I managed to cut the number of FindWide traces to 24. http://i.imgur.com/74JqMhw.png http://i.imgur.com/MXUBos2.png Code: HitmanPro 3.7.9.232 www.hitmanpro.com Computer name . . . . : ???? Windows . . . . . . . : 6.3.0.9600.X64/4 User name . . . . . . : CyberDrone UAC . . . . . . . . . : Enabled License . . . . . . . : Paid (78 days left) Scan date . . . . . . : 2014-12-26 19:08:07 Scan mode . . . . . . : Normal Scan duration . . . . : 4m 55s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 24 Traces . . . . . . . : 24 Objects scanned . . . : 1,672,935 Files scanned . . . . : 29,100 Remnants scanned . . : 566,867 files / 1,076,968 keys Malware remnants ____________________________________________________________ HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}\ (FindWide) HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}\ (FindWide) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}\ (FindWide) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}\ (FindWide)
When removal is attempted within the infected/affected OS the Virus/PUP/etc quite often replicates & hides itself. When removal is attempted outside the infected/affected OS (like using a Linux LiveCD) the Virus/PUP/etc cannot replicate.
Hitman pro just did an automatic scan at start up, and those malware traces were all gone. So I did a manual scan to make sure, and those malware traces are back again. What gives
After 2 weeks I finally got rid of FindWide I completely uninstalled Kaspersky and did 3 consecutive scans with Hitman Pro (with a reboot in between) and the scan results were all clean. I then did the same with Kaspersky installed and all 3 scans were all clean. Thanks everyone for your help and suggestions. Cheers! ps: I have now installed Unchecky!
The scan at startup is a quick scan while the manual scan is a regular scan. The quick scan doesn't perform the remnant scan.
Under a malware infection - always assume the system restore archive is infected. Until the infected device | PC is cleaned; system restore should not be used.