~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.3 (09.27.

2013:1) OS: Windows 7 Ultimate x86 Ran by Usuario on 27/09/2013 at 22:47:51,54 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\I nternet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\I nternet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\I nternet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\I nternet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1236850452-295773762 1-246369364-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\In ternet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\In ternet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\In ternet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\Main\\Search Page Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Int ernet Explorer\Main\\Default_Page_URL Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\In ternet Explorer\Main\\Default_Page_URL

~~~ Registry Keys Successfully deleted: -A06B-F14172F1A947} Successfully deleted: -B5D2-BD96E19DEE56} Successfully deleted: -915C-9F83CC3D5921} Successfully deleted: -86BE-C862B9E5444D} Successfully deleted: -92B6-83EA2EC40800} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139 [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89 [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93

-8150-02891F1D8D3C} Successfully deleted: [Registry Successfully deleted: [Registry Successfully deleted: [Registry Successfully deleted: [Registry Successfully deleted: [Registry dll Successfully deleted: [Registry Successfully deleted: [Registry -AA3C-1ED148AC8EEE} Successfully deleted: [Registry -BC85-D318495C4D96} Successfully deleted: [Registry -8540-082B8C2AE556} Successfully deleted: [Registry 4A65-AD2E-1389062074F1} Successfully deleted: [Registry 4000-B9C4-6603C1E912D1} Successfully deleted: [Registry 46FD-914E-C72BAAE1B672} Successfully deleted: [Registry 4528-96FA-C9FF38EF1762} Successfully deleted: [Registry 4F23-B393-F48B16E071D1} Successfully deleted: [Registry 4F11-B707-3FB6A2C97BD9} Successfully deleted: [Registry 46E7-9B8A-EE158DCA83A8} Successfully deleted: [Registry 4A09-B757-CF0FAFC488ED} Successfully deleted: [Registry 4A9D-AA3C-1ED148AC8EEE} Successfully deleted: [Registry 4A9B-A2A0-EF3B125DC29D} Successfully deleted: [Registry 4734-88DE-6C150C5D4036} Successfully deleted: [Registry 4659-A7FD-A9F7ED375CDD} Successfully deleted: [Registry 484A-AE5B-BA8CAD5B7347} Successfully deleted: [Registry 4A75-B8BE-F4BC34794136} Successfully deleted: [Registry 17-9FC3-56FC5162A994} Successfully deleted: [Registry 39-915C-9F83CC3D5921} Successfully deleted: [Registry 89-92B6-83EA2EC40800} Successfully deleted: [Registry Successfully deleted: [Registry Successfully deleted: [Registry Successfully deleted: [Registry Successfully deleted: [Registry extensions Successfully deleted: [Registry Successfully deleted: [Registry Successfully deleted: [Registry are\crossrider Successfully deleted: [Registry Successfully deleted: [Registry

Key] Key] Key] Key] Key]

HKEY_CLASSES_ROOT\AppID\escort.dll HKEY_CLASSES_ROOT\AppID\escortapp.dll HKEY_CLASSES_ROOT\AppID\escorteng.dll HKEY_CLASSES_ROOT\AppID\escortlbr.dll HKEY_CLASSES_ROOT\AppID\nctaudiocdgrabber2.

Key] HKEY_CLASSES_ROOT\AppID\secman.dll Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B Key] HKEY_CLASSES_ROOT\Interface\{23C70BCA-6E23Key] HKEY_CLASSES_ROOT\Interface\{23D8EEF7-0E13Key] HKEY_CLASSES_ROOT\Interface\{295CACB4-51F5Key] HKEY_CLASSES_ROOT\Interface\{2CE5C4B9-6DBEKey] HKEY_CLASSES_ROOT\Interface\{34C1FDF7-02C1Key] HKEY_CLASSES_ROOT\Interface\{54291324-7A3DKey] HKEY_CLASSES_ROOT\Interface\{59C63F11-D4E5Key] HKEY_CLASSES_ROOT\Interface\{5DA22CBD-0029Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9ACKey] HKEY_CLASSES_ROOT\Interface\{77A6E7D4-4A83Key] HKEY_CLASSES_ROOT\Interface\{C0585B2F-74D7Key] HKEY_CLASSES_ROOT\Interface\{CA17D76B-F91DKey] HKEY_CLASSES_ROOT\Interface\{D8242E89-2F81Key] HKEY_CLASSES_ROOT\Interface\{EF0588D6-1621Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-41 Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F Key] Key] Key] Key] Key] HKEY_CURRENT_USER\Software\1clickdownload HKEY_CURRENT_USER\Software\conduit HKEY_CURRENT_USER\Software\cr_installer HKEY_CURRENT_USER\Software\installcore HKEY_CURRENT_USER\Software\installedbrowser

Key] HKEY_CURRENT_USER\Software\softonic Key] HKEY_CURRENT_USER\Software\startsearch Key] HKEY_CURRENT_USER\Software\AppDataLow\softw Key] HKEY_LOCAL_MACHINE\Software\conduit Key] HKEY_LOCAL_MACHINE\Software\dealply

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\putlock erdownloader Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\askpartnercobrandingtool_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\askpartnercobrandingtool_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\funmoodslatest_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\funmoodslatest_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windo ws\CurrentVersion\Uninstall\coupondropdown plugin Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0027793.BHO Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0027793.BHO. 1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0027793.Sand box Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0027793.Sand box.1 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111 -1111-110211771193} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222 -2222-220222772293} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-55555555-5555-550255775593} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-66666666-6666-660266776693} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-44 44-4444-440244774493} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Crossri derApp0027793.BHO Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Crossri derApp0027793.BHO.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Crossri derApp0027793.Sandbox Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Crossri derApp0027793.Sandbox.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interfa ce\{55555555-5555-5555-5555-550255775593} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interfa ce\{66666666-6666-6666-6666-660266776693} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib \{44444444-4444-4444-4444-440244774493} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Window s\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211771193} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Window s\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211771193} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\AskInstallChecker_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\AskInstallChecker_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\AskInstaller_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\AskInstaller_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_for_particleillusion_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_for_particleillusion_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_for_sniper-elite_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_for_sniper-elite_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_counter-strike_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_counter-strike_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_opengl-extensions-viewer_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_opengl-extensions-viewer_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_opengl_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_opengl_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_realtek-hd-audio-drivers_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_realtek-hd-audio-drivers_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_skype-voice-changer_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_skype-voice-changer_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_sony-vegas(1)_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_sony-vegas(1)_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_sony-vegas_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_sony-vegas_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_surgeon-simulator-2013_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_surgeon-simulator-2013_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_x-ray-scanner_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Traci ng\SoftonicDownloader_para_x-ray-scanner_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windo ws\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211771193} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windo ws\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-11021 1771193} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Intern et Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Inter net Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" Successfully deleted: [Registry Key] "hkey_current_user\software\pip"

~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\DealPlyUpdate Successfully deleted: [File] C:\Windows\System32\Tasks\Updater27793.exe Successfully deleted: [File] "C:\Windows\system32\roboot.exe"

~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\esafe" Successfully deleted: [Folder] "C:\Users\Usuario\AppData\Roaming\edownload" Successfully deleted: [Folder] "C:\Users\Usuario\AppData\Roaming\isafe" Successfully deleted: [Folder] "C:\Program Files\myfree codec" Successfully deleted: [Folder] "C:\Program Files\Common Files\wondershare" Successfully deleted: [Empty Folder] C:\Users\Usuario\appdata\local\{37C2EDCA-9D F7-420A-8ECA-967447F187CE} Successfully deleted: [Folder] "C:\ProgramData\ask"

~~~ FireFox Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firef ox\Extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c} Successfully deleted the following from C:\Users\Usuario\AppData\Roaming\mozilla \firefox\profiles\r1so821u.default-1379349961051\prefs.js user_pref("browser.newtab.url", "hxxp://www.delta-homes.com/newtab/?utm_source=b &utm_medium=newgdp&utm_campaign=eXQ&utm_content=nt&from=newgdp&uid=MAXTORXSTM380 815AS_5QZ7X790X user_pref("browser.search.defaultenginename", "delta-homes"); user_pref("browser.search.selectedEngine", "delta-homes"); user_pref("browser.startup.homepage", "hxxp://www.delta-homes.com/?utm_source=b& utm_medium=newgdp&utm_campaign=eXQ&utm_content=hp&from=newgdp&uid=MAXTORXSTM3808 15AS_5QZ7X790XX

~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google \Chrome\extensioninstallforcelist [Blacklisted Policy] Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Ex tensions\bbjciahceamgodcoidkjpchnokgfpphh Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\E xtensions\bbjciahceamgodcoidkjpchnokgfpphh Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Ex tensions\cjpglkicenollcignonpgiafdgfeehoj Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\E xtensions\cjpglkicenollcignonpgiafdgfeehoj Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Ex tensions\gaiilaahiahdejapggenmdmafpmbipje Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\E xtensions\gaiilaahiahdejapggenmdmafpmbipje

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 27/09/2013 at 22:52:31,04 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~