Have a virus, currently in safe mode with network, can'topen

January 13, 2015 at 17:38:07
Specs: Windows 7, ?
Having the same issue, currently in safe mode with networking, still can't open Firefox or Internet explorer. Still can't run avg.
I guess the question is, how do I access the internet so I can remove the malware?
below is my log file.....please help me locate

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:47:21 PM, on 14/01/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
CHROME: 39.0.2171.95
FIREFOX: 34.0.5 (x86 en-US)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\SysWOW64\DllHost.exe
C:\Users\Emma\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Emma\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (file missing)
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://zone.msn.com
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/de...
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagame...
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagame...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewo...
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA00A198-60DC-410C-AEF5-7263C8ED60A7}: NameServer = 208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.1.9 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11776 bytes

message edited by Emmae


See More: Have a virus, currently in safe mode with network, cantopen

Report •

#1
January 13, 2015 at 23:47:51
Here is the first step, more will needed.

This is a variation for your circumstances.

Download Combofix to a USB thumb drive and run Combofix from the USB in Safe mode, just say continue to all the warning messages

Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
. Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


message edited by Johnw


Report •

#2
January 14, 2015 at 01:37:35
Will installing downloading combo fix on a healthy computer cause it any damage? I've copied it to USB and is now preparing a log

Report •

#3
January 14, 2015 at 01:45:26
ComboFix 15-01-08.01 - Emma 14/01/2015 19:29:13.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1791.1139 [GMT 10:00]
Running from: L:\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Emma\AppData\Roaming\Adobe\plugs
c:\users\Emma\AppData\Roaming\Adobe\shed
.
.
((((((((((((((((((((((((( Files Created from 2014-12-14 to 2015-01-14 )))))))))))))))))))))))))))))))
.
.
2015-01-14 09:36 . 2015-01-14 09:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-08 11:58 . 2014-11-26 16:41 48240 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2015-01-04 05:25 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2015-01-04 05:25 . 2014-05-08 09:32 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-01-04 05:23 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-01-04 05:23 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
2015-01-03 00:07 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2015-01-03 00:07 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2015-01-03 00:07 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2015-01-03 00:07 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-12-26 02:03 . 2007-11-20 04:33 47680 ----a-w- c:\windows\system32\drivers\Capt905c.sys
2014-12-26 02:03 . 2007-08-21 04:28 39872 ----a-w- c:\windows\system32\drivers\Camd905c.sys
2014-12-17 22:35 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-17 22:35 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-17 21:54 . 2014-12-17 21:54 -------- d-----w- c:\windows\system32\appraiser
2014-12-17 11:49 . 2014-12-17 11:49 0 ----a-w- c:\windows\SysWow64\sho9A89.tmp
2014-12-17 11:37 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2014-12-17 11:37 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
2014-12-16 22:20 . 2014-12-04 02:50 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-16 22:20 . 2014-12-04 02:44 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-16 22:20 . 2014-12-01 23:28 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-12-16 22:20 . 2014-12-04 02:50 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-16 22:20 . 2014-12-04 02:50 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-16 22:20 . 2014-12-04 02:50 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-16 22:20 . 2014-12-04 02:50 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-16 22:09 . 2014-11-11 03:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-12-16 22:09 . 2014-11-11 02:44 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-12-16 22:09 . 2014-11-11 01:46 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-12-16 22:09 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
2014-12-16 22:09 . 2014-10-30 01:45 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-12-16 22:09 . 2014-10-03 02:12 2020352 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-16 22:08 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\SysWow64\WsmSvc.dll
2014-12-16 22:08 . 2014-10-03 02:12 310272 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-16 22:08 . 2014-10-03 02:12 346624 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-16 22:08 . 2014-10-03 02:11 266240 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-16 22:08 . 2014-10-03 02:12 181248 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-16 22:08 . 2014-10-03 01:45 248832 ----a-w- c:\windows\SysWow64\WSManMigrationPlugin.dll
2014-12-16 22:08 . 2014-10-03 01:45 214016 ----a-w- c:\windows\SysWow64\WsmWmiPl.dll
2014-12-16 22:08 . 2014-10-03 01:45 145920 ----a-w- c:\windows\SysWow64\WsmAuto.dll
2014-12-16 22:08 . 2014-10-03 01:44 198656 ----a-w- c:\windows\SysWow64\WSManHTTPConfig.exe
2014-12-16 22:06 . 2014-11-08 03:16 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-16 22:06 . 2014-11-08 02:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-17 11:39 . 2011-01-12 22:51 112710672 ----a-w- c:\windows\system32\MRT.exe
2014-12-16 10:02 . 2012-03-30 22:30 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-16 10:02 . 2011-05-15 00:30 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 17:42 . 2014-11-12 17:42 0 ----a-w- c:\windows\SysWow64\sho281B.tmp
2014-11-11 03:08 . 2014-11-19 08:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 08:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-11-19 08:08 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 08:08 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-04 09:35 . 2013-11-12 03:51 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-10-29 11:35 . 2014-10-29 11:35 263960 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-10-25 01:57 . 2014-11-11 23:01 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-11 23:01 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-18 02:05 . 2014-11-11 22:54 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-11-11 22:54 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-08-20 04:58 3627032 ----a-w- c:\program files (x86)\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\18.1.9.786\AVG Secure Search_toolbar.dll" [2014-08-20 3627032]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-12 04:14 222712 ----a-w- c:\users\Emma\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-12 04:14 222712 ----a-w- c:\users\Emma\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-12 04:14 222712 ----a-w- c:\users\Emma\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-07 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-14 43816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2014-11-09 3653136]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2014-08-26 2640408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-14 157480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
R4 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
R4 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
R4 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 10:02]
.
2015-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2693328941-157643610-2719008879-1001Core.job
- c:\users\Emma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-13 05:12]
.
2015-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2693328941-157643610-2719008879-1001UA.job
- c:\users\Emma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-13 05:12]
.
2014-08-28 c:\windows\Tasks\HPCeeScheduleForEmma.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 12:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-11-12 04:14 261624 ----a-w- c:\users\Emma\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-11-12 04:14 261624 ----a-w- c:\users\Emma\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-11-12 04:14 261624 ----a-w- c:\users\Emma\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 08:07 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 08:07 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 08:07 2334928 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: msn.com\zone
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{DA00A198-60DC-410C-AEF5-7263C8ED60A7}: NameServer = 208.67.222.222
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
FF - ProfilePath - c:\users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\pkzaijph.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-14 19:39:25
ComboFix-quarantined-files.txt 2015-01-14 09:39
.
Pre-Run: 27,905,355,776 bytes free
Post-Run: 27,742,584,832 bytes free
.
- - End Of File - - 23FC9E51A7E33FAA6E76332755B6B540
360F7ED8A87D1846A7706C34BF8D71B1

Report •

Related Solutions

#4
January 14, 2015 at 01:51:13
"Will installing downloading combo fix on a healthy computer cause it any damage?"
No.

Good result from Combofix, we will now try dismantling the malware layer by layer.

Update & Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan ( now called Threat Scan )
Malwarebytes' Anti-Malware
http://www.softpedia.com/get/Antivi...
http://www.malwarebytes.org/free/
Make sure you uncheck > Enable free trial < at the END of the install.
http://i.imgur.com/tUFCbYz.gif
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Copy and Paste the contents of the log, in your reply please.

If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Apply Actions button after the scan. In most cases, a restart will be required.
If you misplace your log, here are ways to find.
http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
http://i.imgur.com/ZZ1trsv.gif
http://i.imgur.com/LL0K3qs.gif
Or,
(Export log to save as txt)
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
http://i.imgur.com/LNl3Sgw.gif
http://i.imgur.com/xGJgawB.gif


Report •

#5
January 14, 2015 at 02:22:07
Application was unable to start correctly (0xc0000006)

Should I leave safe mode? Can't run mbam.
I am trying to install from USB however.... And I have removed it from infected computer yesterday.

message edited by Emmae


Report •

#6
January 14, 2015 at 02:26:18
"Should I leave safe mode? Can't run mbam"
Yep, give normal mode a try. If normal mode works, leave it in that mode.

message edited by Johnw


Report •

#7
January 14, 2015 at 02:33:09
Here are other ways to get a scan, if needed.

Use Chameleon to run Malwarebytes Anti-Malware on infected systems
https://www.malwarebytes.org/chamel...
https://helpdesk.malwarebytes.org/e...
https://helpdesk.malwarebytes.org/e...
How to use Chameleon when the hard drive has been encrypted by the infection or a comp without access to usb/cd drive.
1: Press the Windows key.
http://en.wikipedia.org/wiki/Window...
2: Type this address into the search box.
https://www.malwarebytes.org/chamel...
3: Use the Windows & Tab keys to navigate by hitting > Enter.
If it won't run, rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
http://www.spywareinfoforum.com/ind...


Report •

#8
January 14, 2015 at 02:50:45
Nope. No good. Can't start it.

Report •

#9
January 14, 2015 at 02:53:39
Try this way in both modes if needed.

Redownload Malwarebytes but rename it before you download it to your Desktop. As you are in the process of downloading when you get to the point that the "enter name of file to save to" box appears, in the "filename" slot, rename mbam-setup.exe to something.exe, then click Save.
If it installed but will not run, navigate to this folder:
2: C:\Programs Files\Malwarebytes' AntiMalware
Rename all the .exe files in the Malwarebytes' Anti-Malware folder and try to run it again.


Report •

#10
January 14, 2015 at 02:55:44
What I have given above may need a little tweaking, experiment with your situation.

message edited by Johnw


Report •

#11
January 14, 2015 at 03:16:31
What sort of comp are you having the problem with. PC or laptop or other?
What sort of comp are you posting here with. PC or laptop or other?

Where are you?
I'm here.
http://www.timeanddate.com/worldclo...


Report •

#12
January 14, 2015 at 03:35:30
It's my PC with the problem. I'm using my phone and laptop (husbands not mine) to post on here. I'm in Gladstone, Queensland :) I've tried Chameleon, no good. And I've tried changing the name... That bit I think I'm getting wrong. I'm not the most computer savvy, but I'm trying. Thank you for helping me, I'll try the name thing again. P.s why do people put malware on other peoples computers?

Report •

#13
January 14, 2015 at 03:35:51
Here is the next step.

Run HitmanPro Kickstart. Note: You will need a USB flash/thumb/pen drive to use this method.
http://www.surfright.nl/en/kickstart
Once you have created a HitmanPro.Kickstart USB flash drive you can use it to rescue a ransomed PC. For that you must first make sure that the ransomed PC is powered off.
Insert the HitmanPro.Kickstart USB flash drive into a USB port of the ransomed PC and turn on the power of the PC. During the startup of the PC, enter the Boot Menu of your BIOS (press either F8, F11 or F12 depending on the manufacturer of your BIOS) and select the HitmanPro.Kickstart USB flash drive.
HitmanPro.Kickstart user manual / guide
http://antimalwaresoftware.nl/handl...
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

Download 32-bit HitmanPro 3.7 with Kickstart
http://dl.surfright.nl/HitmanPro.exe
HitmanPro 3.7 with Kickstart (64-bit)
http://dl.surfright.nl/HitmanPro_x6...

message edited by Johnw


Report •

#14
January 14, 2015 at 04:53:32
thanks will try with this in the morning. :) will turn off PC tonight...?

message edited by Emmae


Report •

#15
January 14, 2015 at 05:06:49
"Gladstone, Queensland"
Ok, I now know your awake hours are similar to mine.

"I'm not the most computer savvy"
You are going pretty good.

"P.s why do people put malware on other peoples computers?"
Sick or criminally minded. Our challenge, is to try & outsmart them.

"thanks will try with this in the morning. :) will turn off PC tonight...?"
Ok, turn it off & it will interesting to see if Hitman can run.

I'm going to bed now, shall get up early.


Report •

#16
January 14, 2015 at 14:39:11
Here is another way to get Malwarebytes to run.

Malwarebytes USB boot, Malware USB, malware boot, Custom USB Stick
http://www.thecomputermanual.com/ma...


Report •

#17
January 14, 2015 at 14:53:15
Here is the standard version of Hitman/

Run Hitman Pro, then Copy and Paste the contents of the log please, into your reply.
http://www.softpedia.com/get/Intern...
http://www.surfright.nl/en/HitmanPro
http://www.surfright.nl/en/hitmanpro/
How to scan and obtain a log
http://forums.majorgeeks.com/showth...
Unlimited free scanning and free 30-day version to remove detected malware.
Download now (32-bit)
http://dl.surfright.nl/HitmanPro35.exe
Download now (64-bit)
http://dl.surfright.nl/HitmanPro35_...
HitmanPro does not need to be installed. It can be run straight from a USB flash/thumb/pen drive, a CD/DVD, local or network attached hard drive.
HitmanPro offers you a Free Scan for a second opinion.


Report •

#18
January 14, 2015 at 16:17:56
Another link for Chameleon.

How do I use Malwarebytes Chameleon to install Malwarebytes Anti-Malware on an infected system?
https://helpdesk.malwarebytes.org/h...


Report •

#19
January 14, 2015 at 16:43:19
stand by for #13 sorry have been running a bit behind this morning.

Report •

#20
January 14, 2015 at 17:17:42
I'm back at the comp. Just finished getting the pool into shape & doing some garden work before it got too hot.

Report •

#21
January 14, 2015 at 17:50:26
I've tried hitmanpro, it's says do you want to make changes to the computer, I click yes... Then nothing.

Report •

#22
January 14, 2015 at 17:53:42
I didn't run bios though, just started computer normally, clicked on folder for USB and then run as admin on hitmanpro. F8 is not bios and f12 is a screen I don't know... Isn't bios a blue screen?

Report •

#23
January 14, 2015 at 17:55:12
It's bloody hot here too. Just popping out to do shopping.

Report •

#24
January 14, 2015 at 17:55:31
Ok, move on, if you have the patience/time to keep trying.

message edited by Johnw


Report •

#25
January 14, 2015 at 19:12:46
If you can't get any further with the above, here are some more steps.

Your W7 is 64-bit, here is a list of rescue programs, most important whatever you choose, is it matches your operating system. I use ESET a lot. Install from the good comp.
How do I use ESET SysRescue to create a bootable USB flash drive, CD or DVD on a 64-bit Windows system? (4.x)
http://kb.eset.com/esetkb/index?pag...
Comprehensive List of 26 Bootable Antivirus Rescue CDs for Offline Scanning
https://www.raymond.cc/blog/13-anti...
https://www.raymond.cc/blog/13-anti...
https://www.raymond.cc/blog/13-anti...
A huge advantage in using a rescue CD compared to the antivirus installed on your computer is the chances of a successful removal is much higher because the malware is inactive since Windows is not even loaded in the first place. Unlike when a virus is active on the system, it can be very resilient and block any security tools from being run, making it really difficult even for experienced users to delete it from the system.

Another way

The infection is locking us out, you can take the drive out of the PC & connect it via usb to the laptop. Then run all the cleaning tools from the laptop, to scan your PC drive.
The type of connector will depend on what sort of drive it is. It may be either, IDE, Sata/Pata or SSD.
You may even have an external enclosure that you can put the PC drive into. Once I know all the details of what you have or plan on doing, I can guide you further.

usb connector for hard drive
http://is.gd/iCphSX
I find the $6.00 products work perfectly.
Plug into a rear usb port.


Report •

#26
January 14, 2015 at 19:14:01
"Isn't bios a blue screen?"
Yes.
i have no idea what your comp is, so enter the bios your normal way. It will be in your manual, usually with the CD that came with the comp.

message edited by Johnw


Report •

#27
January 16, 2015 at 03:00:47
Thank you for helping me, I'm going to have another crack at it soon. With a little help from a friend. I'll post back to this or start a new one if it's been too long. Once again thanks for giving me the time to help. appreciate it a lot. :)

Report •

#28
January 16, 2015 at 03:09:24
"I'm going to have another crack at it soon"
Just starting think you had given up.

"With a little help from a friend"
Always easier with another helper & spare comp's.

"I'll post back to this"
Here is fine.


Report •

#29
January 18, 2015 at 15:37:36
currently using my husbands comp....and this happened... seems everything i use gets sick....hmmm

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 19/01/2015
Scan Time: 9:21:50 AM
Logfile: jons log.txt
Administrator: No

Version: 2.00.4.1028
Malware Database: v2015.01.18.12
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Emma

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 276418
Time Elapsed: 8 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [71735d9bbbcef343e2e8ed02af53ff01],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C}, , [71735d9bbbcef343e2e8ed02af53ff01],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\CLASSES\Toolbar.CT3220468, , [71735d9bbbcef343e2e8ed02af53ff01],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT3220468, , [71735d9bbbcef343e2e8ed02af53ff01],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{537F4F0B-3542-4C7D-A3E5-CF121482696C}, , [71735d9bbbcef343e2e8ed02af53ff01],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [71735d9bbbcef343e2e8ed02af53ff01],
PUP.Optional.uTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\uTorrentControl_v2, , [af35c0385336a78f7dbfa109f21138c8],
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ejpbbhjlbipncjklfjjaedaieimbmdda, , [da0a12e6b7d2a294791ea2ed40c308f8],
PUP.Optional.uTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\uTorrentControl_v2 Toolbar, , [14d01eda2663b77f88848db2e91ab54b],

Registry Values: 4
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, uTorrentControl_v2 Toolbar, , [71735d9bbbcef343e2e8ed02af53ff01]
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{7473B6BD-4691-4744-A82B-7854EB3D70B6}, , [71735d9bbbcef343e2e8ed02af53ff01],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, , [5b89b444c0c9eb4b7e4c48a70002e41c],
PUP.Optional.UTorrentControl.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{7473b6bd-4691-4744-a82b-7854eb3d70b6}, , [b72da0587712f046bb0ffef148baf30d],

Registry Data: 0
(No malicious items detected)

Folders: 42
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.uTorrentControl.A, C:\Program Files (x86)\uTorrentControl_v2, , [14d01eda2663b77f88848db2e91ab54b],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\AddedAppDialog, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\DefualtImages, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\DetectedAppDialog, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\EngineFirstTimeDialog, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\NewSearchProtectorDialog, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\NewSearchProtectorDialog\images, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorBubbleDialog, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorBubbleDialog\images, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorDialog, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorDialog\Images, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorRetakeoverDialog, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorRetakeoverDialog\Images, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\ToolbarFirstTimeDialog, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\ToolbarFirstTimeDialog\images, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\ToolbarUntrustedAppsApprovalDialog, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\UninstallDialog, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\UntrustedAddedAppDialog, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\UntrustedAppApprovalDialog, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\UntrustedAppPendingDialog, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\EmailNotifier, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\ExternalComponent, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Logs, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\MyStuffApps, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\plugins, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Repository, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Repository\conduit_CT3220468_CT3220468, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Repository\conduit_CT3220468_CT3220468\AppsMetaData, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Repository\conduit_CT3220468_CT3220468\DynamicDialogs, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Repository\conduit_CT3220468_CT3220468\ToolbarLogin, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Repository\conduit_CT3220468_CT3220468\ToolbarSettings, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Repository\conduit_CT3220468_en, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Repository\conduit_CT3220468_en\ToolbarTranslation, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\SearchInNewTab, , [28bc0fe91574c86e0af15be5e91a7987],

Files: 156
PUP.Optional.UTorrentControl.A, C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll, , [71735d9bbbcef343e2e8ed02af53ff01],
PUP.Optional.Conduit.A, c:\users\jon\appdata\local\cre\ejpbbhjlbipncjklfjjaedaieimbmdda.crx, , [648027d1e6a3fa3c1680187737cce818],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\1.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\a.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\b.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\c.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\d.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\e.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\f.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\g.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\h.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\i.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\j.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\k.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\l.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\m.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\n.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\o.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\p.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\q.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\r.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\s.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\t.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\u.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\v.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\w.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\wlu.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\x.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\y.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.PriceGong.A, C:\Users\Emma\AppData\LocalLow\PriceGong\Data\z.txt, , [d410b14777126bcb3f197bc2a2611ee2],
PUP.Optional.uTorrentControl.A, C:\Program Files (x86)\uTorrentControl_v2\GottenAppsContextMenu.xml, , [14d01eda2663b77f88848db2e91ab54b],
PUP.Optional.uTorrentControl.A, C:\Program Files (x86)\uTorrentControl_v2\ldrtbuTor.dll, , [14d01eda2663b77f88848db2e91ab54b],
PUP.Optional.uTorrentControl.A, C:\Program Files (x86)\uTorrentControl_v2\OtherAppsContextMenu.xml, , [14d01eda2663b77f88848db2e91ab54b],
PUP.Optional.uTorrentControl.A, C:\Program Files (x86)\uTorrentControl_v2\SharedAppsContextMenu.xml, , [14d01eda2663b77f88848db2e91ab54b],
PUP.Optional.uTorrentControl.A, C:\Program Files (x86)\uTorrentControl_v2\tbuTor.dll, , [14d01eda2663b77f88848db2e91ab54b],
PUP.Optional.uTorrentControl.A, C:\Program Files (x86)\uTorrentControl_v2\toolbar.cfg, , [14d01eda2663b77f88848db2e91ab54b],
PUP.Optional.uTorrentControl.A, C:\Program Files (x86)\uTorrentControl_v2\ToolbarContextMenu.xml, , [14d01eda2663b77f88848db2e91ab54b],
PUP.Optional.uTorrentControl.A, C:\Program Files (x86)\uTorrentControl_v2\uninstall.exe, , [14d01eda2663b77f88848db2e91ab54b],
PUP.Optional.uTorrentControl.A, C:\Program Files (x86)\uTorrentControl_v2\uTorrentControl_v2ToolbarHelper.exe, , [14d01eda2663b77f88848db2e91ab54b],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\ldrtbuTor.dll, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\tbuTo1.dll, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\tbuTor.dll, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\ThirdPartyComponents.xml, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\toolbar.cfg, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_53_307_CT3072253_images_634514692184142958_20PX_png.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_53_307_CT3072253_Images_634520779497696087_png.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_eula_png.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\DialogsAPI.js, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\excanvas.js, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\generalDialogStyle.css, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\PIE.htc, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\RoundedCorners.css, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\RoundedCornersIE9.css, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\settings.js, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\version.txt, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\AddedAppDialog\app-added.js, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\AddedAppDialog\main.html, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\DefualtImages\icon.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\DetectedAppDialog\app-2go.js, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\DetectedAppDialog\main.html, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\EngineFirstTimeDialog\main.html, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\EngineFirstTimeDialog\right-click.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\NewSearchProtectorDialog\main.html, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\NewSearchProtectorDialog\SearchProtector.css, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\NewSearchProtectorDialog\SearchProtector.js, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\NewSearchProtectorDialog\images\ok-button.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\NewSearchProtectorDialog\images\separation-line.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\NewSearchProtectorDialog\images\warning.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorBubbleDialog\bubble.css, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorBubbleDialog\bubble.js, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorBubbleDialog\main.html, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorBubbleDialog\images\information.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorDialog\main.html, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorDialog\SearchProtector.css, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorDialog\SearchProtector.js, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorDialog\Images\info.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorDialog\Images\ok-on.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorDialog\Images\ok.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorRetakeoverDialog\main.html, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.jpg, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\ToolbarFirstTimeDialog\main.html, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\ToolbarFirstTimeDialog\images\arrow.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\ToolbarFirstTimeDialog\images\divider.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\ToolbarFirstTimeDialog\images\facebook.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\UntrustedAddedAppDialog\main.html, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\UntrustedAppApprovalDialog\main.html, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\UntrustedAppPendingDialog\main.html, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en&ctid=CT3220468.xml, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en&ctid=CT3220468.xml, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en&ctid=CT3220468.xml, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en&ctid=CT3220468&UM=UM_UNINSTALL_ID.xml, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en&ctid=CT3220468.xml, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGong_16.png, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Repository\conduit_CT3220468_CT3220468\AppsMetaData\data.bck.txt, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Repository\conduit_CT3220468_CT3220468\AppsMetaData\data.txt, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Repository\conduit_CT3220468_CT3220468\DynamicDialogs\data.bck.txt, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Repository\conduit_CT3220468_CT3220468\DynamicDialogs\data.txt, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Repository\conduit_CT3220468_CT3220468\ToolbarLogin\data.bck.txt, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Repository\conduit_CT3220468_CT3220468\ToolbarLogin\data.txt, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Repository\conduit_CT3220468_CT3220468\ToolbarSettings\data.bck.txt, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Repository\conduit_CT3220468_CT3220468\ToolbarSettings\data.txt, , [28bc0fe91574c86e0af15be5e91a7987],
PUP.Optional.UTorrentControl.A, C:\Users\Emma\AppData\LocalLow\uTorrentControl_v2\Repository\conduit_CT3220468_en\ToolbarTranslation\data.txt, , [28bc0fe91574c86e0af15be5e91a7987],

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#30
January 18, 2015 at 15:41:24
should i action quarantine for all?

Report •

#31
January 18, 2015 at 15:43:42
Quarantine all that Malwarebytes found.

Here are the next 2 steps, there will be more steps needed after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.

message edited by Johnw


Report •

#32
January 18, 2015 at 15:47:55
You have installed the Premium version, which is a very good & can be run in conjuction with your current Anti-Virus ( AV ) If you don't want to buy it, do this to avoid the purchase nag screens.
Open Malwarebytes, on the Dashboard, click on ‘End Free Trial’ link which, then will be instantly converted to the free version.

Report •

#33
January 18, 2015 at 15:52:51
"seems everything i use gets sick....hmmm"
This is how you are going wrong.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...

I use Softpedia & FreewareFiles.com, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Report •

#34
January 18, 2015 at 16:49:36
# AdwCleaner v4.108 - Report created 19/01/2015 at 10:45:48
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : jon - JON-PC
# Running from : C:\Users\Emma\Downloads\adwcleaner_4.108.exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater18.1.9

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : \AVG Secure Search
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Users\Emma\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Emma\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Emma\AppData\LocalLow\Conduit
Folder Found : C:\Users\jon\AppData\Local\AVG Secure Search
Folder Found : C:\Users\jon\AppData\Local\Conduit
Folder Found : C:\Users\jon\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\jon\AppData\LocalLow\Conduit

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Smartbar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : [x64] HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468

-\\ Mozilla Firefox v33.1.1 (x86 en-US)

[hnoi063t.default] - Line Found : user_pref("extensions.xpiState", "{\"app-profile\":{\"{2d3fbcf7-be69-4433-8858-c621a8d0e58d}\":{\"d\":\"C:\\\\Users\\\\Emma\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hnoi063t.default\[...]
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM4MDcxMDIzNywidXVpZCI6MTk0ODI4MDY5MDk4NzYxLCJzZXFfaWQiOjEsInNzYiI6MTM4MDcxMDIzN30=");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.FirstTime", "true");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.FirstTimeFF3", "true");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.LoginRevertSettingsEnabled", true);
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ==");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.RevertSettingsEnabled", true);
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.SF_JUST_INSTALLED.enc", "RkFMU0U=");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.SF_STATUS.enc", "RU5BQkxFRA==");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.SF_USER_ID.enc", "Y2lkXzIxMDIwMTMyMDQzNDEzOTQ2ODI4");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN90446633329246277&q=");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.UserID", "UN90446633329246277");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.browser.search.defaultthis.engineName", true);
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.cbfirsttime.enc", "V2VkIE9jdCAwMiAyMDEzIDIwOjQzOjM3IEdNVCsxMDAw");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.countryCode", "AU");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.enableAlerts", "always");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.enableFix404ByUser", "FALSE");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.firstTimeDialogOpened", "true");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.fixPageNotFoundErrorByUser", "TRUE");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.fixUrls", true);
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.fullUserID", "UN90446633329246277.UP.20130723215017");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.homepageuserchanged", true);
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.installType", "Unknown");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.isCheckedStartAsHidden", true);
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.keyword", true);
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://www.trovigo.com/?gd=&ctid=CT3220468&octid=CT3220468&ISID=ISID_ID&SearchSource=15&CUI=UN90446633329246277&SSPV=&La[...]
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.lastVersion", "10.22.3.518");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM4MDcxMDI0NTgyNQ==");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_appState_CouponBuddy.enc", "b24=");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_appState_Easytobook.enc", "b24=");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_appState_Easytobook_targeted.enc", "b24=");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_appState_PriceGong.enc", "b24=");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_appState_WindowShopper.enc", "b24=");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_calledSetupService.enc", "MQ==");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJhYzUyYzM3OS05OThmLTQyOTYtODFmNS0yN2Q2ZTY1MzQ1MzMiLCJ[...]
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_eventsCache.enc", "eyJkOTk2MTk5MC04MTgyLTRiYTYtOWVkYy0xMGVhYzJiN2VhNmMiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXciLCJsYWJlbCI6I[...]
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_gadgetOpen.enc", "MA==");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM4MDcxMDIzOTkzNg==");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_mamEnabled.enc", "ZmFsc2U=");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_new_welcome_experience.enc", "MQ==");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQVUiLCJpc1dlbGNvbWVFeHBl[...]
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_userId.enc", "ZGFhMzFmNDYtOWQ4ZS00ZTE1LWFiODQtNmUxNDZhMzY4ZWNi");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_user_approval_interacted.enc", "MQ==");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.mam_gk_welcomeDialogMode.enc", "MQ==");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.migrateAppsAndComponents", true);
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fblu171.mail.live.com%2F%3Ffid%3Dflsent%26so%3D0%26sa%3D1\",\"EB_MAIN_FRAME_TITLE\":\"Outloo[...]
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN90446633329246277&UM=&q=");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.price-gong.isManagedApp", "true");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.search.searchAppId", "129813684258939747");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.search.searchCount", "0");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.searchInNewTabEnabledByUser", "false");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.searchSuggestEnabledByUser", "true");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.searchUserMode", "false");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2 \"}");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_services_Configuration_lastUpdate", "1421364675027");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1374310501486");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1361784882481");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364808859781");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate", "1371806779746");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_services_login_10.16.2.509_lastUpdate", "1374310530665");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374635441606");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_services_login_10.20.0.513_lastUpdate", "1387345727450");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_services_login_10.22.3.518_lastUpdate", "1421364674361");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1421364674994");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1421364674543");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1421364673918");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1421364673998");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.settingsINI", true);
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.showToolbarPermission", "false");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.smartbar.CTID", "CT3220468");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.smartbar.Uninstall", "0");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.toolbarBornServerTime", "25-2-2013");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.toolbarCurrentServerTime", "16-1-2015");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.toolbarLoginClientTime", "Mon Apr 01 2013 19:51:02 GMT+1000");
[kqdnrpvq.default] - Line Found : user_pref("CT3220468.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzODA3MTA2MTc1ODUsLCxodHRwOi8vd3d3LmNsYXNzbWFya2VyLmNvbS9yZWdpc3Rlci86OjpjbGlja2hhbmRsZXI6OjoxMzgwNzEw[...]
[kqdnrpvq.default] - Line Found : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1421364666578,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[kqdnrpvq.default] - Line Found : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search");
[kqdnrpvq.default] - Line Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN90446633329246277&q=");
[kqdnrpvq.default] - Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?pid=avg&sg=&cid=%7Bebcb64a7-478b-4757-ba11-090c190fe1a2%7D&mid=33b8264e482147d097649d3bfff15311-1580d8697546fc971d1a1b[...]
[kqdnrpvq.default] - Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");
[kqdnrpvq.default] - Line Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.9.799");
[kqdnrpvq.default] - Line Found : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
[kqdnrpvq.default] - Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN90446633329246277&UM=false&q=");
[kqdnrpvq.default] - Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[kqdnrpvq.default] - Line Found : user_pref("smartBar.searchInNewTabOwner", "CT3220468");
[kqdnrpvq.default] - Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3220468");
[kqdnrpvq.default] - Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN90446633329246277&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3[...]
[kqdnrpvq.default] - Line Found : user_pref("smartbar.machineId", "+CLETCOYYA0WBLD/TWVX8WXJPJRID2U2QZI+T7NR6W6D31KJHE8ORR1DCF4X1LJGKGSVNQTO6MX+KYZLFE+YPQ");
[kqdnrpvq.default] - Line Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://isearch.avg.com/search?pid=avg&sg=&cid=%7Bebcb64a7-478b-4757-ba11-090c190fe1a2%7D&mid=33b8264e482147d097649d3bfff15311-1580d8697546fc971d1a1b9a29[...]
[kqdnrpvq.default] - Line Found : user_pref("smartbar.originalSearchEngine", false);

-\\ Google Chrome v39.0.2171.99


*************************

AdwCleaner[R0].txt - [21129 octets] - [19/01/2015 10:45:48]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [21190 octets] ##########


Report •

#35
January 18, 2015 at 21:39:47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by jon on Mon 19/01/2015 at 15:28:16.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\jon\appdata\local\cre"

~~~ FireFox

Successfully deleted: [Folder] C:\Users\jon\AppData\Roaming\mozilla\firefox\profiles\kqdnrpvq.default\smartbar
Successfully deleted the following from C:\Users\jon\AppData\Roaming\mozilla\firefox\profiles\kqdnrpvq.default\prefs.js

user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.FirstTime", "true");
user_pref("CT3220468.FirstTimeFF3", "true");
user_pref("CT3220468.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN90446633329246277&UM=8&q=");
user_pref("CT3220468.UserID", "UN90446633329246277");
user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3220468.browser.search.defaultthis.engineName", true);
user_pref("CT3220468.countryCode", "AU");
user_pref("CT3220468.firstTimeDialogOpened", "true");
user_pref("CT3220468.fixPageNotFoundErrorByUser", "TRUE");
user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3220468.fullUserID", "UN90446633329246277.UP.20130723215017");
user_pref("CT3220468.homepageuserchanged", true);
user_pref("CT3220468.installType", "DirectDownload");
user_pref("CT3220468.isCheckedStartAsHidden", true);
user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3220468.keyword", true);
user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?gd=&ctid=CT3220468&octid=CT3220468&ISID=ISID_ID&SearchSource=15&CUI=U
user_pref("CT3220468.lastVersion", "10.22.3.518");
user_pref("CT3220468.mam_gk_currentVersion.enc", "MS4xMy4wLjE3");
user_pref("CT3220468.mam_gk_installer_preapproved.enc", "VFJVRQ==");
user_pref("CT3220468.mam_gk_userBornDate.enc", "Ti9B");
user_pref("CT3220468.missingMachineIdSent", "true");
user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.google.com.au%2F\",\"EB_MAIN_FRAME_TITLE\":\"Google\",\"EB_TOO
user_pref("CT3220468.originalHomepage", "hxxps://soundcloud.com/stream");
user_pref("CT3220468.originalSearchAddressUrl", false);
user_pref("CT3220468.originalSearchEngine", "Google");
user_pref("CT3220468.originalSearchEngineName", "Google");
user_pref("CT3220468.searchFromAddressBarEnabledByUser", "true");
user_pref("CT3220468.searchInNewTabEnabledByUser", "true");
user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
user_pref("CT3220468.searchSuggestEnabledByUser", "True");
user_pref("CT3220468.searchUninstallUserMode", "8");
user_pref("CT3220468.searchUserMode", "8");
user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2 \"}");
user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT3220468.serviceLayer_services_Configuration_lastUpdate", "1421631352478");
user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1421631352143");
user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1421631351703");
user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1421631351726");
user_pref("CT3220468.serviceLayer_services_login_10.22.3.518_lastUpdate", "1421632320628");
user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1421631351710");
user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1421631352571");
user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1421631350851");
user_pref("CT3220468.serviceLayer_services_setupAPI_lastUpdate", "1421631352493");
user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1421631351930");
user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1421642282134");
user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1421631351778");
user_pref("CT3220468.settingsINI", true);
user_pref("CT3220468.showToolbarPermission", "false");
user_pref("CT3220468.smartbar.CTID", "CT3220468");
user_pref("CT3220468.smartbar.Uninstall", "0");
user_pref("CT3220468.smartbar.homepage", true);
user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
user_pref("CT3220468.toolbarBornServerTime", "19-1-2015");
user_pref("CT3220468.toolbarCurrentServerTime", "19-1-2015");
user_pref("CT3220468.toolbarInstallDate", "19-01-2015 11:35:49");
user_pref("CT3220468.toolbarLoginClientTime", "Mon Jan 19 2015 11:35:48 GMT+1000");
user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1421632691206,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?UM=8&ctid=CT3220468&SearchSource=13&CUI=UN90446633329246277");
user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN90446633329246277&UM=8&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468");
user_pref("browser.search.defaultenginename", "uTorrentControl_v2 Customized Web Search");
user_pref("browser.search.selectedEngine", "uTorrentControl_v2 Customized Web Search");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN90446633329246277&UM=8&q=");
user_pref("plugin.state.npconduitfirefoxplugin", 2);
user_pref("smartbar.addressBarOwnerCTID", "CT3220468");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?UM=8&ctid=CT3220468&SearchSource=13&CUI=UN90446633329246277");
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN90446633329246277&UM=8&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3220468");
user_pref("smartbar.homePageOwnerCTID", "CT3220468");
Emptied folder: C:\Users\jon\AppData\Roaming\mozilla\firefox\profiles\kqdnrpvq.default\minidumps [8 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 19/01/2015 at 15:36:23.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#36
January 18, 2015 at 21:57:33
Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.

Report •

#37
January 19, 2015 at 16:31:51
uTorrentControl_v2 this seems to be the only thing malwarebytes picks up now. as a PUP

Report •

#38
January 19, 2015 at 16:49:05
Shall see what RogueKiller picks up.

Report •

#39
January 19, 2015 at 19:03:09
RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : jon [Administrator]
Mode : Scan -- Date : 01/20/2015 13:01:39

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] firefox.exe(3528) -- C:\Users\Emma\AppData\Local\Mozilla Firefox\firefox.exe[7] -> Killed [TermProc]
[Suspicious.Path] plugin-container.exe(6528) -- C:\Users\Emma\AppData\Local\Mozilla Firefox\plugin-container.exe[7] -> Killed [TermThr]

¤¤¤ Registry : 16 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Avgfwfd (system32\DRIVERS\avgfwd6a.sys) -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1901854957-4278034275-1571445560-1003\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1901854957-4278034275-1571445560-1003\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F9E6AD0-9F73-4590-8482-E653A659E608} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C60A2E48-C63A-4293-BC0B-6FC564E50D21} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8F9E6AD0-9F73-4590-8482-E653A659E608} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C60A2E48-C63A-4293-BC0B-6FC564E50D21} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8F9E6AD0-9F73-4590-8482-E653A659E608} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C60A2E48-C63A-4293-BC0B-6FC564E50D21} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 34 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 557073dace3cafde21c932cdab90baef
[BSP] 03f17dc919e3f9a919e670f00adfd8a7 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 700969 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1438658560 | Size: 12934 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Report •

#40
January 19, 2015 at 19:05:17
what should I delete? the 2 processes ?

Report •

#41
January 19, 2015 at 20:27:56
After the scan, do nothing other than hitting > Delete.

Post the new log, please.


Report •

#42
January 19, 2015 at 21:40:33
RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : jon [Administrator]
Mode : Delete -- Date : 01/20/2015 15:40:03

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] firefox.exe(3528) -- C:\Users\Emma\AppData\Local\Mozilla Firefox\firefox.exe[7] -> Killed [TermProc]
[Suspicious.Path] plugin-container.exe(6528) -- C:\Users\Emma\AppData\Local\Mozilla Firefox\plugin-container.exe[7] -> Killed [TermThr]

¤¤¤ Registry : 16 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Avgfwfd (system32\DRIVERS\avgfwd6a.sys) -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1901854957-4278034275-1571445560-1003\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1901854957-4278034275-1571445560-1003\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8F9E6AD0-9F73-4590-8482-E653A659E608} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C60A2E48-C63A-4293-BC0B-6FC564E50D21} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8F9E6AD0-9F73-4590-8482-E653A659E608} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C60A2E48-C63A-4293-BC0B-6FC564E50D21} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8F9E6AD0-9F73-4590-8482-E653A659E608} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C60A2E48-C63A-4293-BC0B-6FC564E50D21} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 34 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com
[C:\windows\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 557073dace3cafde21c932cdab90baef
[BSP] 03f17dc919e3f9a919e670f00adfd8a7 : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 700969 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1438658560 | Size: 12934 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_01202015_130139.log


Report •

#43
January 19, 2015 at 21:46:23
Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

Report •

#44
January 24, 2015 at 16:36:19
http://www40.zippyshare.com/v/61fIZ...

Report •

#45
January 24, 2015 at 16:57:02
Wrong one Emmae, you have sent the install exe.

"It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt)"

So what we want are 2 text logs.


Report •

#46
Report •

#47
January 24, 2015 at 20:07:13
Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
HKLM\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1901854957-4278034275-1571445560-1003 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?source...
SearchScopes: HKU\S-1-5-21-1901854957-4278034275-1571445560-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?source...
Toolbar: HKU\S-1-5-21-1901854957-4278034275-1571445560-1003 -> No Name - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File
Toolbar: HKU\S-1-5-21-1901854957-4278034275-1571445560-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [X]
C:\Users\jon\AppData\Local\Temp\dllnt_dump.dll
C:\Users\jon\AppData\Local\Temp\Quarantine.exe
C:\Users\jon\AppData\Local\Temp\SkypeSetup.exe
C:\Users\jon\AppData\Local\Temp\sqlite3.dll

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#48
January 24, 2015 at 20:50:27
not really understanding.... so ive copied 'closeprocesses:' only to a text file onto my desktop. ive named it fixlist.

was i supposed to copy all the other stuff underneath as well, finishing with C:\Users\jon\AppData\Local\Temp\sqlite3.dll ?

and do i make a folder on the desktop with all 3 txt files in it (fixlist.txt, FRST and addition.)


Report •

#49
January 24, 2015 at 21:13:02
"was i supposed to copy all the other stuff underneath as well, finishing with C:\Users\jon\AppData\Local\Temp\sqlite3.dll ?
Yep.

"and do i make a folder on the desktop with all 3 txt files in it (fixlist.txt, FRST and addition.) "
No need for a folder, my original instructions before you ran FRST, was to drag it onto the Desktop.
I see you left FRST in Downloads.
If you don't know how to drag it out, right click on it, Copy & Paste on the desktop.

Now as long as you have the text file fixlist on the Desktop, FRST will find it, as per instructions in post #47



Report •

Ask Question