Why my google chome search cannot work no more

February 23, 2015 at 10:40:44
Specs: Windows 7
i used piratebay to download torrents now my google chrome would not work. Here i smy log from HiJackThis
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:37:56 PM, on 2/23/2015
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
CHROME: 1.5.1383.0

Boot mode: Normal

Running processes:
C:\Windows\DAODx.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\Erickson Vo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Erickson Vo\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Erickson Vo\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Erickson Vo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BMGQFY3\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~3\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Nike+ Connect] "C:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Erickson Vo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Erickson Vo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Erickson Vo\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Erickson Vo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O4 - Global Startup: NETGEAR WNDA3100v2 Genie.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://www.asus.com/support/asusTek...
O16 - DPF: {93D532DD-85FC-4A92-8254-8DB5437D8690} - https://prometheus.quadax.com/AppNe...
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/sof...
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/sof...
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Wajam Web Enhancer - Unknown owner - C:\Program Files\WajaWebEnhancer\wajam_64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNDA3100v2 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe


See More: Why my google chome search cannot work no more

Report •


#1
February 23, 2015 at 11:47:54
Unfortunately HijackThis is now too outdated to be of any real value - not always understanding where valid items should be located.

The following two programs are great help at cleaning the decks, at least initially, when you get a virus:

http://filehippo.com/download_malwa...
Run the program but before doing the scan go to "Settings > Detection and Protection" and put a checkmark in "Scan for rootkits".

http://www.bleepingcomputer.com/dow...
(blue download button near top).
With this one you download and "Save" the file somewhere. Go to the saved file then double click it to run the Scan. You then have options to remove whatever it shows under each heading in the table below, although it is usually safe to run the Clean.

Please copy/paste the logs on here because even if the symptoms are cured you are about certain to still have some things lurking around that require further cleaning. Pirate Bay and Torrents are where many folk get unwanted things from.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#2
February 23, 2015 at 14:25:40
Ok thank you, i am now running the program i will post up the logs when it is finished
Btw, its not that my google chrome does not work. I cannot access google.com

message edited by goo


Report •

#3
February 23, 2015 at 14:52:10
Here are the results from the scan, google.com is finally working again. however, can you tell me if my computer is still threated? i appreciate this alot

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/23/2015
Scan Time: 5:24:47 PM
Logfile: logs.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.23.08
Rootkit Database: v2015.02.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Erickson Vo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 349123
Time Elapsed: 22 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 1
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\dlls\elthyudydvez.dll, Delete-on-Reboot, [2c513de46525dc5a4e153a582fd4cf31],

Registry Keys: 4
PUP.Optional.MindSpark.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6E89E1D3-C66F-41C4-A648-CD91544E99C3}, Quarantined, [81fc58c9206a989ed29269a7946f8080],
PUP.Optional.MindSpark.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6E89E1D3-C66F-41C4-A648-CD91544E99C3}, Quarantined, [81fc58c9206a989ed29269a7946f8080],
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, Quarantined, [c9b455cc2b5f41f5dae605d7ee15916f],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2846566807-436164469-1541488253-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [a7d6ec35d6b4a4922461010ba06533cd],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 44
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.PCFixSpeed, C:\Users\Erickson Vo\AppData\Roaming\PCFixSpeed, Quarantined, [5924dd447b0f3cfa62611feaae5703fd],
PUP.Optional.PCFixSpeed, C:\Users\Erickson Vo\AppData\Roaming\PCFixSpeed\News, Quarantined, [5924dd447b0f3cfa62611feaae5703fd],
PUP.Optional.PCFixSpeed, C:\Users\Erickson Vo\AppData\Roaming\PCFixSpeed\Startup, Quarantined, [5924dd447b0f3cfa62611feaae5703fd],
PUP.Optional.OpenCandy, C:\Users\Erickson Vo\AppData\Roaming\OpenCandy, Quarantined, [08750f126624d56122c89ac157ac02fe],
PUP.Optional.OpenCandy, C:\Users\Erickson Vo\AppData\Roaming\OpenCandy\OpenCandy_786496725F6B48A0ADEBBE711E354613, Quarantined, [08750f126624d56122c89ac157ac02fe],
PUP.Optional.24x7.A, C:\Program Files (x86)\24x7Help, Quarantined, [ec9179a8dbaf082e04496defea19b54b],
PUP.Optional.24x7.A, C:\Program Files (x86)\24x7Help\Update, Quarantined, [ec9179a8dbaf082e04496defea19b54b],
PUP.Optional.PCFixSpeed.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed with 24x7 Help, Quarantined, [c3ba041da4e6e84eef60a2bae61dbe42],
PUP.Optional.CouponCompanion.A, C:\Users\Erickson Vo\AppData\Local\Coupon Companion Plugin, Quarantined, [d1acb9687a10f0467e655c0eb35014ec],
PUP.Optional.BrowserPlus.A, C:\Program Files (x86)\BrowserPlus2, Quarantined, [8eef0a17d6b4a2942b296c1db44fc63a],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\AddedAppDialog, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\DefualtImages, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\DetectedAppDialog, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\EngineFirstTimeDialog, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\NewSearchProtectorDialog, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\NewSearchProtectorDialog\images, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorBubbleDialog, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorBubbleDialog\images, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorDialog, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorDialog\Images, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorRetakeoverDialog, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorRetakeoverDialog\Images, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\ToolbarFirstTimeDialog, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\ToolbarFirstTimeDialog\images, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\ToolbarUntrustedAppsApprovalDialog, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\UntrustedAddedAppDialog, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\UntrustedAppApprovalDialog, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\UntrustedAppPendingDialog, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\EmailNotifier, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\ExternalComponent, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Logs, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\MyStuffApps, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\RadioPlayer, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Repository, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Repository\conduit_CT3309350_CT3309350, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Repository\conduit_CT3309350_CT3309350\DynamicDialogs, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Repository\conduit_CT3309350_CT3309350\ToolbarLogin, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Repository\conduit_CT3309350_CT3309350\ToolbarSettings, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer, Delete-on-Reboot, [2c513de46525dc5a4e153a582fd4cf31],
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\dlls, Delete-on-Reboot, [2c513de46525dc5a4e153a582fd4cf31],

Files: 151
PUP.Optional.Wajam.A, C:\Users\Erickson Vo\AppData\Roaming\OpenCandy\OpenCandy_786496725F6B48A0ADEBBE711E354613\WWE_1.2.0.53.exe, Quarantined, [720bfa27ddadcb6bec714b2131cfed13],
PUP.Optional.Soft32.A, C:\$Recycle.Bin\S-1-5-21-2846566807-436164469-1541488253-1000\$RFQO019.exe, Quarantined, [5627d34e3951ce68188cb3add42d9967],
PUP.Optional.PriceFinder.A, C:\Users\Erickson Vo\AppData\Local\Temp\PFU.UYRMMIER\PriceFinderHelper.dll, Quarantined, [611cbb663e4c6ccaec5b118b936e43bd],
PUP.Optional.PriceFinder.A, C:\Users\Erickson Vo\AppData\Local\Temp\PFU.UYRMMIER\PriceFinderHelper.exe, Quarantined, [b9c48f92f496072f2a1e782441c0df21],
PUP.Optional.PriceFinder.A, C:\Users\Erickson Vo\AppData\Local\Temp\PFU.UYRMMIER\PriceFinderHelper.x64.dll, Quarantined, [daa3a67b6327f73f1136316bab56926e],
PUP.Optional.AZLyrics.A, C:\Users\Erickson Vo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, Quarantined, [3944f42d0c7ee74fd9558221b64df30d],
PUP.Optional.AZLyrics.A, C:\Users\Erickson Vo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, Quarantined, [9be25dc4aedc8aac210d891a2fd47888],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\bubble.xml, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\HotInactiveTabRight.bmp, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\24x7bubble_Left.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\24x7bubble_Right.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\24x7bubble_X00.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\24x7bubble_X01.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\24x7bubble_X02.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsActive.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsBack.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\24x7Dark001_SettingsHover.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\24x7Dark_NoTabs_Back00.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\24x7Dark_NoTabs_PhoneIcon.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\24x7logoNew_dark01.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\24x7man_dark01.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\24x7_UploaderDark01.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\ArrowSmall.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\ArrowSmallHot.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\Hardware_Icon.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\HotInactiveTabLeft.bmp, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\MainImg_SettingsDark01.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\Navigation_HomeIcon00_Dark01.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\Navigation_HomeIcon01_Dark01.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\Navigation_SettingsIcon00_Dark01.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\Navigation_SettingsIcon01_Dark01.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\OK_IconGreen01.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\PeriodicSystemCheckBubble.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\Phones_Icon.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\PushedInactiveTabLeft.bmp, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\PushedInactiveTabRight.bmp, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\Security_Icon.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\skin.xml, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\Software_Icon.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\SupportCheck01_arrow00.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\SupportCheck01_arrow01.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\Warning_Icon01.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\Warning_IconOrange01.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\Warning_IconRed01.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\WhiteTabLeft.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.24x7, C:\Users\Erickson Vo\AppData\Roaming\24x7 Help\skin\WhiteTabRight.png, Quarantined, [7a033ee36c1e5cda2c64bf399d67ec14],
PUP.Optional.PCFixSpeed, C:\Users\Erickson Vo\AppData\Roaming\PCFixSpeed\faq.htm, Quarantined, [5924dd447b0f3cfa62611feaae5703fd],
PUP.Optional.PCFixSpeed, C:\Users\Erickson Vo\AppData\Roaming\PCFixSpeed\News\PCFS_NEWS_promote_app_MLM_horizontal.png, Quarantined, [5924dd447b0f3cfa62611feaae5703fd],
PUP.Optional.PCFixSpeed, C:\Users\Erickson Vo\AppData\Roaming\PCFixSpeed\News\PCFS_NEWS_trialpay_tray_ads.png, Quarantined, [5924dd447b0f3cfa62611feaae5703fd],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\Local\CRE\iigplimlmgilpobjilfbfeilnpiigpgl.crx, Quarantined, [641953ceef9b6fc705755bc2aa5b13ed],
PUP.Optional.PCFixSpeed.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed with 24x7 Help\24x7Help.org.url, Quarantined, [c3ba041da4e6e84eef60a2bae61dbe42],
PUP.Optional.PCFixSpeed.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Fix Speed with 24x7 Help\PCFixSpeed.com.url, Quarantined, [c3ba041da4e6e84eef60a2bae61dbe42],
PUP.Optional.BrowserPlus.A, C:\Program Files (x86)\BrowserPlus2\GottenAppsContextMenu.xml, Quarantined, [8eef0a17d6b4a2942b296c1db44fc63a],
PUP.Optional.BrowserPlus.A, C:\Program Files (x86)\BrowserPlus2\OtherAppsContextMenu.xml, Quarantined, [8eef0a17d6b4a2942b296c1db44fc63a],
PUP.Optional.BrowserPlus.A, C:\Program Files (x86)\BrowserPlus2\SharedAppsContextMenu.xml, Quarantined, [8eef0a17d6b4a2942b296c1db44fc63a],
PUP.Optional.BrowserPlus.A, C:\Program Files (x86)\BrowserPlus2\ToolbarContextMenu.xml, Quarantined, [8eef0a17d6b4a2942b296c1db44fc63a],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\ThirdPartyComponents.xml, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_24_5187985538151276588_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_24_5678218367387963737_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_eula_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___weather_conduit_com_images_weather_Default_rain_gif.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___www_conduit_com_images_AccountsV2_SearchComponent_search_button_format_bing_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_24_5079028685889469517_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_34_327_CT3276334_Images_634929275151507085_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_24_4833098434649690980_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_24_4938325873895072296_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_24_4955310116565394185_png.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\RoundedCornersIE9.css, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\generalDialogStyle.css, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\RoundedCorners.css, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\version.txt, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\AddedAppDialog\main.html, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\DefualtImages\icon.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\DetectedAppDialog\main.html, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\EngineFirstTimeDialog\main.html, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\EngineFirstTimeDialog\right-click.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\NewSearchProtectorDialog\main.html, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\NewSearchProtectorDialog\SearchProtector.css, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\NewSearchProtectorDialog\images\ok-button.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\NewSearchProtectorDialog\images\separation-line.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\NewSearchProtectorDialog\images\warning.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorBubbleDialog\bubble.css, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorBubbleDialog\main.html, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorBubbleDialog\images\information.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorDialog\main.html, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorDialog\SearchProtector.css, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorDialog\Images\info.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorDialog\Images\ok-on.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorDialog\Images\ok.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorRetakeoverDialog\main.html, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\ToolbarFirstTimeDialog\main.html, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\ToolbarFirstTimeDialog\images\arrow.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\ToolbarFirstTimeDialog\images\divider.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\ToolbarFirstTimeDialog\images\facebook.png, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\UntrustedAddedAppDialog\main.html, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\UntrustedAppApprovalDialog\main.html, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Dialogs\UntrustedAppPendingDialog\main.html, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en&ctid=CT3309350.xml, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en&ctid=CT3309350.xml, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en&ctid=CT3309350.xml, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en&ctid=CT3309350.xml, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\RadioPlayer\Predefined_Media_List.xml, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Repository\conduit_CT3309350_CT3309350\DynamicDialogs\data.txt, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Repository\conduit_CT3309350_CT3309350\ToolbarLogin\data.txt, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.BrowserPlus.A, C:\Users\Erickson Vo\AppData\LocalLow\BrowserPlus2\Repository\conduit_CT3309350_CT3309350\ToolbarSettings\data.txt, Quarantined, [7ffeeb36deacf83e0f460683d62daf51],
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\dlls\elthyudydvez.dll, Delete-on-Reboot, [2c513de46525dc5a4e153a582fd4cf31],

Physical Sectors: 0
(No malicious items detected)


(end)

message edited by goo


Report •

Related Solutions

#4
February 23, 2015 at 15:09:22
That found a lot. Let us have the ADWCleaner log too (my 2nd link in #1).

As regards your question a lot more work would be required to ensure your computer is properly clean - but those two programs will get a lot of the junk out of the way.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#5
February 23, 2015 at 15:21:24
Thank you very much Derek for the quick feed backs, here are the logs from the ADWCleaner

# AdwCleaner v4.111 - Logfile created 23/02/2015 at 18:17:04
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Ultimate (x64)
# Username : Erickson Vo - ERICKSONVO-PC
# Running from : C:\Users\Erickson Vo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7HTO714E\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\PCFixSpeed
Folder Deleted : C:\ProgramData\epicscale
Folder Deleted : C:\Program Files (x86)\PCFixSpeed
Folder Deleted : C:\Users\ERICKS~1\AppData\Local\Temp\apn
Folder Deleted : C:\Users\ERICKS~1\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Erickson Vo\AppData\Local\apn
Folder Deleted : C:\Users\Erickson Vo\AppData\Local\DefineExt
Folder Deleted : C:\Users\Erickson Vo\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Erickson Vo\AppData\Roaming\24x7 help
Folder Deleted : C:\Users\Erickson Vo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
File Deleted : C:\END

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\InfoAtoms
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16464


-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R0].txt - [3151 bytes] - [23/02/2015 18:15:14]
AdwCleaner[S0].txt - [2798 bytes] - [23/02/2015 18:17:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2857 bytes] ##########


Report •

#6
February 23, 2015 at 15:54:25
That found a lot too. I would suggest you also run this (similar to ADWCleaner in that it just runs from the downloaded file so you Save it somewhere then double click it to run):
http://www.bleepingcomputer.com/dow...
It will produce a DOS like box and when it is running it might appear to pause for a while but keep waiting until it completes. Please let us have that log too.

Always pop back and let us know the outcome - thanks


Report •

#7
February 23, 2015 at 16:01:07
Okay just finished the #6 scan, here are the logs,

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by Erickson Vo on Mon 02/23/2015 at 18:56:55.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}

~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\PC Optimizer Pro64 startups.job

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ad-aware browsing protection"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\Erickson Vo\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Erickson Vo\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Erickson Vo\appdata\local\cre"
Failed to delete: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/23/2015 at 18:59:55.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#8
February 23, 2015 at 16:08:57
It's a good sign that less is being reported but it wasn't a blank sheet. However, that was what I call "First Aid" so if you want to ensure your computer is properly cleaned then one of the helpers here (Johnw) is particularly good at wrinkling our malware and viruses. Johnw is from Australia and if he is available I'm sure he will join us. I'll alert him to this post so keep watching.

I noticed that you had the odd "magic computer fix" programs on-board. These are unecessary and best avoided unless on the advice of a reliable computer forum - they can mess up more than they fix.

Always pop back and let us know the outcome - thanks


Report •

#9
February 23, 2015 at 16:12:15
Thank you Derek. I am looking foward to the help johnw can provide. What is the magic computer fix. is there a way i can remove it?

Report •

#10
February 23, 2015 at 16:13:25
It's OK, it was removed in the previous processes - maybe you didn't intentionally download it.

Always pop back and let us know the outcome - thanks


Report •

#11
February 23, 2015 at 16:17:31
Ah I see. Ahha, I appreciate the help you have providing me. So far "google.com" is working again for me, which is a great sign.

Report •

#12
February 23, 2015 at 16:25:51
I've alerted Johnw. He is usually around by now so I can't vouch for his availability - just keep watching. At least we have done some donkey work which should mean there is a lot less junk for him to deal with now.

By the way, the internet is a minefield these days, everyone trying to foist things on you. So always look carefully for any unwanted goodies and uncheck them. If there is a "Custom" install, use that because it often shows a lot of junk pre-checked for you.

I'm from the UK so thinking of bed right now.

Always pop back and let us know the outcome - thanks


Report •

#13
February 24, 2015 at 00:33:06
Nice work folks, you are on the right track.

Next step.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#14
February 24, 2015 at 00:43:28
You have installed the Premium version, which is a very good & can be run in conjunction with your current Anti-Virus ( AV ) If you don't want to buy it, do this to avoid the purchase nag screens.
Open Malwarebytes, on the Dashboard, click on ‘End Free Trial’ link which, then will be instantly converted to the free version.

message edited by Johnw


Report •

#15
February 24, 2015 at 13:46:27
Alright Thank you Johnw, i am currently runnig the program will update you with logs as soon as the scan finishes

Report •

#16
February 24, 2015 at 13:49:24
Here are the links to the logs after the Farbar recover tools

http://www21.zippyshare.com/v/8YnwC...

http://www21.zippyshare.com/v/xYCIb...


Report •

#17
February 24, 2015 at 14:15:13
Just an observation - no need to reply and disrupt the flow.

I see Torrents listed there. I know their merits but have to say that they are a very very common source of immediate infestation. If you keep going there you have to be ultra careful and even that is no guarantee that you won't collect something. There is some merit in having an old computer set aside for those sort of places. One you can just reformat when it gets stuffed up with malware etc.

Always pop back and let us know the outcome - thanks


Report •

#18
February 24, 2015 at 15:36:25
Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
CustomCLSID: HKU\S-1-5-21-2846566807-436164469-1541488253-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Erickson Vo\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2846566807-436164469-1541488253-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Erickson Vo\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2846566807-436164469-1541488253-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Erickson Vo\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
2013-04-22 02:04 - 2013-04-22 02:04 - 04288048 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
HKU\S-1-5-21-2846566807-436164469-1541488253-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4288048 2013-04-22] ()
HKU\S-1-5-21-2846566807-436164469-1541488253-1000\...\Run: [EpicScale] => [X]
HKU\S-1-5-21-2846566807-436164469-1541488253-1000\...\MountPoints2: {29e6acd7-3379-11e4-b09d-50465d54c6fc} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2846566807-436164469-1541488253-1000\...\MountPoints2: {63d98273-e1b7-11e2-a0b6-50465d54c6fc} - E:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-2846566807-436164469-1541488253-1000\...\MountPoints2: {73bfa94c-7a02-11e2-9770-806e6f6e6963} - D:\DVDSetup.exe
HKU\S-1-5-21-2846566807-436164469-1541488253-1000\...\MountPoints2: {ff3c897a-fba1-11e2-bb09-50465d54c6fc} - E:\VZW_Software_upgrade_assistant.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {4F564F32-5637-006A-76A7-7A786E7484D7} -> No File
Toolbar: HKU\.DEFAULT -> No Name - {4F564F32-5637-006A-76A7-7A786E7484D7} - No File
Toolbar: HKU\S-1-5-21-2846566807-436164469-1541488253-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-2846566807-436164469-1541488253-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=A5CD25C19AE725DA5519C9521E19BB52
CHR StartupUrls: Default -> "chrome://apps/", "hxxp://google.com/"
R3 ALSysIO; \??\C:\Users\ERICKS~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
C:\Users\Erickson Vo\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\Erickson Vo\AppData\Local\Temp\3ce0b263-63f2-41fa-88d4-7548dfab9f6e.exe
C:\Users\Erickson Vo\AppData\Local\Temp\af628498-0eb1-4429-9ebc-513598f61b1a.exe
C:\Users\Erickson Vo\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\Erickson Vo\AppData\Local\Temp\ApnStub.exe
C:\Users\Erickson Vo\AppData\Local\Temp\AutoUI.exe
C:\Users\Erickson Vo\AppData\Local\Temp\Cleanup.dll
C:\Users\Erickson Vo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpygpa8b.dll
C:\Users\Erickson Vo\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Erickson Vo\AppData\Local\Temp\GUR4C67.exe
C:\Users\Erickson Vo\AppData\Local\Temp\Gw2.exe
C:\Users\Erickson Vo\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Erickson Vo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Erickson Vo\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\Erickson Vo\AppData\Local\Temp\NGMDll.dll
C:\Users\Erickson Vo\AppData\Local\Temp\NGMResource.dll
C:\Users\Erickson Vo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Erickson Vo\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Erickson Vo\AppData\Local\Temp\nvStInst.exe
C:\Users\Erickson Vo\AppData\Local\Temp\ochelper.exe
C:\Users\Erickson Vo\AppData\Local\Temp\offercast.exe
C:\Users\Erickson Vo\AppData\Local\Temp\ose00000.exe
C:\Users\Erickson Vo\AppData\Local\Temp\Quarantine.exe
C:\Users\Erickson Vo\AppData\Local\Temp\raptrpatch.exe
C:\Users\Erickson Vo\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\Erickson Vo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Erickson Vo\AppData\Local\Temp\sqlite3.dll
C:\Users\Erickson Vo\AppData\Local\Temp\Strongvault.exe
C:\Users\Erickson Vo\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Erickson Vo\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Erickson Vo\AppData\Local\Temp\unicows.dll
C:\Users\Erickson Vo\AppData\Local\Temp\vcredist_x86.exe

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#19
February 24, 2015 at 16:33:02
Hi Johnw, here are the results from the fix

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2015
Ran by Erickson Vo at 2015-02-24 19:27:50 Run:1
Running from C:\Users\Erickson Vo\Desktop
Loaded Profiles: Erickson Vo (Available profiles: Erickson Vo)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
closeprocesses:
emptytemp:
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
CustomCLSID: HKU\S-1-5-21-2846566807-436164469-1541488253-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Erickson Vo\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2846566807-436164469-1541488253-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Erickson Vo\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2846566807-436164469-1541488253-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Erickson Vo\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
2013-04-22 02:04 - 2013-04-22 02:04 - 04288048 _____ () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
HKU\S-1-5-21-2846566807-436164469-1541488253-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4288048 2013-04-22] ()
HKU\S-1-5-21-2846566807-436164469-1541488253-1000\...\Run: [EpicScale] => [X]
HKU\S-1-5-21-2846566807-436164469-1541488253-1000\...\MountPoints2: {29e6acd7-3379-11e4-b09d-50465d54c6fc} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2846566807-436164469-1541488253-1000\...\MountPoints2: {63d98273-e1b7-11e2-a0b6-50465d54c6fc} - E:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-2846566807-436164469-1541488253-1000\...\MountPoints2: {73bfa94c-7a02-11e2-9770-806e6f6e6963} - D:\DVDSetup.exe
HKU\S-1-5-21-2846566807-436164469-1541488253-1000\...\MountPoints2: {ff3c897a-fba1-11e2-bb09-50465d54c6fc} - E:\VZW_Software_upgrade_assistant.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {4F564F32-5637-006A-76A7-7A786E7484D7} -> No File
Toolbar: HKU\.DEFAULT -> No Name - {4F564F32-5637-006A-76A7-7A786E7484D7} - No File
Toolbar: HKU\S-1-5-21-2846566807-436164469-1541488253-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKU\S-1-5-21-2846566807-436164469-1541488253-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR HomePage: Default -> hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=A5CD25C19AE725DA5519C9521E19BB52
CHR StartupUrls: Default -> "chrome://apps/", "hxxp://google.com/"
R3 ALSysIO; \??\C:\Users\ERICKS~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 DIRECTIO; \??\C:\Program Files\PerformanceTest\DirectIo64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
C:\Users\Erickson Vo\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\Erickson Vo\AppData\Local\Temp\3ce0b263-63f2-41fa-88d4-7548dfab9f6e.exe
C:\Users\Erickson Vo\AppData\Local\Temp\af628498-0eb1-4429-9ebc-513598f61b1a.exe
C:\Users\Erickson Vo\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\Erickson Vo\AppData\Local\Temp\ApnStub.exe
C:\Users\Erickson Vo\AppData\Local\Temp\AutoUI.exe
C:\Users\Erickson Vo\AppData\Local\Temp\Cleanup.dll
C:\Users\Erickson Vo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpygpa8b.dll
C:\Users\Erickson Vo\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Erickson Vo\AppData\Local\Temp\GUR4C67.exe
C:\Users\Erickson Vo\AppData\Local\Temp\Gw2.exe
C:\Users\Erickson Vo\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Erickson Vo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Erickson Vo\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE
C:\Users\Erickson Vo\AppData\Local\Temp\NGMDll.dll
C:\Users\Erickson Vo\AppData\Local\Temp\NGMResource.dll
C:\Users\Erickson Vo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Erickson Vo\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Erickson Vo\AppData\Local\Temp\nvStInst.exe
C:\Users\Erickson Vo\AppData\Local\Temp\ochelper.exe
C:\Users\Erickson Vo\AppData\Local\Temp\offercast.exe
C:\Users\Erickson Vo\AppData\Local\Temp\ose00000.exe
C:\Users\Erickson Vo\AppData\Local\Temp\Quarantine.exe
C:\Users\Erickson Vo\AppData\Local\Temp\raptrpatch.exe
C:\Users\Erickson Vo\AppData\Local\Temp\SETUP_AFTERBURNER.EXE
C:\Users\Erickson Vo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Erickson Vo\AppData\Local\Temp\sqlite3.dll
C:\Users\Erickson Vo\AppData\Local\Temp\Strongvault.exe
C:\Users\Erickson Vo\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Erickson Vo\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Erickson Vo\AppData\Local\Temp\unicows.dll
C:\Users\Erickson Vo\AppData\Local\Temp\vcredist_x86.exe
*****************

Processes closed successfully.
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.) => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2846566807-436164469-1541488253-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-2846566807-436164469-1541488253-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-2846566807-436164469-1541488253-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe => Moved successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe => No running process found
HKU\S-1-5-21-2846566807-436164469-1541488253-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster => value deleted successfully.
HKU\S-1-5-21-2846566807-436164469-1541488253-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EpicScale => value deleted successfully.
"HKU\S-1-5-21-2846566807-436164469-1541488253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29e6acd7-3379-11e4-b09d-50465d54c6fc}" => Key deleted successfully.
HKCR\CLSID\{29e6acd7-3379-11e4-b09d-50465d54c6fc} => Key not found.
"HKU\S-1-5-21-2846566807-436164469-1541488253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63d98273-e1b7-11e2-a0b6-50465d54c6fc}" => Key deleted successfully.
HKCR\CLSID\{63d98273-e1b7-11e2-a0b6-50465d54c6fc} => Key not found.
"HKU\S-1-5-21-2846566807-436164469-1541488253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73bfa94c-7a02-11e2-9770-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{73bfa94c-7a02-11e2-9770-806e6f6e6963} => Key not found.
"HKU\S-1-5-21-2846566807-436164469-1541488253-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff3c897a-fba1-11e2-bb09-50465d54c6fc}" => Key deleted successfully.
HKCR\CLSID\{ff3c897a-fba1-11e2-bb09-50465d54c6fc} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F564F32-5637-006A-76A7-7A786E7484D7}" => Key deleted successfully.
HKCR\CLSID\{4F564F32-5637-006A-76A7-7A786E7484D7} => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F564F32-5637-006A-76A7-7A786E7484D7} => value deleted successfully.
HKCR\CLSID\{4F564F32-5637-006A-76A7-7A786E7484D7} => Key not found.
HKU\S-1-5-21-2846566807-436164469-1541488253-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => Moved successfully.
"HKU\S-1-5-21-2846566807-436164469-1541488253-1000\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
ALSysIO => Service stopped successfully.
ALSysIO => Service deleted successfully.
DIRECTIO => Service deleted successfully.
EagleX64 => Service deleted successfully.
MSICDSetup => Service deleted successfully.
NVHDA => Service deleted successfully.
X6va012 => Service deleted successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\3ce0b263-63f2-41fa-88d4-7548dfab9f6e.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\af628498-0eb1-4429-9ebc-513598f61b1a.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\AMDCleanupUtility.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\ApnStub.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\AutoUI.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\Cleanup.dll => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpygpa8b.dll => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\dxwebsetup.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\GUR4C67.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\Gw2.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\NGMDll.dll => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\NGMResource.dll => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\ochelper.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\offercast.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\raptrpatch.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\SETUP_AFTERBURNER.EXE => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\Strongvault.exe => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\swt-win32-3349.dll => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\swt-win32-3740.dll => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\unicows.dll => Moved successfully.
C:\Users\Erickson Vo\AppData\Local\Temp\vcredist_x86.exe => Moved successfully.
EmptyTemp: => Removed 18.9 GB temporary data.


The system needed a reboot.

==== End of Fixlog 19:28:30 ====


Report •

#20
February 24, 2015 at 16:34:53
You may need to Copy and Paste ALL instructions into a text file & print them. If a printer is not available, write them down. Tick or cross off each step as you do it.

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#21
February 24, 2015 at 16:43:37
Thanks goo, extract from your fixlixt.
"EmptyTemp: => Removed 18.9 GB temporary data"
Way, way too big.

Open all your browsers & set the Temp/Temporary file limit to a size that suits your gaming.
For ordinary use 50mb ( not gb ) is fine.
For Java 100mb is plenty, gaming is different.


Report •

#22
February 24, 2015 at 17:06:22
Thank you for the help Johnw, here is the link to the combofix log

http://www32.zippyshare.com/v/kj0hM...


Report •

#23
February 24, 2015 at 17:09:19
We are getting there goo, you are following instructions really well.

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

#24
February 24, 2015 at 17:22:33
I just scanned with the RougeKiller however under the registry tab there are a lot of things that are unboxed, should i leave them that way for check all those boxes then click delete?

Report •

#25
February 24, 2015 at 17:23:41
"should i leave them that way"
Yep.

Report •

#26
February 24, 2015 at 17:25:34
Ahha, okay here is the log from the RougeKiller,

http://www18.zippyshare.com/v/knhLr...


Report •

#27
February 24, 2015 at 17:26:16
Update Malwarebytes & run again please,Use Quick scan ( now called Threat Scan ) Copy & Paste the contents of the log please.

Report •

#28
February 24, 2015 at 17:41:54
Scanned just finished. Here is the log from the Malwarebyte

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/24/2015
Scan Time: 8:28:03 PM
Logfile: logs2.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.25.01
Rootkit Database: v2015.02.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Erickson Vo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351241
Time Elapsed: 12 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#29
February 24, 2015 at 17:42:53
Download Security Check by screen317 from one of the following links and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Report •

#30
February 24, 2015 at 17:51:47
Here are the results from the Security Check,

Results of screen317's Security Check version 0.99.97
Windows 7 x64 [color=red][b](UAC is disabled!)[/b][/color]
[url=http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1][color=red][b]Out of date service pack!![/color][/url][/b]
Internet Explorer 11
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
[color=red][b]Windows Security Center service is not running! This report may not be accurate![/b][/color]
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Java 7 Update 25
[color=red][b]Java version 32-bit out of Date![/b][/color]
[b][color=green] Java 64-bit 8 Update 31[/b][/color]
Adobe Flash Player 16.0.0.305
Adobe Reader XI
Google Chrome (40.0.2214.111)
Google Chrome (40.0.2214.115)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Malwarebytes Anti-Malware mbamscheduler.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 2%
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#31
February 24, 2015 at 17:55:15
Looking good now, except your Java is out of date.
"Java 7 Update 25
[color=red][b]Java version 32-bit out of Date![/b][/color]"

Do you have any other issues?

Here are some of the programs you had installed, that got you into trouble.

Pando Media Booster
http://forums.na.leagueoflegends.co...
PC Optimizer Pro
http://malwaretips.com/blogs/pc-opt...
PC Fix Speed
http://malwaretips.com/blogs/pc-fix...

Here is how a USER got into this mess, no AV would have prevented USER error. Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif


Report •

#32
February 24, 2015 at 18:00:13
Also, your service pack is out of date.
"[url=http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1][color=red][b]Out of date service pack!![/color][/url][/b]"

Report •

#33
February 24, 2015 at 18:00:19
That is all the issues i had. thank you very much Derek and Johnw i appreciate the help! Avoiding piratebay from now on and gonna avoid click click installs

Report •

#34
February 24, 2015 at 18:01:39
Thanks goo.
John in Western Australia.
http://www.timeanddate.com/worldclo...

Report •

#35
February 24, 2015 at 18:11:53
Congratulations - nicely done.

Always pop back and let us know the outcome - thanks


Report •


Ask Question