TechSpot

Please help to remove Advanced Registry Optimizer

By Ellie
Oct 27, 2011
  1. Hello,

    A friend has accidentally installed Advanced Registry Optimizer and I am helping her to remove it.

    I have performed the Malwarebytes scan, the Gmer and the DDS scans as per the steps I read on here and the logs follow. I also have a 'attach.txt' file from the DDS that I am not supposed to post until asked.

    Many thanks for your help in this.

    Please let me know what I am supposed to do next.

    Malwarebytes:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7975

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    18/10/2011 4:45:29 PM
    mbam-log-2011-10-18 (16-45-29).txt

    Scan type: Quick scan
    Objects scanned: 179549
    Time elapsed: 6 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Owner\local settings\temporary internet files\Content.IE5\4WNE7XJG\cieonetutilities.exe (Adware.FunWeb) -> Quarantined and deleted successfully.


    Gmer:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-10-27 15:41:45
    Windows 6.0.6002 Service Pack 2
    Running: ucjbusln.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0017fad26430
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0017fad26430 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----


    DDS:
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Owner at 15:50:45 on 2011-10-27
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2939.1175 [GMT -3:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\agr64svc.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Second Copy 8\ScVssService64.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\RAVCpl64.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Second Copy 8\SecCopy.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\SiteRanker\SiteRankTray.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\conime.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://kingsportclinic.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - C:\PROGRA~2\SITERA~1\SiteRank.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\googletoolbar1.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\googletoolbar1.dll
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [TOSCDSPD] TOSCDSPD.EXE
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [AROReminder] C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe -rem
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [Second Copy] "C:\Program Files (x86)\Second Copy 8\SecCopy.exe" /InitialWait=5
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [SiteRanker] "C:\Program Files (x86)\SiteRanker\SiteRankTray.exe"
    mRun: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.2.1 142.177.2.130 142.166.145.137
    TCP: Interfaces\{AE23B47C-2B41-44E0-AD11-AB1FB091354F} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{C7948E09-11B8-47BB-A46E-F52ACE6E9FF0} : DhcpNameServer = 192.168.2.1 142.177.2.130 142.166.145.137
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO-X64: : {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll
    BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
    TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun-x64: [SiteRanker] "C:\Program Files (x86)\SiteRanker\SiteRankTray.exe"
    mRun-x64: [PCPowerSpeed] "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys --> C:\Windows\system32\DRIVERS\rtlprot.sys [?]
    R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2008-4-4 36864]
    R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2008-4-17 40960]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 ScVssService64;Second Copy VSS Service x64;C:\Program Files (x86)\Second Copy 8\ScVssService64.exe [2011-10-18 75048]
    R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]
    R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 rtl819xpn64;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\system32\DRIVERS\rtl819xp.sys --> C:\Windows\system32\DRIVERS\rtl819xp.sys [?]
    R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-8-25 89600]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate1ca3be2fe4970d0;Google Update Service (gupdate1ca3be2fe4970d0);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-22 133104]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-22 133104]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64k.sys --> C:\Windows\system32\DRIVERS\point64k.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-13 89920]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-10-27 17:00:45 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3BF370BC-093A-4437-944D-AB994EFFE8A1}\offreg.dll
    2011-10-27 14:36:54 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3BF370BC-093A-4437-944D-AB994EFFE8A1}\mpengine.dll
    2011-10-18 19:20:38 -------- d-----w- C:\Program Files\CCleaner
    2011-10-18 19:16:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
    2011-10-18 19:16:45 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-10-18 19:16:41 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-10-18 19:16:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-10-18 18:04:30 -------- d-----w- C:\Users\Owner\AppData\Roaming\Pegasus Mail
    2011-10-18 17:52:50 -------- d-----w- C:\Users\Owner\AppData\Local\Centered Systems
    2011-10-18 17:52:30 634560 ----a-w- C:\Windows\SysWow64\XceedZip.dll
    2011-10-18 17:52:29 -------- d-----w- C:\Program Files (x86)\Second Copy 8
    2011-10-15 06:00:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
    2011-10-15 06:00:59 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    2011-10-11 11:15:45 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6160014E-CC85-4C7E-9F9E-7CB98F1E6973}\gapaengine.dll
    .
    ==================== Find3M ====================
    .
    2011-10-15 17:17:07 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys
    2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
    2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-08-25 16:20:38 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll
    2011-08-25 16:19:32 847360 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-08-25 16:19:32 332288 ----a-w- C:\Windows\System32\oleacc.dll
    2011-08-25 16:15:04 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
    2011-08-25 16:14:01 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-08-25 16:14:01 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2011-08-25 13:54:14 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
    2011-08-25 13:31:01 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
    .
    ============= FINISH: 15:51:11.35 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Advanced Registry Optimizer is not a malicious program.
    It's simply not recommended as registry should be left alone.

    What are the problems with uninstalling it?
     
  3. Ellie

    Ellie TS Rookie Topic Starter

    Thanks for the reply.

    I found that it was intrusive and noticed it after removing another program that my friend had accidentally installed.

    I have just uninstalled it and after running those scans and having the one issue cleaned up, I guess she will be safe to let loose on her computer again. I have installed WOT addon for her browsers now and told her never to click on anything with a red circle beside the link. I know that there are incorrect warnings there, too, but in her case as in the case of many, better safe than sorry.

    Thanks again,

    Ellie
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    So I assume there was no problem with uninstalling it?
     
  5. Ellie

    Ellie TS Rookie Topic Starter

    No problem and all seems well.

    There were a few malwares and other that were flagged by the initial checkings as posted, but all now seems well.

    Thanks for the replies

    Ellie
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Sure thing :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...