2     10
       224.0.0.0        240.0.0.0      192.168.0.2     192.168.0.2     10
 255.255.255.255  255.255.255.255      192.168.0.2     192.168.0.2     1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
 None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Catalog9 02 C:\WINDOWS\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\LavasoftTcpService.dll [332216] (Lavasoft Limited)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/06/2015 00:18:24 AM) (Source: MsiInstaller) (User: WINUSER-A04D1DE)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27054. CA_Error27054: SetupAction(0xC0070642): Installation failed.

Error: (02/05/2015 11:47:40 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 11:46:31 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 11:42:05 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 11:41:41 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 11:39:39 PM) (Source: Microsoft Office 14) (User: )
Description: EventType officelifeboathang, P1 winword.exe, P2 14.0.4734.1000, P3 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.

Error: (02/05/2015 11:15:21 PM) (Source: MsiInstaller) (User: WINUSER-A04D1DE)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27054. CA_Error27054: SetupAction(0xC0070642): Installation failed.

Error: (02/05/2015 11:07:53 PM) (Source: Application Hang) (User: )
Description: Hanging application MiniToolBox.exe, version 30.7.2014.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 11:06:39 PM) (Source: Application Hang) (User: )
Description: Hanging application MiniToolBox.exe, version 30.7.2014.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/05/2015 11:05:58 PM) (Source: Application Hang) (User: )
Description: Hanging application MiniToolBox.exe, version 30.7.2014.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (02/06/2015 00:25:57 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
hlnfd

Error: (02/06/2015 00:23:23 AM) (Source: Service Control Manager) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053

Error: (02/06/2015 00:23:23 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the HP Support Solutions Framework Service service to connect.

Error: (02/06/2015 00:15:06 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the RuntimeManager service, but this action failed with the following error:
%%1058

Error: (02/06/2015 00:15:06 AM) (Source: Service Control Manager) (User: )
Description: The RuntimeManager Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Error: (02/06/2015 00:15:06 AM) (Source: Service Control Manager) (User: )
Description: The RuntimeManager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (02/06/2015 00:12:14 AM) (Source: Service Control Manager) (User: )
Description: The FindingDiscount Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Error: (02/06/2015 00:12:14 AM) (Source: Service Control Manager) (User: )
Description: The FindingDiscount Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Error: (02/06/2015 00:12:14 AM) (Source: Service Control Manager) (User: )
Description: The FindingDiscount Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Error: (02/06/2015 00:12:12 AM) (Source: Service Control Manager) (User: )
Description: The FindingDiscount Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.


Microsoft Office Sessions:
=========================
Error: (02/06/2015 00:18:24 AM) (Source: MsiInstaller)(User: WINUSER-A04D1DE)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27054. CA_Error27054: SetupAction(0xC0070642): Installation failed.(NULL)(NULL)(NULL)(NULL)

Error: (02/05/2015 11:47:40 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/05/2015 11:46:31 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/05/2015 11:42:05 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/05/2015 11:41:41 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (02/05/2015 11:39:39 PM) (Source: Microsoft Office 14)(User: )
Description: officelifeboathangwinword.exe14.0.4734.1000ntdll.dll5.1.2600.6055NILNILNILNILNILNIL

Error: (02/05/2015 11:15:21 PM) (Source: MsiInstaller)(User: WINUSER-A04D1DE)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 27054. CA_Error27054: SetupAction(0xC0070642): Installation failed.(NULL)(NULL)(NULL)(NULL)

Error: (02/05/2015 11:07:53 PM) (Source: Application Hang)(User: )
Description: MiniToolBox.exe30.7.2014.0hungapp0.0.0.000000000

Error: (02/05/2015 11:06:39 PM) (Source: Application Hang)(User: )
Description: MiniToolBox.exe30.7.2014.0hungapp0.0.0.000000000

Error: (02/05/2015 11:05:58 PM) (Source: Application Hang)(User: )
Description: MiniToolBox.exe30.7.2014.0hungapp0.0.0.000000000



=========================== Installed Programs ============================
Ad-Aware Antivirus (HKLM\...\{69489131-0E91-491B-9E15-1987CDAD95C6}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
Ad-Aware Web Companion (Version: 1.1.862.1653 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe AIR (Version: 16.0.0.245 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.93 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
AVG 2015 (Version: 15.0.4281 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{C8358E8D-6C89-41B3-8439-FEFBC0353D81}) (Version:  - Microsoft)
FileHippo App Manager (HKLM\...\FileHippo.com) (Version:  - FileHippo.com)
FileOpener (HKLM\...\Tweaks FileOpener) (Version: 1.1.1 - Tweaks)
Final Draft 5 (HKLM\...\Final Draft 5) (Version:  - )
FindingDiscount (HKLM\...\FindingDiscount) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2292.0 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP ENVY 5660 series Basic Device Software (HKLM\...\{3D69617F-DCD3-4521-A1D6-68AF6BA36524}) (Version: 34.0.50.48729 - Hewlett-Packard Co.)
HP ENVY 5660 series Help (HKLM\...\{4112AC6C-B0D7-427C-B5E0-1EDFA8741C57}) (Version: 34.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IHA_MessageCenter (HKLM\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4543 - )
LavasoftTcpService (Version: 2.3.1.4 - Lavasoft) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2010 Primary Interop Assemblies (HKLM\...\{90140000-1105-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1024 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Norton 360 (HKLM\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Product Improvement Study for HP ENVY 5660 series (HKLM\...\{125300F6-BCA8-40ED-A285-9EA645022409}) (Version: 34.0.50.48729 - Hewlett-Packard Co.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.7083 - Realtek Semiconductor Corp.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.68.0 - Verizon)
Web Companion (HKLM\...\{8BC95771-8634-499F-9EA5-1498A2701C7A}_WebCompanion) (Version: 1.1.862.1653 - Lavasoft)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20061107.210142 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 5.21 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.1 - win.rar GmbH)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 3574.07 MB
Available physical RAM: 1890.39 MB
Total Pagefile: 4932.84 MB
Available Pagefile: 3222.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.64 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.5 GB) (Free:51.58 GB) NTFS

========================= Users: ========================================

User accounts for \\WINUSER-A04D1DE

Administrator          ASPNET          Guest          
HelpAssistant          SUPPORT_388945a0         winuser          


**** End of log ****

JUNKWARE REMOVAL TOOL:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Microsoft Windows XP x86
Ran by winuser on Fri 02/06/2015 at  0:31:55.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] hlnfd
Successfully deleted: [Service] hlnfd
Failed to stop: [Service] netfilter



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311331132}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411911136}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\visualbee"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\sparktrust"
Successfully deleted: [Folder] "C:\Documents and Settings\winuser\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\winuser\Application Data\mysearchdial"
Successfully deleted: [Folder] "C:\Documents and Settings\winuser\Application Data\rocketupdater"
Successfully deleted: [Folder] "C:\Documents and Settings\winuser\Application Data\searchresultstb"
Successfully deleted: [Folder] "C:\Documents and Settings\winuser\Application Data\sparktrust"
Successfully deleted: [Folder] "C:\Documents and Settings\winuser\Application Data\systweak"
Successfully deleted: [Folder] "C:\Documents and Settings\winuser\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Documents and Settings\winuser\Local Settings\Application Data\searchprotect"
Successfully deleted: [Folder] "C:\Documents and Settings\winuser\Local Settings\Application Data\torch"
Successfully deleted: [Folder] "C:\Documents and Settings\winuser\Local Settings\Application Data\visualbeeexe"
Successfully deleted: [Folder] "C:\Program Files\003"
Successfully deleted: [Folder] "C:\Program Files\hidefmedia"
Successfully deleted: [Folder] "C:\Program Files\oapps"
Successfully deleted: [Folder] "C:\Program Files\registry mechanic"
Successfully deleted: [Folder] "C:\Program Files\sweetim"



~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\winuser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa
Successfully deleted: [Folder] C:\Documents and Settings\winuser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/06/2015 at  0:44:37.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADWARE CLEANER:

# AdwCleaner v4.110 - Logfile created 06/02/2015 at 00:55:00
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : winuser - WINUSER-A04D1DE
# Running from : C:\Documents and Settings\winuser\My Documents\Downloads\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : netfilter

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\FileOpener
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\WIntEnhance
Folder Deleted : C:\Program Files\SupraSavings
Folder Deleted : C:\Program Files\Tweaks
Folder Deleted : C:\Program Files\WebBar
Folder Deleted : C:\Program Files\WIntEnhance
Folder Deleted : C:\Documents and Settings\winuser\Local Settings\Application Data\emaze
Folder Deleted : C:\Documents and Settings\winuser\Local Settings\Application Data\WebBar
Folder Deleted : C:\Documents and Settings\winuser\Application Data\Activeris
Folder Deleted : C:\Documents and Settings\winuser\My Documents\Optimizer Pro
File Deleted : C:\END
File Deleted : C:\Documents and Settings\All Users\Desktop\FileOpener.lnk
File Deleted : C:\WINDOWS\system32\drivers\netfilter.sys
File Deleted : C:\WINDOWS\system32\SecureAssist.dll
File Deleted : C:\Documents and Settings\winuser\Local Settings\Application Data\speedial.crx

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EC77D09-02CB-4E1F-E3C4-FB141B2610B3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{463B0ED4-8AFA-404B-90E7-4063A0708050}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E7C8B5A-96AB-438F-BF9B-782400655440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59A062A1-5ECA-4A1A-BC44-B2A9283A8ACB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{463B0ED4-8AFA-404B-90E7-4063A0708050}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3E7C8B5A-96AB-438F-BF9B-782400655440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{59A062A1-5ECA-4A1A-BC44-B2A9283A8ACB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\LyricsContainer
Key Deleted : HKCU\Software\RocketUpdater
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\Updater By Sweetpacks
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\WajIEnhance
Key Deleted : HKCU\Software\WIntEnhance
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\Rr Savings
Key Deleted : HKCU\Software\AppDataLow\Software\Supra Savings
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\iLividSRTB
Key Deleted : HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : HKLM\SOFTWARE\mysearchdial
Key Deleted : HKLM\SOFTWARE\Speedchecker Limited
Key Deleted : HKLM\SOFTWARE\Supra Savings
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : HKLM\SOFTWARE\WIntEnhance
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks FileOpener
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowseMark
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PCSU-SL_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Tweaks FileOpener
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WIntEnhance

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v42.0.2292.0


*************************

AdwCleaner[R0].txt - [9309 bytes] - [06/02/2015 00:46:05]
AdwCleaner[S0].txt - [9408 bytes] - [06/02/2015 00:55:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9467  bytes] ##########

ADWARE REMOVAL:


Adware Removal Tool v3.9
Time: 2015_02_06_01_09_59
OS: Windows XP - 32 Bit
Account Name: winuser
U0L0S136

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - File - C:\program files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll.config
Deleted - File - C:\program files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll.config
Deleted - File - C:\program files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
Deleted - File - C:\program files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe.config
Deleted - File - C:\Documents and Settings\All Users\Application Data\Lavasoft\Web Companion\Logs\Webcompanion\searchprotect.log
Deleted - File - C:\Documents and Settings\All Users\Application Data\Lavasoft\Web Companion\Logs\Webcompanion\searchprotect.log.1
Deleted - File - C:\Documents and Settings\All Users\Application Data\Lavasoft\Web Companion\Logs\Webcompanion\searchprotect.log.2
Deleted - File - C:\Documents and Settings\All Users\Application Data\Lavasoft\Web Companion\Logs\WindowsService\SearchProtectServiceLog.log
Deleted - Folder - C:\program files\OpenSoftwareUpdater
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Updater By SweetPacks:product_name
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SearchProtectionService:imagepath
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SearchProtectionService\Enum:0
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{114F8E43-2E40-4F85-B211-152BAA892F7A}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16819614-5AEA-4A5B-BCDA-7733DD17A733}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1696FD01-59EB-447F-B4DB-424C4F5336FA}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16A00F5F-EEAA-4E88-8C46-17C6AF2DAE36}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16E0BC77-6F15-490F48E61}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19F6C212-68D7-440D-BE15-37CFA91D65E}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A00DC65-4F9-4896-B66C-CD681E894F5}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2085B227-2F13-408B-B0AD-9BD39C80FA47}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2199B41B-EEE4-4CA5-99A-529651562BC3}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23339F0B-5F42-4871-99E7-322A3F53A989}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23B29A4F-C360-4E40-9E98-9F2C5B6390D3}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26470CAA-527-41C8-85D2-677831287EF4}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CDC9430-858E-4A0B-B2F8-B32CE60961A}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{320A7B97-9523-4082-9523-A089DF737795}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36E05F6F-819D-449B-9A2E-269A6DC5DFEE}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3994AF2-E0E5-4853-96EF-5B96D6958C5F}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BB1FCD6-C7A8-404B-A355-F3E5E680B9E0}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D28B0D3-334-4B6F-AC4C-11658B243029}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E1714E3-CEFC-4768-8763-9DE848DD4BB}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3E438014-640A-460E-9A70-38388D456B3C}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3F8D2328-E935-4C43-BCFE-5C705BFE1EA}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3FD0A0C6-95E4-449C-858F-DD768941C985}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{46353A82-6C58-475F-8399-5DD5C422EC}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C22AB5D-E7BD-4BF0-94C4-A1AFEC6B4284}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4DAB8A86-13F-49BC-89AA-B6B1F625CF80}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4DB61E0C-E41-4AC0-908E-22E9CDEF3D71}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4E8E0E25-220E-4D01-8B91-DDD09F4C3A4}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51310DEE-EFF9-489B-92B0-F4F9CD3D59D2}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{559E1383-2579-4988-BCBE-30FD16E0BB14}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{56A0CC83-B240-437B-A346-ABF6AFE348CA}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A3AE0A9-9D0B-40CB-8119-D6AC826FC238}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A9FCC41-D1B-499E-9C3B-74619037DE17}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6324264-2D52-4279-93DD-3DF3C2DFC085}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63B1831E-E082-4443-B9B9-359636DC31E4}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65455E71-2614-4129-9AC9-E7E7E0C424}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{679DC179-1EE9-4732-8738-87E5201B51E}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{683E5593-ED14-4EF4-8A45-7E7466C55E7}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68432ABE-8B4C-46A4-80B1-B08DD320EAA5}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AE5F93E-AF22-4F04-BA19-AEDF4DEBC50}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C00E9E6-CE94-45A8-99B6-6C9EBBD15FA0}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C1C2E74-C589-4EB3-8D0-10C7B781F6CE}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6FAFF741-30CA-48A9-B96A-73E1A9695CAF}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72E71B24-6F9F-4B24-B12C-62F2476B1AC0}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72EC1F0-B36C-43C1-AAC2-D0B9B7F1E887}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73725C7C-43A2-478C-8EDA-E8D87B661881}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7597AEA4-6F60-4249-BA19-7040341A3B14}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{760C500-5145-40C3-983B-3298D3956EF}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76B9A3A1-A7C2-45DF-9776-E34616C2F16}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7C93FFA7-BF70-4F85-BF9C-EE663922851D}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7FF54341-ADD2-45AC-A943-BE4779E774FE}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{848BEC2B-512C-48A7-BDC0-BB125C9B7C41}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89FED80F-19B0-4E67-B98E-24AA34B6B8F}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EBC8885-E65F-4FAC-91DC-866AE145115}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EC72DB2-ED9F-40A6-9677-4F2243AD44BC}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{921C158F-6D51-4BEE-B9F3-9EFD194F7AD}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92E25EEC-25B7-41BD-826C-F2C6AC65B2CE}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95CF9AF3-51E7-4643-AB93-4C7326959094}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9795B1C3-7856-40A5-9864-FAF9344E678}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F0A6F4B-9696-43FE-8979-51DF8667797}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A38304A1-FC44-403D-B6F6-837185F872}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A501024A-DFD2-4944-9BB4-1B7AD9DFA0C1}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A57A0B36-429F-4762-952B-981E205523A}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A795550D-5990-40ED-B096-7C849AD8E79}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A83CA07C-8254-4477-832A-CEA6246BE2A}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAAF20DD-D5B5-447C-A9C5-EA3DC7D134B6}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB36DF24-6AAF-4D19-A4B8-CC1DAF3C9B59}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB8D10FE-4F32-4D26-8FC5-4E9877F4F97D}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB917CFB-1447-48ED-9CB7-355C938FAF9A}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABBD69D8-A301-4307-9458-9B8C65A1738D}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AD54438F-D796-467A-B840-AB66AFD6B04B}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B16341E0-24F-41F4-8F3F-3E15B17EE2D}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B263ED48-1D21-4653-B926-8CEBB26E20E8}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BA9209-923D-4995-ABFF-B252A39D0A6}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3BB25C0-260E-4143-ACD2-30EC61FAC086}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B44C73B0-6751-41C2-BE64-8C851DFEB022}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B488C53B-7F10-4B08-9BB6-70696224FDA}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B9763DD4-E673-40BE-BD0-B4199A66B428}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B992EC83-175D-4E54-AC5A-B7E4227C4476}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BCDA7374-D58B-4FC2-B01C-4F54CB25B7DC}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFE46737-FCA3-4180-83C4-5FCEBA2913D}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C98CBF01-6B61-47EE-A195-EC1AA709980}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9F871A6-3188-4471-A1A3-FB6D9445C98E}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CBE4C0FE-D06F-4E24-8098-D14B5DA7B179}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCE4A34C-9F07-4DE8-BF7F-F2B91286BCA5}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D039A889-4658-4CCC-B1BB-3D832E43C4F3}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D441A118-7DD8-4CF6-B1B0-94FDB577B4E9}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D726FD7D-ABAF-4375-839F-73AAA7B4080}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7D0B571-E657-47A6-9211-24DBF0AF813F}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DCCCB066-4E29-4718-939B-E5B44D35EECB}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DF0507CC-7E52-41C7-B8BB-263542294CAE}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2542C7A-7089-4FB4-A058-64172E1C058}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7A7B84D-3D32-462E-8555-998C81291E}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9B69A00-19B9-4AE7-8E85-BB51EF88574}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE04E3D8-1E24-46CD-B4A9-E4CA91A07525}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F00E0B9F-CB5D-4E0C-B934-132AB4754}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0B1AC9-860C-4336-9ED3-FA1B3AF074DD}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F15E55DA-4345-4533-AE64-F0FFF89172C}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F439E488-8268-4CE8-86FC-A3CAB6738C8E}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F57F6696-650F-4DA6-95F6-AEB0A28C77D9}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6649EA2-1D19-4C8D-8B99-485BC7B477A7}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7E1D3F7-7D9A-4EC1-9A50-D086ED79E710}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F826D07F-34C0-4228-AD2E-75CEAA1E8FB}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F84AC9AF-41C1-41D0-9DEA-DE9C7798D1B}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA80CE79-93FE-44C6-A45C-88CCB740C00}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBC12EBC-FCF3-4884-8026-EB119CE31C5A}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FF78E772-53D9-45CB-A0D1-B3FB5A8A82FC}:appname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\UserData\S-1-5-18\Components\253D7F1F3E569E144BA595E851AF18FC:17759cb84368f994e95a41892a07c1a7
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\UserData\S-1-5-18\Components\59C7D2C3AE469804DB65146ABA239E94:17759cb84368f994e95a41892a07c1a7
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\UserData\S-1-5-18\Components\66FAE51B8C5AF3A4B94ECD4305B0A0B1:17759cb84368f994e95a41892a07c1a7
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\UserData\S-1-5-18\Components\869619B2E540C564F984DB7D498916B1:17759cb84368f994e95a41892a07c1a7
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\UserData\S-1-5-18\Components\95B75E3BA20FF1C47988E60ACCC9F989:17759cb84368f994e95a41892a07c1a7
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\UserData\S-1-5-18\Components\A987AFAA139EE6C42974E3F7CF64E8BA:17759cb84368f994e95a41892a07c1a7
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\UserData\S-1-5-18\Components\AA376C06ECD72D2428481D099E2E48AF:17759cb84368f994e95a41892a07c1a7
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\installer\UserData\S-1-5-18\Components\D67E67C4BB357E94DB131DC0D9FB68AE:17759cb84368f994e95a41892a07c1a7
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE:LessTabs
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE:SparkTrust
Deleted - RegistryKey - HKEY_CURRENT_USER\SOFTWARE:OpenSoftwareUpdater
Deleted - RegistryKey - HKEY_CURRENT_USER\SOFTWARE:SparkTrust
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node:Updater By SweetPacks
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services:SearchProtectionService

\\ Rebooting computer : 4 Objects
\\ Reboot Done

Deleted - File - C:\program files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
Deleted - File - C:\program files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
Deleted - File - C:\program files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
Deleted - File - C:\program files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll

\\ Finished

MALWARE BYTES (mbar):

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
 main:    v2015.02.06.03
 rootkit: v2015.02.03.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
winuser :: WINUSER-A04D1DE [administrator]

2/6/2015 1:35:10 AM
mbar-log-2015-02-06 (01-35-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 327592
Time elapsed: 16 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


(systemlog)

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
 main:    v2015.02.06.03
 rootkit: v2015.02.03.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
winuser :: WINUSER-A04D1DE [administrator]

2/6/2015 1:35:10 AM
mbar-log-2015-02-06 (01-35-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 327592
Time elapsed: 16 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Valu

Answer
Hi David

You had quite a number of adware installed, so it's no wonder the PC was slow.  AVG was conflicting with running the tools, so the fixes didn't complete.  Let's try removing FindingDiscount from your browser.  

Open Internet Explorer.
Click the Tools button, and then click Manage Add-ons.
Under Show, click All add-ons, and then select Finding Discount.
Remove all BHO’s (Browser Helper Objects) you do not know or need. If you don’t use any BHO's remove everything listed in the Add-ons panel.
If the add-on can be deleted, you’ll see the Remove option. Tap or click Remove and then click Close. Otherwise click Disable button.

If you use Chrome:
Click the Chrome menu Chrome menu on the browser toolbar.
Click Tools.
Select Extensions.
Click the trash can icon Remove an extension from Chrome by the Finding Discount extensions you’d like to completely remove.
Make sure to remove all extensions you do not know or need. If you don’t use any extension remove everything listed in the extensions panel.
A confirmation dialog appears, click Remove.

After that, I'd like for you to run a scan with Malwarebytes Anti-Malware:
http://www.malwarebytes.org/mwb-download/
Install the program, but before you run a scan, disable AVG so it won't conflict again.  After running the scan, post me the log and let me know if you successfully deleted the BHO's.

Brian  

Computer Security & Viruses

All Answers


Answers by Expert:


Ask Experts

Volunteer


Brian Benosky

Expertise

I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.

Experience

I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here: http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm I am also a Top Contributor of General Computing answers in Yahoo! Questions.

Education/Credentials
College Educated Self-taught Computer Skills

©2016 About.com. All rights reserved.