Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Cannot Download Google Chrome!


  • Please log in to reply
22 replies to this topic

#1 JayRosa

JayRosa

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 05 June 2015 - 12:33 PM

I used Google Chrome for years...Now, I had to uninstall Google Chrome because none of the extensions, themes, etc. would work anymore due to a virus or bug.
Using AVG Pro i eliminated all viruses and malware and continued to uninstall Google Chrome. When I try to download and install Chrome for Windows 8.1 it acts as if its downloading the program but ultimately does nothing. I've repeated these steps multiple times in hopes that it miraculously work eventually, and nothing. I've restarted my computer, went through troubleshoots, and have basically done anything I can find to help resolve this strange issue but I still get no resolve. I search for anything chrome related in my computer and there isn't a file that exists or is remotely close, also checking where my supposed download would go. I just want Google Chrome back on my computer because Internet Explorer is hardly up to par. Can anyone help me with this?

Edited by Queen-Evie, 05 June 2015 - 02:01 PM.
moved from Windows 8 to Am I Infected


BC AdBot (Login to Remove)

 


m

#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:12:40 PM

Posted 05 June 2015 - 12:36 PM

Hi JayRosa :)

It's possible that you still have traces of Google Chrome left on your system and that it's causing this issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Execute MiniToolBox and check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      B8oLpa3.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 JayRosa

JayRosa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 05 June 2015 - 12:44 PM

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Jay Rosa (administrator) on 05-06-2015 at 13:40:16
Running from "C:\Users\Jay Rosa\Downloads"
Microsoft Windows 8.1  (X64)
Model: To be filled by O.E.M. Manufacturer: To be filled by O.E.M.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= IP Configuration: ================================

802.11n Wireless LAN Card = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Studio
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 00-1A-EF-3A-F4-EA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 74-D0-2B-35-9D-F0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : 802.11n Wireless LAN Card
   Physical Address. . . . . . . . . : 00-1A-EF-3A-F4-E8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::844:a6ba:1200:302e%2(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.9(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, June 5, 2015 11:41:36 AM
   Lease Expires . . . . . . . . . . : Saturday, June 6, 2015 11:41:36 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 369105647
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-C2-6B-02-74-D0-2B-35-9D-F0
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1032:1dd9:3f57:fef6(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1032:1dd9:3f57:fef6%6(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 117440512
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-C2-6B-02-74-D0-2B-35-9D-F0
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{73D38192-CC54-4EC1-8F80-466B997C114B}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4002:c07::71
   74.125.21.101
   74.125.21.102
   74.125.21.100
   74.125.21.113
   74.125.21.139
   74.125.21.138

Pinging google.com [64.233.185.100] with 32 bytes of data:
Reply from 64.233.185.100: bytes=32 time=66ms TTL=38
Reply from 64.233.185.100: bytes=32 time=49ms TTL=38

Ping statistics for 64.233.185.100:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 49ms, Maximum = 66ms, Average = 57ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.138.253.109
   98.139.183.24
   206.190.36.45

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=38ms TTL=50
Reply from 98.138.253.109: bytes=32 time=39ms TTL=50

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 38ms, Maximum = 39ms, Average = 38ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...00 1a ef 3a f4 ea ......Microsoft Wi-Fi Direct Virtual Adapter
  4...74 d0 2b 35 9d f0 ......Realtek PCIe GBE Family Controller
  2...00 1a ef 3a f4 e8 ......802.11n Wireless LAN Card
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.9     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.9    281
      192.168.1.9  255.255.255.255         On-link       192.168.1.9    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.9    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.9    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.9    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  6    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  6    306 2001::/32                On-link
  6    306 2001:0:9d38:6ab8:1032:1dd9:3f57:fef6/128
                                    On-link
  2    281 fe80::/64                On-link
  6    306 fe80::/64                On-link
  2    281 fe80::844:a6ba:1200:302e/128
                                    On-link
  6    306 fe80::1032:1dd9:3f57:fef6/128
                                    On-link
  1    306 ff00::/8                 On-link
  2    281 ff00::/8                 On-link
  6    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/05/2015 00:13:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/05/2015 11:43:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/05/2015 11:43:18 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/05/2015 11:43:16 AM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (06/05/2015 11:09:57 AM) (Source: Application Hang) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 17bc

Start Time: 01d09fa0f2bf41ed

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: e6b04f9c-0b94-11e5-807e-74d02b359df0

Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (06/05/2015 02:57:29 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1660

Start Time: 01d09f5c2c290eef

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 1fe3650e-0b50-11e5-807d-74d02b359df0

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/05/2015 02:20:37 AM) (Source: Microsoft-Windows-RestartManager) (User: STUDIO)
Description: Application or service 'Catalyst Control Center: Host application' could not be shut down.

Error: (06/04/2015 08:07:34 AM) (Source: Application Hang) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1450

Start Time: 01d09ebe50416cf7

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 43fc8ba0-0ab2-11e5-807c-74d02b359df0

Faulting package full name: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (06/04/2015 07:55:09 AM) (Source: Application Hang) (User: )
Description: The program LiveComm.exe version 17.5.9600.20856 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e34

Start Time: 01d09ebc89986630

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 89bc0eee-0ab0-11e5-807b-74d02b359df0

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (06/04/2015 00:04:32 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (06/05/2015 02:24:36 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (06/04/2015 10:19:18 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5

Error: (06/04/2015 08:03:58 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (06/04/2015 07:49:15 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:13:55 AM on ‎6/‎4/‎2015 was unexpected.

Error: (06/03/2015 09:33:55 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:15:31 PM on ‎6/‎3/‎2015 was unexpected.

Error: (06/03/2015 09:15:31 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:12:38 PM on ‎6/‎3/‎2015 was unexpected.

Error: (06/03/2015 04:32:16 PM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT AUTHORITY)
Description: 32212256845956569885124864

Error: (06/03/2015 04:32:38 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:16:35 PM on ‎6/‎3/‎2015 was unexpected.

Error: (06/03/2015 08:36:16 AM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT AUTHORITY)
Description: 32212256845956569885124864

Error: (06/03/2015 08:36:35 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:08:27 AM on ‎6/‎3/‎2015 was unexpected.

Microsoft Office Sessions:
=========================
Error: (06/05/2015 00:13:34 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{0F44CC14-936F-4A6D-A4B4-4953AE174A2A}\recordingmanager.exe

Error: (06/05/2015 11:43:18 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{0F44CC14-936F-4A6D-A4B4-4953AE174A2A}\recordingmanager.exe

Error: (06/05/2015 11:43:18 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{0F44CC14-936F-4A6D-A4B4-4953AE174A2A}\recordingmanager.exe

Error: (06/05/2015 11:43:16 AM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY)
Description: -2147024883

Error: (06/05/2015 11:09:57 AM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.1741517bc01d09fa0f2bf41ed4294967295C:\WINDOWS\syswow64\wwahost.exee6b04f9c-0b94-11e5-807e-74d02b359df0Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

Error: (06/05/2015 02:57:29 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20856166001d09f5c2c290eef4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe1fe3650e-0b50-11e5-807d-74d02b359df0microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/05/2015 02:20:37 AM) (Source: Microsoft-Windows-RestartManager)(User: STUDIO)
Description: 2C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exeCatalyst Control Center: Host application0221716680

Error: (06/04/2015 08:07:34 AM) (Source: Application Hang)(User: )
Description: wwahost.exe6.3.9600.17415145001d09ebe50416cf74294967295C:\WINDOWS\syswow64\wwahost.exe43fc8ba0-0ab2-11e5-807c-74d02b359df0Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp

Error: (06/04/2015 07:55:09 AM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.20856e3401d09ebc899866304294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\LiveComm.exe89bc0eee-0ab0-11e5-807b-74d02b359df0microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (06/04/2015 00:04:32 AM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{0F44CC14-936F-4A6D-A4B4-4953AE174A2A}\recordingmanager.exe

CodeIntegrity Errors:
===================================
  Date: 2015-06-05 02:17:41.804
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-06-05 02:17:41.643
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-19 01:40:47.546
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Definition Updates\{1CBA79B9-9653-42F9-96F3-8D5B57BB4E1A}\mpengine.dll that did not meet the Custom 3 / Antimalware signing level requirements.

=========================== Installed Programs ============================

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AIR Creative Collection (HKLM\...\{D3AE0FF1-6A78-4099-8779-B05E313B7828}) (Version: 11.0.0 - AIR Music Technology)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AnyTrans 4.0.0 (HKLM-x32\...\{E580ED1F-AAF8-4F7E-B174-54BFA2B94E0B}}_is1) (Version: 4.0.0 - iMobie Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Product Register Program (HKLM-x32\...\{C0B16F2E-3980-44F8-8CF4-F84696541FF7}) (Version: 1.0.018 - ASUSTek Computer Inc.)
AVG 2015 (HKLM\...\{26212108-F1D3-40D7-89BE-0FCC4B161EC0}) (Version: 15.0.4355 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\{E23970BE-3D5D-4B64-A7D6-0B6E108AB609}) (Version: 15.0.5961 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5961 - AVG Technologies)
AVG PC TuneUp 2015 (en-US) (HKLM-x32\...\{4AC74ED1-719B-46DA-8B8A-340FBF892291}) (Version: 15.0.1001.518 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\{A996C182-3724-4DF1-A4BC-66154FE57DFE}) (Version: 15.0.1001.518 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.518 - AVG Technologies)
Avid Codecs PE (HKLM-x32\...\{7B783D72-6AF7-43FB-B5F5-6DD909CBD868}) (Version: 2.3.9 - Avid Technology, Inc.)
Avid Effects (HKLM\...\{0faad20d-ad8d-4249-ad93-7f006f2aa54b}) (Version: 11.0.0 - Avid Technology, Inc.)
Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 11.0.0 - Avid Technology, Inc.)
Avid Mbox Driver 1.1.8 (x64) (HKLM\...\{5F948281-5FA2-40EF-983A-8867ACD1A58B}) (Version: 1.1.8 - Avid)
Avid Moogerfooger Bundle (HKLM\...\{fba2aad1-82a4-41b7-adde-b48b97b826c3}) (Version: 11.0.0 - Avid Technology, Inc.)
Avid Pro Tools (HKLM\...\{ECB002D0-AAC8-43F5-B035-2DDE4902C0C0}) (Version: 11.0.0 - Avid Technology, Inc.)
BassGrinderFree version 1.0.4 (HKLM\...\BassGrinderFree_is1) (Version: 1.0.4 - )
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.34026 - BitTorrent Inc.)
Blue Cat's Chorus AAX-x64 4.1 (HKLM\...\{A1F121AA-3BEF-4a32-AE1E-A8E0C6D65C4D}) (Version: 4.1 - Blue Cat Audio)
Blue Cat's Flanger AAX-x64 3.1 (HKLM\...\{22AAAB15-3FE9-4c27-94E5-397F75543DB3}) (Version: 3.1 - Blue Cat Audio)
Blue Cat's Freeware Pack AAX-x64 2.1 (HKLM\...\{AB613DC3-FA4F-4964-8FA8-08E58246C4D7}) (Version: 2.1 - Blue Cat Audio)
Blue Cat's FreqAnalyst AAX-x64 2.1 (HKLM\...\{551B63AD-2F5C-422f-843D-202A65BEF32D}) (Version: 2.1 - Blue Cat Audio)
Blue Cat's Gain Suite AAX-x64 3.1 (HKLM\...\{EC7AA477-EA73-4d72-B1C8-E5AC1BB58175}) (Version: 3.1 - Blue Cat Audio)
Blue Cat's Phaser AAX-x64 3.1 (HKLM\...\{C073F19C-017D-43cd-A1DC-08E23D9C5EF7}) (Version: 3.1 - Blue Cat Audio)
Blue Cat's Triple EQ AAX-x64 4.1 (HKLM\...\{366D6311-94B1-45ce-82A4-F582106EEBA4}) (Version: 4.1 - Blue Cat Audio)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated)
CouponBar (HKLM-x32\...\CouponBar5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
Dropbox (HKCU\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
elysia niveau filter 1.4 (HKLM\...\elysia niveau filter_is1) (Version:  - Plugin Alliance)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.27.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GrindMachineFree version 1.0.0 (HKLM\...\GrindMachineFree_is1) (Version: 1.0.0 - )
HeadCrusherFree version 1.0.0 (HKLM\...\HeadCrusherFree_is1) (Version: 1.0.0 - )
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{791D3241-C6A4-417F-82E6-00543B6E5012}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KlipFreak version 1.0.0 (HKLM\...\KlipFreak_is1) (Version: 1.0.0 - )
LeapFrog Connect (HKLM-x32\...\{8A0C34E5-01A6-476B-87F3-321ABAA3948D}) (Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog LeapPad Explorer Plugin (HKLM-x32\...\{A7D849DD-D940-4ECF-ABF2-2022C60F85C9}) (Version: 6.0.19.19317 - LeapFrog) Hidden
MeldaProduction MFreeEffectsBundle64 8 (HKLM-x32\...\MeldaProduction MFreeEffectsBundle64 8) (Version:  - MeldaProduction)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.16 - Symantec Corporation)
o-clip version 1.5(584de42) (HKLM-x32\...\{6DF569A0-9DB0-449B-8A82-88F8F767490Co-clip}_is1) (Version: 1.5(584de42) - audioD3CK)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
P@H-Protocol (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.3.0756 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win64 (HKLM-x32\...\InstallShield_{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.4.3.0756 - PACE Anti-Piracy, Inc.)
PhoneRescue 1.2.0 (HKLM-x32\...\{2FAFFE02-4D6B-4C0A-906B-1B33DAF0DD14}}_is1) (Version: 1.2.0 - iMobie Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.7.0 - Ralink)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
RealDownloader (HKLM-x32\...\{0b2ba5b5-983a-4565-ace1-2e55014848d2}) (Version: 17.0.14.26 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{0F44CC14-936F-4A6D-A4B4-4953AE174A2A}) (Version: 17.0.14.8 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{7D700940-82E4-4442-B8AF-EF6C9C509C06}) (Version: 17.0.14.26 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.14 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Search Protection (HKCU\...\Search Protection) (Version: 10.8.0.1 - Spigot, Inc.)
Tune Tools for iPod (HKLM-x32\...\{31B5C6E6-15A4-4614-8169-DA9576575715}) (Version: 1.00.0000 - ValuSoft)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Video Downloader (HKLM-x32\...\{65257823-1757-44CF-B23A-D615D7CC460D}) (Version: 1.0.0 - RealNetworks) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Wise Registry Cleaner 8.52 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.52 - WiseCleaner.com, Inc.)
Wondershare Dr.Fone for iOS(Build 4.6.0.29) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 4.6.0.29 - Wondershare Software Co.,Ltd.)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 8090.69 MB
Available physical RAM: 5412.48 MB
Total Pagefile: 16282.69 MB
Available Pagefile: 13015.2 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.61 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.17 GB) (Free:861.63 GB) NTFS

========================= Users: ========================================

User accounts for \\STUDIO

0340E2173D2841A58AC1     Administrator            EEFA379A6C8440CC9DE2    
Guest                    Jay Rosa                

**** End of log ****



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:12:40 PM

Posted 05 June 2015 - 12:50 PM

warning.gifPC Booster/Tune-Up Program Warning!
"PC Booster/Tune Up" programs are part of the worst programs you can install on a system. When it comes to messing up your system (Windows), these are as worst as malware. They are completely worthless and useless to use. The worst is that they'll often take action on your system without you knowing, nor authorizing it, which could lead to your system being altered in a way you don't want it to be or even worst, a "broke" system. Every feature they provide, you can either do it natively under Windows, do it via another standalone executable (which is way easier and safer to use) or they aren't providing something you need. Here's a few examples:
  • Cleaning temporary files: TFC (standalone executable), CCleaner (installed), Cleanmgr.exe (in-built);
  • Managing start-up entries: Autoruns (standalone executable), CCleaner (installed), Task Manager and Registry (in-built);
  • Driver Updater: Not needed, all you need is to go on your manufacturer website so you'll be sure to get the right, official, working drivers for your computer or hardware;
  • Registry Cleaner/Defragger: Completely useless and also dangerous;
  • Disk Defragging: Disk Defrag (in-built), O&O Disk Defrag (installed), Defraggler (installed);
  • Powerful uninstaller: Not needed, only needed when you have to make sure a program is completely uninstalled. Revo Uninstaller have a portable version you can use;
  • "Enhanced" Task Manager: Procexp (standalone executable), Process Hacker (portable or installed);
  • "Active security": Any Antivirus and Antimalware can beat that, easily. These programs aren't made to replace Antivirus or Antimalware products and shouldn't be seen as such;
  • Repair Hard Drive issues: Simple chkdsk /r command under Windows (in-built);
Having such program installing on your system will just bloat it down and you have more chances to have issues by using them than without. These products are advertised as a program that can solve all your issues, remove every malware, speed up your computer performance over 100%, etc. The truth is that there's not a single program that can do that. First of all, these programs aren't made to remove virus and malware, leave this in the hands of Antivirus and Antimalware, period. Secondly, there's so many kind of issues under Windows that there's not a single program that can address them all. If you think that BSOD (Blue Screen of Death) issues can be solved by opening a program and clicking on a "Fix" button, then I'm sorry to tell you but, you're wrong. Also, you cannot boost the performance of a hardware over it's hardware capabilities. Of course you can overclock some components, like your CPU, RAM and GPU, but these aren't done via these programs, but via your BIOS interface. I could recommend you a program for every feature these programs advertise, and also tell you exactly in detail why most of them are completely useless, such as Registry cleaner (dangerous to use), and driver updater (dangerous to use, and also completely useless, it'll not improve your system performance). In the end, buying such programs is the exact same as being scammed (because this is what it is, a pure scam) and using one of these programs will result you in having a system less performant than prior to using it.

Relevant articles if you want to read more about PC Boosters/Optimizers and why they are useless:warning.gifRegistry Cleaners Warning!
I see that you have a Registry Cleaner program installed. These programs are known to be harmful to the system and should not be used for any reason there is. It's a known fact that using Registry Cleaners can easily break a Windows installation, to the point where a complete reinstallation might be needed. Here's a few myths about using these programs, and why they are just plainly false.
  • "Using a Registry Cleaner will improve a system's performance" - False. The Windows Registry is a big database which contains information on everything present on the system, from the boot settings to how your programs looks when you open them. There's so many entries in it that cleaning even thousands of them isn't enough to boost a system performance. Also, there's no studies, tests, benchmarks, etc. which shows that using Registry Cleaners actually improve a system speed;
  • "Using a Registry Cleaner will fix all your errors" - False. Using a Registry Cleaner won't fix any problems at all. In fact, it have more chances to create them if anything. There's no program that can fix every problems in a simple click, and there probably never will. If you have an error, it's better to troubleshoot that error in particuliar by finding what's causing it and fixing it than using a software that might give you more errors;
  • "If you don't use a Registry Cleaner, you'll leave a door open for malware" - False. It is rare that malware will actually hijack orpheans keys and keypairs in the Registry to create persistence or install themself. They'll usually create their own keys/keypairs since they have been instructed (coded) to do so, and the creator cannot expect every system he'll infect to have leftover keys. Also, pretty much only Reg Loading Points in the Registry would be of any interest for a malware to hijack, and these are usually occupied already, or quickly deleted when empty;
  • Registry Cleaners aren't Registry Defraggers - These are two different kind of software who have two distinct function each.
  • On a last note, there's a lot of Registry Cleaners out here that won't create a back-up of your Registry before applying the changes they make. Which means that if you use them and clean entries that prevents Windows to reboot after, locking you out of your computer, you won't be able to restore a precedent Registry back-up via the Recovery PE. This means that if you can't fix the boot issue after that, you'll most likely be forced to reinstall Windows;
Registry Cleaners were used back in the days by developers who were using a OLE-schema for their applications. They used these to clean the Registry after uninstalling their programs, just in case there was traces of it left behind that could affect a reinstallation. These were back in the Windows 95 and Windows 98 days and this practice isn't in effect anymore. Therefore, there's no reason for you to use such programs and quite a few to avoid them instead.

Here's more articles on Registry Cleaners that are worth a read if you want to learn more about them and why you shouldn't use them.Please uninstall the following programs:
  • AVG PC TuneUp 2015 - Before uninstalling it, undo every changes it made - http://www.avg.com/ca-en/faq.num-3906
  • Bing Bar;
  • Coupon Printer for Windows;
  • CouponBar;
  • Java 8 Update 31;
  • Search Protection;
  • Wise Registry Cleaner;
You also have two Antivirus programs installed, AVG and Norton 360. You should never have more than one Antivirus program installed at once on a system since having more than one can create system instability and conflict. Read the "IMPORTANT NOTE" in the article below by quietman.

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

This being said, please uninstall either AVG or Norton 360 along the programs I listed above.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 JayRosa

JayRosa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 05 June 2015 - 01:48 PM

Amazing. I assumed that because AVG was offering the program (PCtuneUP) that it was legit, clearly I was wrong. I've uninstalled every program that you've asked to be removed, including Norton (My subscription is expired, so I figured AVG would be the better route for now). I didn't realize how conflicting it was for any computer to have more than one anti-virus software installed. You have enlightened me and bestowed priceless knowledge upon me for free, that is rare. Thank you.
Now, is there anything else I should do before trying for Google Chrome, again?



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:12:40 PM

Posted 05 June 2015 - 01:51 PM

You had a few malicious programs installed, so I would like to make sure there's no remnants left before we try again :) Follow the instructions below please.

zcMPezJ.pngAdwCleaner - Scan Mode
  • Download AdwCleaner and move it to your Desktop;
  • Execute AdwCleaner, accept the EULA (I accept), let the database update, then click on Scan;
    ntsRTTA.png
  • Let the scan complete. Once it's done, click on the Logfile button to open the scan log;
    I9NO2Hi.png
  • Please copy/paste the content of the log that will open in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Scan Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
    q3nQ816.png
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Scan Now;
    Tu39lqJ.png
  • Let the scan run, the time required to complete the scan depends of your system;
    Qqbh4g8.png
  • Once the scan is complete, click on the Saves Results button, and select Copy to clipboard;
    FhOtwqv.png
  • From there, paste the content of the clipboard in your next reply;
N7Ku0v4.pngYour next post should include:
  • AdwCleaner scan log;
  • Malwarebytes scan log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 JayRosa

JayRosa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 05 June 2015 - 02:02 PM

# AdwCleaner v4.206 - Logfile created 05/06/2015 at 14:55:52
# Updated 01/06/2015 by Xplode
# Database : 2015-06-05.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Jay Rosa - STUDIO
# Running from : C:\Users\Jay Rosa\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Jay Rosa\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
Folder Found : C:\Program Files (x86)\BrowseFox
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\PacFunction
Folder Found : C:\Program Files (x86)\WahiaTeOFaferssAapp
Folder Found : C:\ProgramData\Conduit
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\Users\Jay Rosa\AppData\Local\Conduit
Folder Found : C:\Users\Jay Rosa\AppData\LocalLow\Conduit
Folder Found : C:\Users\Jay Rosa\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Jay Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\winx-dvd-player.en.softonic.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3991A4DA-06FD-4F84-8B16-12AF602D51C6}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{61EABD3B-D5A1-43E0-B2C5-113D24B1A137}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : [x64] HKCU\Software\1ClickDownload
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3991A4DA-06FD-4F84-8B16-12AF602D51C6}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{61EABD3B-D5A1-43E0-B2C5-113D24B1A137}
Key Found : HKLM\SOFTWARE\Avg Secure Update
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CBD6173B-4061-4104-BF2F-C8E81389DB27}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKU\.DEFAULT\Software\Avg Secure Update

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://search.yahoo.com/?type=903578&fr=spigot-yhp-ie

-\\ Mozilla Firefox v

-\\ Google Chrome v

[C:\Users\Jay Rosa\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Jay Rosa\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

*************************

AdwCleaner[R0].txt - [10661 bytes] - [05/06/2015 14:55:52]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10721 bytes] ##########



#8 JayRosa

JayRosa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 05 June 2015 - 02:21 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/5/2015
Scan Time: 3:04:58 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.05.05
Rootkit Database: v2015.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Jay Rosa

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376571
Time Elapsed: 14 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 98
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0FA32667-9A8A-4E9C-902F-CA3323180003}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{2A42D13C-D427-4787-821B-CF6973855778}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6B458F62-592F-4B25-8967-E6A350A59328}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.TBSB07898.3, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.TBSB07898, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.TBSB07898, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TBSB07898.TBSB07898, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\TBSB07898.IEToolbar.1, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.IEToolbar.1, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TBSB07898.TBSB07898.3, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TBSB07898.IEToolbar, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TBSB07898.IEToolbar.1, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TBSB07898.TBSB07898.3, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, , [2aef0cab6921fd39046d1256bf44956b],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}, , [d24740776d1d74c2c6f09dc813f03ac6],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}, , [d24740776d1d74c2c6f09dc813f03ac6],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}, , [d24740776d1d74c2c6f09dc813f03ac6],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}, , [d24740776d1d74c2c6f09dc813f03ac6],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{4897BBA6-48D9-468C-8EFA-846275D7701B}, , [d24740776d1d74c2c6f09dc813f03ac6],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}, , [d24740776d1d74c2c6f09dc813f03ac6],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{4509D3CC-B642-4745-B030-645B79522C6D}, , [d24740776d1d74c2c6f09dc813f03ac6],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\URLSearchHook.ToolbarURLSearchHook.1, , [d24740776d1d74c2c6f09dc813f03ac6],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\URLSearchHook.ToolbarURLSearchHook, , [d24740776d1d74c2c6f09dc813f03ac6],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\URLSearchHook.ToolbarURLSearchHook, , [d24740776d1d74c2c6f09dc813f03ac6],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\URLSearchHook.ToolbarURLSearchHook, , [d24740776d1d74c2c6f09dc813f03ac6],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\URLSearchHook.ToolbarURLSearchHook.1, , [d24740776d1d74c2c6f09dc813f03ac6],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\URLSearchHook.ToolbarURLSearchHook.1, , [d24740776d1d74c2c6f09dc813f03ac6],
PUP.Optional.Softomate.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}, , [d24740776d1d74c2c6f09dc813f03ac6],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, , [ec2da215b8d2de58ddef4c1ab54e4eb2],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898.1, , [ec2da215b8d2de58ddef4c1ab54e4eb2],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.TBSB07898, , [ec2da215b8d2de58ddef4c1ab54e4eb2],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898, , [ec2da215b8d2de58ddef4c1ab54e4eb2],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Toolbar3.TBSB07898, , [ec2da215b8d2de58ddef4c1ab54e4eb2],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.TBSB07898.1, , [ec2da215b8d2de58ddef4c1ab54e4eb2],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Toolbar3.TBSB07898.1, , [ec2da215b8d2de58ddef4c1ab54e4eb2],
PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, , [ec2da215b8d2de58ddef4c1ab54e4eb2],
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, , [ec2da215b8d2de58ddef4c1ab54e4eb2],
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, , [ec2da215b8d2de58ddef4c1ab54e4eb2],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [e4352f88d0ba10265c71362f04ff7987],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, , [e4352f88d0ba10265c71362f04ff7987],
PUP.Optional.WhiteOfferApp.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{CBD6173B-4061-4104-BF2F-C8E81389DB27}, , [68b15f58602a8da997978762f11251af],
PUP.Optional.WhiteOfferApp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0C7535C8-84D1-4B72-9520-F4533E4ABBCA}, , [68b15f58602a8da997978762f11251af],
PUP.Optional.WhiteOfferApp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0DBDB374-27C0-4C30-9228-20E8B710DB23}, , [68b15f58602a8da997978762f11251af],
PUP.Optional.WhiteOfferApp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B4F339B-8CA1-4DC3-BD5C-D8914A1C8605}, , [68b15f58602a8da997978762f11251af],
PUP.Optional.WhiteOfferApp.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{64326C33-04EB-4810-98DD-A2F386A10901}, , [68b15f58602a8da997978762f11251af],
PUP.Optional.WhiteOfferApp.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0C7535C8-84D1-4B72-9520-F4533E4ABBCA}, , [68b15f58602a8da997978762f11251af],
PUP.Optional.WhiteOfferApp.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0DBDB374-27C0-4C30-9228-20E8B710DB23}, , [68b15f58602a8da997978762f11251af],
PUP.Optional.WhiteOfferApp.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B4F339B-8CA1-4DC3-BD5C-D8914A1C8605}, , [68b15f58602a8da997978762f11251af],
PUP.Optional.WhiteOfferApp.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{64326C33-04EB-4810-98DD-A2F386A10901}, , [68b15f58602a8da997978762f11251af],
PUP.Optional.WhiteOfferApp.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0C7535C8-84D1-4B72-9520-F4533E4ABBCA}, , [68b15f58602a8da997978762f11251af],
PUP.Optional.WhiteOfferApp.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{0DBDB374-27C0-4C30-9228-20E8B710DB23}, , [68b15f58602a8da997978762f11251af],
PUP.Optional.WhiteOfferApp.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{1B4F339B-8CA1-4DC3-BD5C-D8914A1C8605}, , [68b15f58602a8da997978762f11251af],
PUP.Optional.WhiteOfferApp.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{64326C33-04EB-4810-98DD-A2F386A10901}, , [68b15f58602a8da997978762f11251af],
PUP.Optional.WhiteOfferApp.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{CBD6173B-4061-4104-BF2F-C8E81389DB27}, , [68b15f58602a8da997978762f11251af],
PUP.Optional.WhiteOfferApp.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{CBD6173B-4061-4104-BF2F-C8E81389DB27}, , [68b15f58602a8da997978762f11251af],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [44d5387ffb8f3105d998bbc84eb7b749],
PUP.Optional.TornTV.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bicnnkjibmphdeigoodpjlcklcnaobdj, , [4acf8d2ad7b3d066e559cc5d42c226da],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cnpkmcjgpcihgfnkcjapiaabbbplkcmf, , [a673328541490135cd131fdbdc276898],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, , [51c8b4030e7c8caae091bbc8f5104ab6],
PUP.Optional.TornTV.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, , [77a21d9aabdf3501f565f73aec18c53b],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\1ClickDownload, , [1702f6c13951c076f5a5f25bfb0ab44c],
PUP.Optional.GigaClicks.C, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\GigaClicks, , [69b0467149417eb842ff925818eb60a0],
PUP.Optional.Conduit.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, , [f92021967c0ef541f4b607f8bd467e82],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [1603eec9cbbf47ef302a5808828301ff],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2AC107D6-41CF-490D-89FF-6B8A1FFDD66C}, , [ff1aae096f1bb3836623156bce37b54b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{88336CCC-5678-4815-84C7-3E91ED655EB9}, , [3cdd9621e7a33ef87a106818a065d52b],
PUP.Optional.Conduit.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3991A4DA-06FD-4F84-8B16-12AF602D51C6}, , [f326cdea2b5faf87e29dac3ff211ea16],
PUP.Optional.Conduit.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{61EABD3B-D5A1-43E0-B2C5-113D24B1A137}, , [e8311c9bb9d13ff77e016c7f63a07c84],
PUP.Optional.Spigot.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C425D1B6-ACDA-46EF-8EE7-829D9C90C7AB}, , [c15826918cfe72c4b1b58c5e3cc75aa6],

Registry Values: 10
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [44d5387ffb8f3105d998bbc84eb7b749]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [51c8b4030e7c8caae091bbc8f5104ab6]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2AC107D6-41CF-490D-89FF-6B8A1FFDD66C}|AppName, Torntv V9.0-enabler.exe-buttonutil.exe, , [ff1aae096f1bb3836623156bce37b54b]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{88336CCC-5678-4815-84C7-3E91ED655EB9}|AppName, Torntv V9.0-enabler.exe-codedownloader.exe, , [3cdd9621e7a33ef87a106818a065d52b]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3991A4DA-06FD-4F84-8B16-12AF602D51C6}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309655&CUI=UN43581308432522209&UM=2, , [f326cdea2b5faf87e29dac3ff211ea16]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3991A4DA-06FD-4F84-8B16-12AF602D51C6}|SuggestionsURL_JSON, http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, , [d049348397f3b3837906a744de2509f7]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3991A4DA-06FD-4F84-8B16-12AF602D51C6}|FaviconURL, http://search.conduit.com/favicon.ico, , [e831793e4842d75f0a7540ab20e3e21e]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{61EABD3B-D5A1-43E0-B2C5-113D24B1A137}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3309655&CUI=UN43581308432522209&UM=2&UP=SP323B5843-8AD2-49C2-A152-1A98D9A12239&SSPV=, , [e8311c9bb9d13ff77e016c7f63a07c84]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{61EABD3B-D5A1-43E0-B2C5-113D24B1A137}|SuggestionsURL_JSON, http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, , [bd5cbbfc5c2ea2945629a546ca39718f]
PUP.Optional.Spigot.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C425D1B6-ACDA-46EF-8EE7-829D9C90C7AB}|URL, https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}, , [c15826918cfe72c4b1b58c5e3cc75aa6]

Registry Data: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://search.yahoo.com/?type=903578&fr=spigot-yhp-ie, Good: (www.google.com), Bad: (https://search.yahoo.com/?type=903578&fr=spigot-yhp-ie),,[15043582890101351197d854c244da26]

Folders: 3
PUP.Optional.WhiteOfferApp.A, C:\Program Files (x86)\WahiaTeOFaferssAapp, , [68b15f58602a8da997978762f11251af],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, , [6eabc4f31a70af87a0f770448182e61a],
PUP.Optional.TornTV.A, C:\Users\Jay Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com, , [69b0e6d13f4b4aec9cb52ca5857e9868],

Files: 2
PUP.Optional.WhiteOfferApp.A, C:\Program Files (x86)\WahiaTeOFaferssAapp\EQtoWJlbEJ5FDC.tlb, , [68b15f58602a8da997978762f11251af],
PUP.Optional.WhiteOfferApp.A, C:\Program Files (x86)\WahiaTeOFaferssAapp\EQtoWJlbEJ5FDC.dat, , [68b15f58602a8da997978762f11251af],

Physical Sectors: 0
(No malicious items detected)

(end)



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:12:40 PM

Posted 05 June 2015 - 02:24 PM

A lot of detections in here :) Let's get rid of all of them!

For AdwCleaner, run the scan again and click on the Cleaning button instead. Once the operation is complete, it'll ask you to reboot the computer. Pressing on Ok will restart it. A log will open after the restart. Copy and paste it here.

For Malwarebytes, make sure all the detections are checked and click on Delete selected. Once done, click on Save results... and pick Copy to clipboard. Then come here and copy (Ctrl + V) in your reply to post it.

And lastly, we'll run JRT.

lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Execute JRT, press on a key and let it complete its scan;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 JayRosa

JayRosa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 05 June 2015 - 02:38 PM

bleep. So I ran adware and didn't realize that when it restarted, it showed me the log immediately. I thought it was my previous log that I had copy and pasted to you, so I ran adware again and clean again, then restarted. I realized after this restart that the log I WAS looking at WAS what you wanted and needed. I'm sorry. The log now shows that adware basically did nothing because it already took care of it. I apologize if this is a problem. I'll run Malwarebytes now.


# AdwCleaner v4.206 - Logfile created 05/06/2015 at 15:32:24
# Updated 01/06/2015 by Xplode
# Database : 2015-06-05.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Jay Rosa - STUDIO
# Running from : C:\Users\Jay Rosa\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [10889 bytes] - [05/06/2015 14:55:52]
AdwCleaner[R1].txt - [859 bytes] - [05/06/2015 15:29:08]
AdwCleaner[R2].txt - [917 bytes] - [05/06/2015 15:31:20]
AdwCleaner[S0].txt - [10493 bytes] - [05/06/2015 15:25:27]
AdwCleaner[S1].txt - [843 bytes] - [05/06/2015 15:32:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [901  bytes] ##########



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:12:40 PM

Posted 05 June 2015 - 02:40 PM

It's all good no worries :) I'll stand by for the Malwarebytes and JRT logs. Also, all the older logs are in C:\AdwCleaner\Logs. The one you are looking for is most likely the AdwCleaner[S0].txt.

Edited by Aura., 05 June 2015 - 02:40 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 JayRosa

JayRosa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 05 June 2015 - 02:53 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/5/2015
Scan Time: 3:40:05 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.06.05.05
Rootkit Database: v2015.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Jay Rosa

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376126
Time Elapsed: 12 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 12
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, , [74a5585fccbe94a2c2af392f40c30df3],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, , [74a5585fccbe94a2c2af392f40c30df3],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, , [74a5585fccbe94a2c2af392f40c30df3],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, , [74a5585fccbe94a2c2af392f40c30df3],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [00196f487c0e69cd571a5a291aeb639d],
PUP.Optional.CouponBar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\cnpkmcjgpcihgfnkcjapiaabbbplkcmf, , [33e6f9becdbd2016f7e91dddbe45c040],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, , [5dbc3582523834024d24daa98f76d12f],
PUP.Optional.TornTV.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, , [ef2a37802d5d33033b1f072aa75d629e],
PUP.Optional.GigaClicks.C, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\GigaClicks, , [c059aa0de1a9310542ffda106a99f709],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2AC107D6-41CF-490D-89FF-6B8A1FFDD66C}, , [3adffdba5d2db482a5e42f51e124cb35],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{88336CCC-5678-4815-84C7-3E91ED655EB9}, , [3cdd36812a60f145b0da60207a8ba957],
PUP.Optional.Spigot.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C425D1B6-ACDA-46EF-8EE7-829D9C90C7AB}, , [76a3c3f4b1d981b5392de901c142a15f],

Registry Values: 5
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [00196f487c0e69cd571a5a291aeb639d]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [5dbc3582523834024d24daa98f76d12f]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2AC107D6-41CF-490D-89FF-6B8A1FFDD66C}|AppName, Torntv V9.0-enabler.exe-buttonutil.exe, , [3adffdba5d2db482a5e42f51e124cb35]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{88336CCC-5678-4815-84C7-3E91ED655EB9}|AppName, Torntv V9.0-enabler.exe-codedownloader.exe, , [3cdd36812a60f145b0da60207a8ba957]
PUP.Optional.Spigot.A, HKU\S-1-5-21-3767522187-3877516347-2150386950-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C425D1B6-ACDA-46EF-8EE7-829D9C90C7AB}|URL, https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}, , [76a3c3f4b1d981b5392de901c142a15f]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:12:40 PM

Posted 05 June 2015 - 02:55 PM

This is a new scan log, right? If you did a new scan and there's still detections, please delete them as well.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 JayRosa

JayRosa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:40 PM

Posted 05 June 2015 - 03:02 PM

# AdwCleaner v4.206 - Logfile created 05/06/2015 at 15:25:27
# Updated 01/06/2015 by Xplode
# Database : 2015-06-05.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Jay Rosa - STUDIO
# Running from : C:\Users\Jay Rosa\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files (x86)\BrowseFox
Folder Deleted : C:\Program Files (x86)\PacFunction
Folder Deleted : C:\Program Files (x86)\Coupons
Folder Deleted : C:\Program Files (x86)\WahiaTeOFaferssAapp
Folder Deleted : C:\Users\Jay Rosa\AppData\Local\Conduit
Folder Deleted : C:\Users\Jay Rosa\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jay Rosa\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Jay Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
File Deleted : C:\END
File Deleted : C:\Users\Jay Rosa\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBD6173B-4061-4104-BF2F-C8E81389DB27}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3991A4DA-06FD-4F84-8B16-12AF602D51C6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{61EABD3B-D5A1-43E0-B2C5-113D24B1A137}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Avg Secure Update
Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\winx-dvd-player.en.softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

-\\ Google Chrome v

[C:\Users\Jay Rosa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Jay Rosa\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

*************************

AdwCleaner[R0].txt - [10889 bytes] - [05/06/2015 14:55:52]
AdwCleaner[S0].txt - [10276 bytes] - [05/06/2015 15:25:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10336  bytes] ##########


That was the one I should've sent to begin with. I'll re-run malware program as well.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.8 (06.03.2015:1)
OS: Windows 8.1 x64
Ran by Jay Rosa on Fri 06/05/2015 at 15:55:31.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Wise Registry Cleaner Schedule Task
Successfully deleted: [Task] C:\WINDOWS\tasks\Wise Registry Cleaner Schedule Task.job

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\Users\Jay Rosa\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERINTERFACE.EXE-141AB788.pf

 

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\13416415859324247698

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/05/2015 at 16:00:48.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:12:40 PM

Posted 05 June 2015 - 03:05 PM

That's good :) Last scan, this one can take a while to complete.

ESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.
  • Download and execute ESET Online Scanner (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
  • Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :
    • Enable detection of potentially unwanted applications;
    • Scan archives;
    • Scan for potentially unsafe applications;
    • Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;
    w0L3Iq1.png
  • After you're done checking these options, click on "Start" and ESET Online Scanner will download it's virus signature database before starting the scan;
    WDh2daO.png
  • Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
    iYk249p.png
  • After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
    SQWS5b1.png
  • Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
    OkgGDKc.png
  • Once you're done, click on the Back button;
  • Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users