TechSpot

Unknown virus / malware

By BlazinGhost
Apr 6, 2016
  1. Hello, my uncle has an unknown virus / malware, I'm not really sure what it is but its been a while since he has used this computer ever since. I was just wondering if I could still clean the computer to where it would work smoothly again. Any help would be greatly appreciated!

    Thank you in advance!

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
    Ran by Long Ho (administrator) on LONGHO-PC (06-04-2016 18:37:51)
    Running from C:\Users\Long Ho\Downloads
    Loaded Profiles: Long Ho & fbwuser & (Available Profiles: Long Ho & fbwuser)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
    () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
    (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
    (Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
    () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
    (Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Akamai Technologies, Inc.) C:\Users\Long Ho\AppData\Local\Akamai\netsession_win.exe
    (ManyCam LLC) C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
    (Akamai Technologies, Inc.) C:\Users\Long Ho\AppData\Local\Akamai\netsession_win.exe
    (AVM Software Inc.) C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    () C:\Program Files (x86)\AVG Secure Search\vprot.exe
    (Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Bootstrap Development, LLC.) C:\Program Files (x86)\DriverHive\DriverHiveTray.exe
    (APN LLC.) C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
    (APN LLC.) C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
    () C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
    (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\nacl64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1928976 2010-03-05] (Intel(R) Corporation)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)
    HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
    HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
    HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2571288 2014-06-29] ()
    HKLM-x32\...\Run: [Sendori Tray] => C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1719184 2015-09-14] (APN)
    HKLM-x32\...\Run: [DriverHiveTray] => C:\Program Files (x86)\DriverHive\DriverHiveTray.exe [2401096 2013-04-04] (Bootstrap Development, LLC.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390096 2016-04-06] (AVAST Software)
    HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIANgBGAEUAOQAtAEYARgBQADYANAAtAFQAOAA0AE0AUgAtAE8ARwBXAFQAVgAtADcARQBNAEIAUgA"&"inst=NwA2AC0AMQAzADIANgAzAD (the data entry has 146 more characters).
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Long Ho\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
    HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe [5412688 2013-05-15] (ManyCam LLC)
    HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\Run: [Facebook Update] => C:\Users\Long Ho\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-14] (Facebook Inc.)
    HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\Policies\system: [DisableLockWorkstation] 0
    HKU\S-1-5-21-3848370409-3741171536-3620649475-1001\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe [1266712 2013-06-03] (AVG Secure Search)
    HKU\S-1-5-21-3848370409-3741171536-3620649475-1001\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] => C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe [1266712 2013-06-07] (AVG Secure Search)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-06] (AVAST Software)
    Startup: C:\Users\Long Ho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk [2013-05-02]
    ShortcutTarget: PalTalk.lnk -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [S-1-5-21-3848370409-3741171536-3620649475-1001.bak] => Proxy is enabled.
    ProxyServer: [S-1-5-21-3848370409-3741171536-3620649475-1001.bak] => http=127.0.0.1:8555
    Winsock: Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [325920 2013-07-01] (Sendori)
    Winsock: Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [325920 2013-07-01] (Sendori)
    Winsock: Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [325920 2013-07-01] (Sendori)
    Winsock: Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [325920 2013-07-01] (Sendori)
    Winsock: Catalog9 15 C:\Windows\SysWOW64\Sendori.dll [325920 2013-07-01] (Sendori)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{060159F0-1D5A-4DEB-A152-C6F73A7FD099}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{55543BD6-3C3B-42FE-A810-086B7605A19C}: [NameServer] 0.0.0.0
    Tcpip\..\Interfaces\{8126925C-8FAA-45A2-888C-1B173FCA7257}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?l=dis&o=APN10278&gct=hp&apn_ptnrs=^AHN&apn_dtid=^YYYYYY^YY^US&p2=^AHN^YYYYYY^YY^US&tpid=PLTV5-SAT&apn_dbr=cr_26.0.1410.64
    URLSearchHook: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
    SearchScopes: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
    SearchScopes: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> {534988A9-2273-4A7C-B76C-72B93AF5D559} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=MYC2&o=APN10415&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AIS&apn_dtid=^zzz003^YY^US&apn_uid=a0c523d1-4c37-4141-a683-3098a7efc4fe&apn_sauid=0AB8FC1A-9617-4B68-B273-65D4A10AB19A
    SearchScopes: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={F7E255C4-D628-4693-9842-5AC2C5B3FEFF}&mid=61ce2aa8191747d0808475f39d2ca47c-1c6cb6d579c7b10557b9717f83c3207e7f91abd2&lang=en&ds=AVG&pr=pr&d=2012-11-04 22:52:40&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> {C95F22AA-1961-4356-AC01-7619219EF0F8} URL = hxxp://search.avg.com/route/?d=50975346&v=6.103.18.1&I=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
    SearchScopes: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
    BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO: Ask Toolbar -> {4D594333-0076-A76A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport_x64.dll [2015-09-14] (APN LLC.)
    BHO: Ask Shopping Toolbar -> {504C5456-352D-5341-5400-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Passport_x64.dll [2015-04-27] (APN LLC.)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-06] (AVAST Software)
    BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File
    BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO-x32: Ask Toolbar -> {4D594333-0076-A76A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll [2015-09-14] (APN LLC.)
    BHO-x32: Ask Shopping Toolbar -> {504C5456-352D-5341-5400-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Passport.dll [2015-04-27] (APN LLC.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-11-21] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-06] (AVAST Software)
    BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll [2014-06-29] (AVG Secure Search)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-11-21] (Oracle Corporation)
    Toolbar: HKLM - Ask Toolbar - {4D594333-0076-A76A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport_x64.dll [2015-09-14] (APN LLC.)
    Toolbar: HKLM - Ask Shopping Toolbar - {504C5456-352D-5341-5400-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Passport_x64.dll [2015-04-27] (APN LLC.)
    Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll [2014-06-29] (AVG Secure Search)
    Toolbar: HKLM-x32 - Ask Toolbar - {4D594333-0076-A76A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll [2015-09-14] (APN LLC.)
    Toolbar: HKLM-x32 - Ask Shopping Toolbar - {504C5456-352D-5341-5400-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Passport.dll [2015-04-27] (APN LLC.)
    Toolbar: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll [2014-06-29] (AVG Secure Search)

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll [No File]
    FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-21] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-11-21] (Oracle Corporation)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-06] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-06] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3848370409-3741171536-3620649475-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Long Ho\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-06]
    FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5
    FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013-05-20] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

    Chrome:
    =======
    CHR Profile: C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Ask Toolbar) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala [2014-07-06] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3201318&extensionData=\u003Cextension_data>] <==== ATTENTION
    CHR Extension: (Google Drive) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-06]
    CHR Extension: (Ask Toolbar) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-04-06]
    CHR Extension: (YouTube) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-06]
    CHR Extension: (Google Search) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-28]
    CHR Extension: (Google) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\iofmibpjgjjfhliohjkfgndkjliadbje [2013-03-20] [UpdateUrl: hxxp://apps.shop-o-saur.us/couponfever/updates.xml] <==== ATTENTION
    CHR Extension: (AVG Security Toolbar) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-05-20]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
    CHR Extension: (Gmail) - C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-06]
    CHR HKLM\...\Chrome\Extension: [aaaamlnbcjjkcgabjgbhdkjncianpaah] - C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\CRX\ToolbarCR.crx [2015-10-16]
    CHR HKLM\...\Chrome\Extension: [aaaampchjhlgeekenmfaghmbmokendck] - C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\CRX\ToolbarCR.crx [2015-06-08]
    CHR HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ahilkiibpgjnonbhdfkkgjddddmapala] - C:\Users\Long Ho\AppData\Local\CRE\ahilkiibpgjnonbhdfkkgjddddmapala.crx [2013-01-20]
    CHR HKLM-x32\...\Chrome\Extension: [aaaamlnbcjjkcgabjgbhdkjncianpaah] - C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\CRX\ToolbarCR.crx [2015-10-16]
    CHR HKLM-x32\...\Chrome\Extension: [aaaampchjhlgeekenmfaghmbmokendck] - C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\CRX\ToolbarCR.crx [2015-06-08]
    CHR HKLM-x32\...\Chrome\Extension: [ahilkiibpgjnonbhdfkkgjddddmapala] - C:\Users\Long Ho\AppData\Local\CRE\ahilkiibpgjnonbhdfkkgjddddmapala.crx [2013-01-20]
    CHR HKLM-x32\...\Chrome\Extension: [iofmibpjgjjfhliohjkfgndkjliadbje] - C:\Users\Long Ho\AppData\Roaming\OpenCandy\9BA9C01919CE488DADCFED3D004D6423\ZenDealsApp.crx [2012-11-18]
    CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.2.0.5\avg.crx [2013-05-20]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [206224 2015-09-14] (APN LLC.)
    R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.) <==== ATTENTION
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-06] (AVAST Software)
    R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-16] (AnchorFree Inc.) [File not signed]
    S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-16] ()
    R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
    R3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
    R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
    R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori) <==== ATTENTION
    R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1813528 2014-06-29] (AVG Secure Search)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-06] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-06] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-06] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-06] (AVAST Software)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-06] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-06] (AVAST Software)
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-06] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-06] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-06] (AVAST Software)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-29] (AVG Technologies)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
    R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
    R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
    R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
    U4 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [X]
    R4 AVGIDSDriver; system32\DRIVERS\avgidsdrivera.sys [X]
    R4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
    R4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
    R4 Avgtdia; system32\DRIVERS\avgtdia.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-06 18:41 - 2016-04-06 18:41 - 02374144 _____ (Farbar) C:\Users\Long Ho\Downloads\FRST64.exe
    2016-04-06 18:37 - 2016-04-06 18:38 - 00023016 _____ C:\Users\Long Ho\Downloads\FRST.txt
    2016-04-06 18:37 - 2016-04-06 18:37 - 00987728 _____ (Google Inc.) C:\Users\Long Ho\Downloads\ChromeSetup.exe
    2016-04-06 18:37 - 2016-04-06 18:37 - 00000000 ____D C:\FRST
    2016-04-06 18:36 - 2016-04-06 18:36 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2016-04-06 18:36 - 2016-04-06 18:36 - 00000000 ____D C:\Users\Long Ho\AppData\Roaming\AVAST Software
    2016-04-06 18:36 - 2016-04-06 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2016-04-06 18:35 - 2016-04-06 18:36 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2016-04-06 18:35 - 2016-04-06 18:35 - 00003044 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1459992931
    2016-04-06 18:35 - 2016-04-06 18:35 - 00001037 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
    2016-04-06 18:35 - 2016-04-06 18:35 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-04-06 18:35 - 2016-04-06 18:35 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2016-04-06 18:35 - 2016-04-06 18:35 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-04-06 18:34 - 2016-04-06 18:34 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2016-04-06 18:34 - 2016-04-06 18:34 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2016-04-06 18:34 - 2016-04-06 18:34 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2016-04-06 18:34 - 2016-04-06 18:34 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2016-04-06 18:34 - 2016-04-06 18:34 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2016-04-06 18:34 - 2016-04-06 18:34 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2016-04-06 18:34 - 2016-04-06 18:34 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2016-04-06 18:34 - 2016-04-06 18:34 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2016-04-06 18:34 - 2016-04-06 18:34 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
    2016-04-06 18:34 - 2016-04-06 18:34 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2016-04-06 18:34 - 2016-04-06 18:34 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2016-04-06 18:34 - 2016-04-06 18:34 - 00000000 ____D C:\Program Files\AVAST Software
    2016-04-06 18:32 - 2016-04-06 18:34 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-04-06 18:32 - 2016-04-06 18:32 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\vjnpobii.sys
    2016-04-06 18:31 - 2016-04-06 18:32 - 00000000 ____D C:\Users\Long Ho\AppData\Local\Avg2013
    2016-04-06 18:30 - 2016-04-06 18:31 - 212261760 _____ (AVAST Software) C:\Users\Long Ho\Downloads\avast_free_antivirus_setup.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-06 18:43 - 2012-11-18 09:25 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-04-06 18:39 - 2012-11-18 09:25 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-04-06 18:39 - 2012-11-18 09:25 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-04-06 18:38 - 2012-11-18 09:25 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-04-06 18:38 - 2012-11-18 09:25 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-04-06 18:38 - 2012-11-03 19:25 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{554E5B06-5468-4FF1-A3D6-838455DE614F}
    2016-04-06 18:37 - 2009-07-13 19:34 - 00000466 _____ C:\Windows\win.ini
    2016-04-06 18:35 - 2009-07-13 22:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-04-06 18:32 - 2012-11-04 23:51 - 00000000 ____D C:\ProgramData\AVG2013
    2016-04-06 18:32 - 2012-11-04 23:46 - 00000000 ____D C:\ProgramData\MFAData
    2016-04-06 18:30 - 2009-07-13 21:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-04-06 18:30 - 2009-07-13 21:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-04-06 18:29 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2016-04-06 18:28 - 2013-06-07 17:11 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
    2016-04-06 18:28 - 2013-06-03 19:45 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
    2016-04-06 18:28 - 2013-01-21 20:01 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
    2016-04-06 18:28 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

    ==================== Files in the root of some directories =======

    2012-11-03 21:45 - 2012-11-03 21:45 - 0001263 _____ () C:\Users\Long Ho\AppData\Local\PDLSetup.20121103.214510.txt
    2012-11-03 21:45 - 2012-11-03 21:45 - 0001263 _____ () C:\Users\Long Ho\AppData\Local\PDLSetup.20121103.214527.txt

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-02-22 00:49

    ==================== End of FRST.txt ============================
     
  2. BlazinGhost

    BlazinGhost TS Rookie Topic Starter Posts: 90

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    Ran by Long Ho (2016-04-06 18:39:29)
    Running from C:\Users\Long Ho\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) (2012-11-04 02:07:08)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3848370409-3741171536-3620649475-500 - Administrator - Disabled)
    fbwuser (S-1-5-21-3848370409-3741171536-3620649475-1001 - Limited - Disabled) => C:\Users\TEMP
    Guest (S-1-5-21-3848370409-3741171536-3620649475-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3848370409-3741171536-3620649475-1003 - Limited - Enabled)
    Long Ho (S-1-5-21-3848370409-3741171536-3620649475-1000 - Administrator - Enabled) => C:\Users\Long Ho

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
    Akamai NetSession Interface (HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
    Ask Shopping Toolbar (HKLM-x32\...\{504C5456-352D-5341-5400-A758B70C1D00}) (Version: 12.29.0.1886 - APN, LLC) <==== ATTENTION
    Ask Toolbar (HKLM-x32\...\{4D594333-0076-A76A-76A7-A758B70C2300}) (Version: 12.35.0.2594 - APN, LLC) <==== ATTENTION
    ATI Catalyst Install Manager (HKLM\...\{EF5745D9-C0A7-4D40-2900-AD093F232827}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2260 - AVAST Software)
    AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.7.644 - AVG Technologies)
    Dell System Detect (HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\9204f5692a8faf3b) (Version: 3.3.2.0 - Dell)
    DriverHive (HKLM-x32\...\DriverHive_is1) (Version: - Bootstrap Development, LLC.)
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Hauppauge TV Tuner Diagnostics (1.2.7076) (HKLM-x32\...\Hauppauge TV Tuner Diagnostics) (Version: 1.2.7076 - Hauppauge Computer Works, Inc.)
    Hauppauge TV Tuner Driver (x32 Version: 1.88.27090.1 - Hauppauge Computer Works) Hidden
    Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{1A8BA6CE-822D-4888-89E2-ACBF4308F271}) (Version: 13.02.0000 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
    Intel(R) Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
    Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
    ManyCam 3.1.53 (HKLM-x32\...\ManyCam) (Version: 3.1.53 - ManyCam LLC)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    Netwaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
    Paltalk Messenger 10.3 (HKLM-x32\...\Paltalk Messenger) (Version: 10.3.0 - AVM Software Inc.)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.5.0 - Dell Inc.)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
    Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
    SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
    Sendori (HKLM-x32\...\Sendori) (Version: 2.0.15 - Sendori, Inc.) <==== ATTENTION
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501) (HKLM\...\AF09E130E2FD4D1BEFD1B9132AE624BAE0364719) (Version: 03/24/2010 6.3.0.2501 - Broadcom Corporation)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    Youtube Downloader HD v. 2.9.5 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {125860AC-28C7-47F2-BC90-02C474300F42} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-04-06] (AVAST Software)
    Task: {15305416-00C4-4874-AE70-1992898AD18C} - System32\Tasks\SafeZone scheduled Autoupdate 1459992931 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software)
    Task: {200FBA22-BE68-4949-B257-65E506AAE457} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-06] (AVAST Software)
    Task: {37DDF547-F738-4A8D-9E95-C9A60C371C0C} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{F07DCCF5-B02F-4EDC-80FA-F11AD546EAF7}.exe
    Task: {3C242BB5-5D92-4528-8EB6-8EA82685127B} - System32\Tasks\{9D74865B-8EE4-4E8A-960D-C2621E7F759A} => pcalua.exe -a "C:\Users\Long Ho\CONEXANT_D400-USB-MODEM_RY5VP_A02_SETUP_ZPE.exe" -d "C:\Users\Long Ho"
    Task: {44ED1ADB-DC2C-4B8C-A18F-9F9E1C49CFF7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-18] (Adobe Systems Incorporated)
    Task: {4769040B-3F7B-4C6A-9042-DE7DCC702461} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{6CE67B08-E43D-4A56-BE9B-65B9695A1046}.exe
    Task: {6144D477-FF73-42AA-B6FA-536C65583A86} - System32\Tasks\SuperEasyDriverUpdaterRunAtStartup => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
    Task: {8986B622-E155-4449-B167-FE89185FF735} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
    Task: {8E7FB220-84C2-42DB-8C93-E7C2D8C190C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
    Task: {94B4E40A-AE44-4E32-A0B6-51B1BEC096ED} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3848370409-3741171536-3620649475-1000UA => C:\Users\Long Ho\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-14] (Facebook Inc.)
    Task: {B5E6A8B4-4EB0-41CB-AF2F-93CAECB5F5AB} - System32\Tasks\SuperEasyDriverUpdater_UPDATES => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
    Task: {BBC4B716-E466-4DB6-9B18-3A904A0284CB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3848370409-3741171536-3620649475-1000Core => C:\Users\Long Ho\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-14] (Facebook Inc.)
    Task: {F1AABDEA-9DF3-4294-B07C-0793A543C811} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-30] ()

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{F07DCCF5-B02F-4EDC-80FA-F11AD546EAF7}.exe <==== ATTENTION
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{6CE67B08-E43D-4A56-BE9B-65B9695A1046}.exe <==== ATTENTION
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3848370409-3741171536-3620649475-1000Core.job => C:\Users\Long Ho\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3848370409-3741171536-3620649475-1000UA.job => C:\Users\Long Ho\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
    Task: C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2014-05-16 15:34 - 2014-05-16 15:34 - 00430344 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    2014-06-29 06:41 - 2014-06-29 06:46 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
    2010-03-05 09:21 - 2010-03-05 09:21 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
    2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2009-10-15 03:10 - 2009-10-15 03:10 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    2012-11-04 23:52 - 2014-06-29 06:46 - 02571288 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
    2010-03-05 10:07 - 2010-03-05 10:07 - 00340240 _____ () C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    2014-05-16 17:11 - 2014-05-16 17:11 - 00908584 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
    2014-05-16 17:37 - 2014-05-16 17:37 - 00506664 _____ () C:\Program Files (x86)\Hotspot Shield\bin\HssRep.dll
    2014-06-29 06:41 - 2014-06-29 06:46 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll
    2013-05-15 18:48 - 2013-05-15 18:48 - 02010624 _____ () C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
    2013-05-15 18:48 - 2013-05-15 18:48 - 01241088 _____ () C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
    2013-05-15 18:48 - 2013-05-15 18:48 - 00201216 _____ () C:\Program Files (x86)\ManyCam\Bin\opencv_video220.dll
    2013-05-15 18:48 - 2013-05-15 18:48 - 00241152 _____ () C:\Program Files (x86)\ManyCam\Bin\opencv_objdetect220.dll
    2013-05-15 18:48 - 2013-05-15 18:48 - 00775680 _____ () C:\Program Files (x86)\ManyCam\Bin\opencv_highgui220.dll
    2016-04-06 18:32 - 2016-04-06 18:32 - 00075776 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA4D6.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00056320 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA507.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00055296 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA5C4.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00068608 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA5E5.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00075776 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA664.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00075776 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA685.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00075776 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA6B6.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00056832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA6C7.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00075776 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA6E9.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00075776 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA729.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00075776 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA74A.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00056320 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA76B.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00075776 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA7BB.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00075776 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA7DD.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00053760 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA7FE.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00064000 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA81F.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00053760 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA831.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00057344 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA852.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00072192 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA8B1.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00033792 _____ () C:\Users\Long Ho\AppData\Local\Temp\YTMP7MC8AA\TAAA8E2.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00072704 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMA8E4.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00033792 _____ () C:\Users\Long Ho\AppData\Local\Temp\YTMP7MC8AA\TAAA9EF.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00072192 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMAA5F.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00033792 _____ () C:\Users\Long Ho\AppData\Local\Temp\YTMP7MC8AA\TAAAA8F.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00072192 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMAAB1.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00033792 _____ () C:\Users\Long Ho\AppData\Local\Temp\YTMP7MC8AA\TAAAAF1.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMABCD.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMAC1E.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMACAD.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMAD4B.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMAEE2.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMAF42.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMAFD0.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMB020.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMB070.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMB0B1.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMB120.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMB18F.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMB1EF.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMB23F.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMB2CD.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMB33C.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMB3EA.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMB459.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMB4B9.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00120832 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMB4F9.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00086016 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMB5C8.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00086016 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMB5DA.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00086016 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMB5FB.tmp
    2016-04-06 18:32 - 2016-04-06 18:32 - 00086016 _____ () C:\Users\Long Ho\AppData\Local\Temp\XTMP1MC3VE\DEMB60C.tmp
    2013-04-11 08:48 - 2013-04-11 08:48 - 00051272 _____ () C:\Program Files (x86)\Paltalk Messenger\ctrlkey.dll
    2013-04-11 08:48 - 2013-04-11 08:48 - 01739848 _____ () C:\Program Files (x86)\Paltalk Messenger\Images.dll
    2012-11-18 09:36 - 2012-05-25 05:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    2014-06-29 07:24 - 2014-06-05 06:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
    2014-06-29 07:24 - 2014-06-05 06:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
    2014-02-21 23:47 - 2014-02-21 23:47 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2b6cfcda2d134768a7313df94cfcc1ee\IsdiInterop.ni.dll
    2012-11-03 21:30 - 2010-06-08 10:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2014-06-29 07:24 - 2014-06-05 06:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
    2014-07-13 20:24 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
    2014-06-29 07:24 - 2014-06-05 06:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
    2014-06-29 07:25 - 2014-06-05 06:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 02850304 _____ () C:\Program Files\AVAST Software\Avast\defs\16040601\algo.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00478144 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
    2016-04-06 18:36 - 2016-04-06 18:36 - 02853376 _____ () C:\Program Files\AVAST Software\Avast\defs\16040603\algo.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\...\dell.com -> dell.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Long Ho\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [TCP Query User{ABB09998-8381-4032-8577-CF08CAA06E62}C:\users\long ho\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\long ho\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{F8EB51E5-28E2-4DDC-965F-A36D1649B731}C:\users\long ho\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\long ho\appdata\local\akamai\netsession_win.exe
    FirewallRules: [{E474CBF4-FB2D-4768-ADFA-983A7D47217E}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
    FirewallRules: [TCP Query User{6FEDC9A7-85A8-4694-9D3E-7CB0B33FDC7A}C:\users\long ho\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\long ho\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{51EB3F11-09FE-4832-A5C8-3F7D41BCD587}C:\users\long ho\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\long ho\appdata\local\akamai\netsession_win.exe
    FirewallRules: [{6C311786-0A63-4AF2-998F-05E5F7B98D0F}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
    FirewallRules: [{F013E469-53AF-4594-8B12-D0876F9C810D}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
    FirewallRules: [{0BA549B3-6DA2-4ADB-BCAF-A2ADEFF05EA7}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{B69ECF9F-EE4F-4F48-A44A-6AE981B70F37}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [TCP Query User{29968F16-08EF-4204-B8F9-0E27258DEEC5}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
    FirewallRules: [UDP Query User{610C2732-9051-4B7F-87AE-AE6EC0ED7930}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe
    FirewallRules: [{352289A8-AFB0-4F6E-A23D-FDB53F63FBB3}] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
    FirewallRules: [{17238B52-9795-444F-BEB9-EEF6A8F49F27}] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
    FirewallRules: [{931DF3F5-C52B-4D90-9DC5-905F481D48C7}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    FirewallRules: [{1DE70C25-8A6C-493D-91A9-F963AEFCF287}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    FirewallRules: [{3BB7F7E6-2693-48D1-AAD3-D7548E93B7DC}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
    FirewallRules: [{BB0AE5A7-29E8-4831-8091-AF6D7E43DB09}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
    FirewallRules: [{0863BC18-C490-444D-89B3-F24DFDC89202}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    FirewallRules: [{A78577F1-DE30-4DCE-902F-38B825731000}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    FirewallRules: [{E15FF026-F941-4C5D-B3E9-38AD8750431F}] => (Allow) C:\Users\Long Ho\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
    FirewallRules: [{4CCFE2C7-D6DA-4BE4-B510-008A34F6CC31}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{D726673E-90A8-47B7-A295-BA92AE0C3354}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    22-02-2014 00:50:06 Windows Update
    23-02-2014 18:57:33 Windows Update
    29-06-2014 06:43:45 Windows Update
    29-06-2014 07:20:42 Windows Update
    29-06-2014 22:32:13 Device Driver Package Install: Anchorfree HSS VPN Adapter Network adapters
    02-07-2014 17:49:34 Windows Update
    13-07-2014 20:54:06 Windows Update
    06-04-2016 18:31:52 Removed AVG 2013
    06-04-2016 18:38:41 Removed AVG 2013

    ==================== Faulty Device Manager Devices =============

    Name: WiMAX Network Adapter
    Description: WiMAX Network Adapter
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/06/2016 06:31:53 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3848370409-3741171536-3620649475-1001.bak). hr = 0x80070539, The security ID structure is invalid.
    .


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {9c98f010-2c8e-40f1-a68f-c9cda052ab85}

    Error: (04/06/2016 06:38:43 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3848370409-3741171536-3620649475-1001.bak). hr = 0x80070539, The security ID structure is invalid.
    .


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {bcb86e10-a01f-480f-b515-5fcdc78680dd}

    Error: (04/06/2016 06:31:06 PM) (Source: Google Update) (EventID: 20) (User: LongHo-PC)
    Description: Network Request Error.
    Error: 0x80072ee7. Http status code: 0.
    Url=https://www.facebook.com/omaha/update.php
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=IE, wpad=1, script=.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying WinHTTP.
    Send request returned 0x80072ee7. Http status code 0.
    trying CUP:iexplore.
    Send request returned 0x80004005. Http status code 0.
    Trying config: source=, direct connection.
    trying CUP:WinHTTP.
    Send request returned 0x80072ee7. Http s

    Error: (04/06/2016 06:31:03 PM) (Source: SendoriService) (EventID: 99) (User: )
    Description: In the enable methodObject reference not set to an instance of an object.

    Error: (07/15/2014 12:41:27 PM) (Source: SendoriService) (EventID: 99) (User: )
    Description: In the enable methodObject reference not set to an instance of an object.

    Error: (07/13/2014 08:54:06 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3848370409-3741171536-3620649475-1001.bak). hr = 0x80070539, The security ID structure is invalid.
    .


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {9f509622-cab4-4c91-a188-62af98476e4f}

    Error: (07/13/2014 08:13:25 PM) (Source: SendoriService) (EventID: 99) (User: )
    Description: In the enable methodObject reference not set to an instance of an object.

    Error: (07/04/2014 03:50:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: paltalk.exe, version: 10.3118.5536.1049, time stamp: 0x5166da97
    Faulting module name: paltalk.exe, version: 10.3118.5536.1049, time stamp: 0x5166da97
    Exception code: 0xc0000417
    Fault offset: 0x00466417
    Faulting process id: 0x1138
    Faulting application start time: 0xpaltalk.exe0
    Faulting application path: paltalk.exe1
    Faulting module path: paltalk.exe2
    Report Id: paltalk.exe3

    Error: (07/02/2014 05:49:34 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3848370409-3741171536-3620649475-1001.bak). hr = 0x80070539, The security ID structure is invalid.
    .


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {8c6dc3b2-64aa-486b-b3df-98d58b346c87}

    Error: (06/29/2014 10:32:15 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3848370409-3741171536-3620649475-1001.bak). hr = 0x80070539, The security ID structure is invalid.
    .


    Operation:
    OnIdentify event
    Gathering Writer Data

    Context:
    Execution Context: Shadow Copy Optimization Writer
    Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
    Writer Name: Shadow Copy Optimization Writer
    Writer Instance ID: {81947953-5688-4951-afb1-2f7fe2b6aed0}


    System errors:
    =============
    Error: (04/06/2016 06:30:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.

    Error: (04/06/2016 06:30:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.

    Error: (04/06/2016 06:30:41 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Service Sendori service hung on starting.

    Error: (04/06/2016 06:29:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    %%5

    Error: (07/15/2014 01:35:09 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    %%5

    Error: (07/15/2014 12:40:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Service Sendori service hung on starting.

    Error: (07/15/2014 12:39:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Workstation service terminated with the following error:
    %%14

    Error: (07/15/2014 12:13:10 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    %%5

    Error: (07/14/2014 11:05:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (07/14/2014 07:02:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Service Sendori service hung on starting.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz
    Percentage of memory in use: 55%
    Total physical RAM: 3894.68 MB
    Available physical RAM: 1719.67 MB
    Total Virtual: 7787.54 MB
    Available Virtual: 4725.07 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:401.19 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B2F7EE26)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================

    [​IMG] Uninstall following unwanted programs:

    Ask Shopping Toolbar
    Ask Toolbar
    Sendori


    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  4. BlazinGhost

    BlazinGhost TS Rookie Topic Starter Posts: 90

    I can notice the speed of the computer getting faster and faster! :)

    I appreciate the help so far!

    RogueKiller V12.1.1.0 [Apr 4 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Long Ho [Administrator]
    Started from : C:\Users\Long Ho\Downloads\RogueKiller.exe
    Mode : Delete -- Date : 04/08/2016 17:34:20

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 35 ¤¤¤
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\AskPartnerNetwork -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\AskPartnerNetwork -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\AVG Secure Search -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\AVG Security Toolbar -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\PIP -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\SuperEasy Software -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} (C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll) -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {CCC7A320-B3CA-4199-B1A6-9F516DD69829} : AVG Security Toolbar -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {95B7759C-8C7F-4BF1-B163-73684A933233} : -> Deleted
    [PUP] (X64) HKEY_USERS\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {CCC7A320-B3CA-4199-B1A6-9F516DD69829} : -> Deleted
    [PUP] (X64) HKEY_USERS\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Deleted
    [PUP] (X86) HKEY_USERS\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {CCC7A320-B3CA-4199-B1A6-9F516DD69829} : -> ERROR [2]
    [PUP] (X86) HKEY_USERS\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> ERROR [2]
    [PUP] (X64) HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} : -> Deleted
    [PUP] (X86) HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} : -> ERROR [2]
    [PUP] (X64) HKEY_USERS\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} : -> Deleted
    [PUP] (X86) HKEY_USERS\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} : -> ERROR [2]
    [PUP] (X64) HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} : -> ERROR [2]
    [PUP] (X86) HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} : -> ERROR [2]
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Application Sendori (C:\Program Files (x86)\Sendori\SendoriSvc.exe) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Service Sendori (C:\Program Files (x86)\Sendori\Sendori.Service.exe) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sndappv2 (C:\Program Files (x86)\Sendori\sndappv2.exe) -> Deleted
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3848370409-3741171536-3620649475-1001.bak\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3848370409-3741171536-3620649475-1001.bak\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3848370409-3741171536-3620649475-1001.bak\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555 -> Deleted
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3848370409-3741171536-3620649475-1001.bak\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8555 -> ERROR [2]
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3848370409-3741171536-3620649475-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.search.ask.com/?l=dis&o=...^YY^US&tpid=PLTV5-SAT&apn_dbr=cr_26.0.1410.64 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3848370409-3741171536-3620649475-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.search.ask.com/?l=dis&o=...^YY^US&tpid=PLTV5-SAT&apn_dbr=cr_26.0.1410.64 -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{55543BD6-3C3B-42FE-A810-086B7605A19C} | NameServer : 0.0.0.0 ([X]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{55543BD6-3C3B-42FE-A810-086B7605A19C} | NameServer : 0.0.0.0 ([X]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{55543BD6-3C3B-42FE-A810-086B7605A19C} | NameServer : 0.0.0.0 ([X]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8126925C-8FAA-45A2-888C-1B173FCA7257} | DhcpNameServer : 66.60.130.158 ([X]) -> Replaced ()

    ¤¤¤ Tasks : 4 ¤¤¤
    [Suspicious.Path] %WINDIR%\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job -- C:\Windows\TEMP\{F07DCCF5-B02F-4EDC-80FA-F11AD546EAF7}.exe (--uninstall=1) -> Deleted
    [Suspicious.Path] %WINDIR%\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job -- C:\Windows\TEMP\{6CE67B08-E43D-4A56-BE9B-65B9695A1046}.exe (--uninstall=1) -> Deleted
    [Suspicious.Path] \AVG-Secure-Search-Update_JUNE2013_HP_rmv -- C:\Windows\TEMP\{F07DCCF5-B02F-4EDC-80FA-F11AD546EAF7}.exe (--uninstall=1) -> Deleted
    [Suspicious.Path] \AVG-Secure-Search-Update_JUNE2013_TB_rmv -- C:\Windows\TEMP\{6CE67B08-E43D-4A56-BE9B-65B9695A1046}.exe (--uninstall=1) -> ERROR [0]

    ¤¤¤ Files : 2 ¤¤¤
    [PUP][Folder] C:\Users\Long Ho\AppData\Roaming\OpenCandy -> Deleted
    [PUP][File] C:\Users\Long Ho\AppData\Roaming\OpenCandy\9BA9C01919CE488DADCFED3D004D6423\4193.ico -> Deleted
    [PUP][File] C:\Users\Long Ho\AppData\Roaming\OpenCandy\9BA9C01919CE488DADCFED3D004D6423\EBB77268-338F-4C6A-8590-AD88FED26F4A -> Deleted
    [PUP][File] C:\Users\Long Ho\AppData\Roaming\OpenCandy\9BA9C01919CE488DADCFED3D004D6423\OCBrowserHelper_1.0.3.85.dll -> Deleted
    [PUP][File] C:\Users\Long Ho\AppData\Roaming\OpenCandy\9BA9C01919CE488DADCFED3D004D6423\ZenDealsApp.crx -> Deleted
    [PUP][Folder] C:\Users\Long Ho\AppData\Roaming\OpenCandy\9BA9C01919CE488DADCFED3D004D6423 -> Deleted
    [PUP][File] C:\Users\Long Ho\AppData\Roaming\OpenCandy\ABAA95B21BFB46CCA3AF77288726A3AA\SendoriSetupx10403.exe -> Deleted
    [PUP][Folder] C:\Users\Long Ho\AppData\Roaming\OpenCandy\ABAA95B21BFB46CCA3AF77288726A3AA -> Deleted
    [PUP][Folder] C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} -> Deleted
    [PUP][File] C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi -> Deleted

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 2 ¤¤¤
    [PUP][CHROME:Addon] Default : FLV Runner [ahilkiibpgjnonbhdfkkgjddddmapala] -> Deleted
    [PUP][CHROME:Addon] Default : AVG Security Toolbar [ndibdjnfmopecpmkdieinmbadjfpblof] -> ERROR [2]

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
    --- User ---
    [MBR] 5bd4350050220e7d81851707f5ebb04e
    [BSP] 41d24ad988734da7d4bc00322d14762c : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 4/8/2016
    Scan Time: 5:45 PM
    Logfile:
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.04.08.06
    Rootkit Database: v2016.04.03.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Long Ho

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 399402
    Time Elapsed: 33 min, 23 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 4
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe, 7324, Delete-on-Reboot, [b5b1911b8d0c91a5bb4def48956ee020]
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe, 6720, Delete-on-Reboot, [3e286448a1f8d5613fca5bdc12f1bc44]
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe, 1804, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12]
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe, 5332, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12]

    Modules: 9
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12],

    Registry Keys: 44
    PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\AAAAMLNBCJJKCGABJGBHDKJNCIANPAAH, Quarantined, [d195d4d85d3c42f455bb94b9788cb44c],
    PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\AAAAMPCHJHLGEEKENMFAGHMBMOKENDCK, Quarantined, [e48227855e3b0630858b36179470b749],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OpenCandyHelperRunOnce, Delete-on-Reboot, [93d319933b5e30064d53d759a85c0ef2],
    PUP.Optional.ZenDeals, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\iofmibpjgjjfhliohjkfgndkjliadbje, Quarantined, [8adc5e4e376248ee76ebf851877d1be5],
    PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\AAAAMLNBCJJKCGABJGBHDKJNCIANPAAH, Quarantined, [4b1b1e8ec5d4e551bb55c38abc487b85],
    PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\AAAAMPCHJHLGEEKENMFAGHMBMOKENDCK, Quarantined, [491d119b00991d19e62a59f4d133b24e],
    PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\AHILKIIBPGJNONBHDFKKGJDDDDMAPALA, Quarantined, [c5a1802cdabfd264f35f999e07fc728e],
    PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4D594333-0076-A76A-76A7-A758B70C2300}, Quarantined, [570f1e8eb4e57bbb7b942d20c73d01ff],
    PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{504C5456-352D-5341-5400-A758B70C1D00}, Quarantined, [66002b810b8ebf7715fabc91f90b827e],
    PUP.Optional.APNToolBar.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\APNMCP, Quarantined, [3e286448a1f8d5613fca5bdc12f1bc44],
    PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, Quarantined, [4e1886267e1be5518680a29516ed718f],
    PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\AskPartnerNetwork, Quarantined, [1f47b9f30099b680dc2a0532b2519b65],
    PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\AHILKIIBPGJNONBHDFKKGJDDDDMAPALA, Quarantined, [3c2a9913e5b43afccb880b2c32d121df],
    PUP.Optional.ASK, HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{534988A9-2273-4A7C-B76C-72B93AF5D559}, Quarantined, [76f00ca06f2af83e34ea603708fc1ae6],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\TYPELIB\{9945959C-AAD8-4312-8B57-2DE11927E770}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BD125908-5F10-409F-9C01-F2207CA18887}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD125908-5F10-409F-9C01-F2207CA18887}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{9945959C-AAD8-4312-8B57-2DE11927E770}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{9945959C-AAD8-4312-8B57-2DE11927E770}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\TYPELIB\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{80703783-E415-4EE3-AB60-D36981C5A6F1}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{80703783-E415-4EE3-AB60-D36981C5A6F1}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4D594333-0076-A76A-76A7-7A786E7484D7}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4D594333-0076-A76A-76A7-7A786E7484D7}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4D594333-0076-A76A-76A7-7A786E7484D7}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\CLSID\{4D594333-0076-A76A-76A7-7A786E7484D7}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\CLSID\{4D594333-0076-A76A-76A7-7A786E7484D7}\INPROCSERVER32, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4D594333-0076-A76A-76A7-7A786E7484D7}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D594333-0076-A76A-76A7-7A786E7484D7}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4D594333-0076-A76A-76A7-7A786E7484D7}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{504C5456-352D-5341-5400-7A786E7484D7}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{504C5456-352D-5341-5400-7A786E7484D7}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{504C5456-352D-5341-5400-7A786E7484D7}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\CLSID\{504C5456-352D-5341-5400-7A786E7484D7}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\CLSID\{504C5456-352D-5341-5400-7A786E7484D7}\INPROCSERVER32, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{504C5456-352D-5341-5400-7A786E7484D7}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{504C5456-352D-5341-5400-7A786E7484D7}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{504C5456-352D-5341-5400-7A786E7484D7}, Quarantined, [e4825458039693a3ba7e4db148bafb05],

    Registry Values: 14
    PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaamlnbcjjkcgabjgbhdkjncianpaah|path, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\CRX\ToolbarCR.crx, Quarantined, [d195d4d85d3c42f455bb94b9788cb44c]
    PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\aaaampchjhlgeekenmfaghmbmokendck|path, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\CRX\ToolbarCR.crx, Quarantined, [e48227855e3b0630858b36179470b749]
    PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaamlnbcjjkcgabjgbhdkjncianpaah|path, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\CRX\ToolbarCR.crx, Quarantined, [4b1b1e8ec5d4e551bb55c38abc487b85]
    PUP.Optional.ASKPartnerNetwork, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaampchjhlgeekenmfaghmbmokendck|path, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\CRX\ToolbarCR.crx, Quarantined, [491d119b00991d19e62a59f4d133b24e]
    PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ahilkiibpgjnonbhdfkkgjddddmapala|path, C:\Users\Long Ho\AppData\Local\CRE\ahilkiibpgjnonbhdfkkgjddddmapala.crx, Quarantined, [c5a1802cdabfd264f35f999e07fc728e]
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ApnTBMon, "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe", Quarantined, [b5b1911b8d0c91a5bb4def48956ee020]
    PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4D594333-0076-A76A-76A7-A758B70C2300}|InstallSource, C:\ProgramData\APN\APN-Stub\MYC3\, Quarantined, [570f1e8eb4e57bbb7b942d20c73d01ff]
    PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{504C5456-352D-5341-5400-A758B70C1D00}|InstallSource, C:\ProgramData\APN\APN-Stub\PLTV5-SAT\, Quarantined, [66002b810b8ebf7715fabc91f90b827e]
    PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ahilkiibpgjnonbhdfkkgjddddmapala|path, C:\Users\Long Ho\AppData\Local\CRE\ahilkiibpgjnonbhdfkkgjddddmapala.crx, Quarantined, [3c2a9913e5b43afccb880b2c32d121df]
    PUP.Optional.ASK, HKU\S-1-5-21-3848370409-3741171536-3620649475-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{534988A9-2273-4A7C-B76C-72B93AF5D559}|URL, http://websearch.ask.com/redirect?c...pn_sauid=0AB8FC1A-9617-4B68-B273-65D4A10AB19A, Quarantined, [76f00ca06f2af83e34ea603708fc1ae6]
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{4D594333-0076-A76A-76A7-7A786E7484D7}, 0, Quarantined, [e4825458039693a3ba7e4db148bafb05]
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{4D594333-0076-A76A-76A7-7A786E7484D7}, 0, Quarantined, [e4825458039693a3ba7e4db148bafb05]
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{504C5456-352D-5341-5400-7A786E7484D7}, 0, Quarantined, [e4825458039693a3ba7e4db148bafb05]
    PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{504C5456-352D-5341-5400-7A786E7484D7}, 0, Quarantined, [e4825458039693a3ba7e4db148bafb05]

    Registry Data: 0
    (No malicious items detected)

    Folders: 86
    PUP.Optional.ConduitTB.Gen, C:\Users\Long Ho\AppData\Local\CRE, Quarantined, [9dc9e9c36b2e76c0ee6385b2a261847c],
    PUP.Optional.ConduitTB.Gen, C:\Users\Long Ho\AppData\Local\Temp\CT3201318, Quarantined, [b4b27d2f6c2d3204084df443a360dd23],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [adb9fab299007abc8ea7a757738fa858],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\CRX, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\CRX\119.12, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\Updater, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\Updater\30.3.2.0, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\Updater\30.3.2.0\2, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\Updater\Config, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\Updater\Response, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\CRX, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\CRX\109.8, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\Updater, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\Updater\30.3.2.0, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\Updater\30.3.2.0\2, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\Updater\Config, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\Updater\Response, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork, Delete-on-Reboot, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\ChromeUtils, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar, Delete-on-Reboot, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\CRX, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\appdata, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\appdata\Mozilla, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\appdata\Mozilla\Firefox, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\appdata\Mozilla\Firefox\Profiles, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\common appdata, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\common appdata\AskPartnerNetwork, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\common appdata\AskPartnerNetwork\Toolbar, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\ChromeUtils, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\Updater, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\VNT, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\CRX, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\appdata, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\appdata\Mozilla, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\appdata\Mozilla\Firefox, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\appdata\Mozilla\Firefox\Profiles, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\common appdata, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\common appdata\AskPartnerNetwork, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\common appdata\AskPartnerNetwork\Toolbar, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\ChromeUtils, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\Updater, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\VNT, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater, Delete-on-Reboot, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\MYC3, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\PLTV5-SAT, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\MYC3, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository, Quarantined, [32341b91574263d3deb99593e71c46ba],

    Files: 266
    PUP.Optional.APNToolBar, C:\Users\Long Ho\Documents\pal_install_noask_r109702.exe, Quarantined, [3135c4e8b7e2ca6c5ad999b0e21f38c8],
    PUP.Optional.APNToolBar, C:\Users\Long Ho\Downloads\ManyCamSetup (1).exe, Quarantined, [b0b64e5e1e7b3ef87bb883c619e808f8],
    PUP.Optional.APNToolBar, C:\Users\Long Ho\Downloads\ManyCamSetup (2).exe, Quarantined, [88de971593060036dc57b099d031fb05],
    PUP.Optional.APNToolBar, C:\Users\Long Ho\Downloads\ManyCamSetup (3).exe, Quarantined, [1b4bbeeefb9e96a0ef443e0bc63b748c],
    PUP.Optional.APNToolBar, C:\Users\Long Ho\Downloads\ManyCamSetup (4).exe, Quarantined, [481e8b2199001a1ccf64e861867bd42c],
    PUP.Optional.APNToolBar, C:\Users\Long Ho\Downloads\ManyCamSetup (5).exe, Quarantined, [f472d1db326785b1a68d55f49d64ee12],
    PUP.Optional.APNToolBar, C:\Users\Long Ho\Downloads\ManyCamSetup.exe, Quarantined, [aeb8822aefaa4ee834ff9faa27daa55b],
    PUP.Optional.APNToolBar, C:\Users\Long Ho\Downloads\pal_install_u35203834_a729_r109812_p128.exe, Quarantined, [34320ca0d6c36dc960d32a1f9d64f40c],
    PUP.Optional.Conduit, C:\Users\Long Ho\Downloads\FLV_Runner.exe, Quarantined, [6cfa6646b3e6e74f1a2c8a8cea184ab6],
    PUP.Optional.Conduit, C:\Users\Long Ho\Downloads\FLV_Runner_B.exe, Quarantined, [31354963fc9dd95d361062b4fb0703fd],
    PUP.Optional.ConduitTB.Gen, C:\Users\Long Ho\AppData\Local\CRE\ahilkiibpgjnonbhdfkkgjddddmapala.crx, Quarantined, [9dc9e9c36b2e76c0ee6385b2a261847c],
    PUP.Optional.ConduitTB.Gen, C:\Users\Long Ho\AppData\Local\Temp\CT3201318\manifest.json, Quarantined, [b4b27d2f6c2d3204084df443a360dd23],
    PUP.Optional.ConduitTB.Gen, C:\Users\Long Ho\AppData\Local\Temp\CT3201318\CT3201318.txt, Quarantined, [b4b27d2f6c2d3204084df443a360dd23],
    PUP.Optional.ConduitTB.Gen, C:\Users\Long Ho\AppData\Local\Temp\CT3201318\initData.json, Quarantined, [b4b27d2f6c2d3204084df443a360dd23],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage, Quarantined, [bcaa46660e8bcf67079dfd150ff5ce32],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal, Quarantined, [283e1597e0b9dd592d77987ab74d05fb],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ahilkiibpgjnonbhdfkkgjddddmapala_0.localstorage, Quarantined, [5610b1fbb7e2ea4c8b2148ca44c0cc34],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ahilkiibpgjnonbhdfkkgjddddmapala_0.localstorage-journal, Quarantined, [c79fcede4158c3733c70e52d9a6a14ec],
    PUP.Optional.Winsock.WnskRST, C:\Windows\SysWOW64\Sendori.dll, Delete-on-Reboot, [d98da309d1c8d26431eae9869c689c64],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage, Quarantined, [16508b217524aa8c0bcee5a292727c84],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_apps.conduit.com_0.localstorage-journal, Quarantined, [79ed9319b2e7b2841fba394eb64e01ff],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lab.search.conduit.com_0.localstorage, Quarantined, [5f07c2eae1b8c0761dbcd9ae26de39c7],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lab.search.conduit.com_0.localstorage-journal, Quarantined, [77ef75376d2cc0768653c1c645bf0df3],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage, Quarantined, [bda9c2ea4f4a54e221b8b1d6e4207789],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal, Quarantined, [4620733980196fc7cd0cb3d40103e61a],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_flvrunner.ourtoolbar.com_0.localstorage, Quarantined, [372f33796e2b5cda393e4a4764a08878],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_flvrunner.ourtoolbar.com_0.localstorage-journal, Quarantined, [0660e1cbdebb0333bbbcc1d00400659b],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe, Delete-on-Reboot, [b5b1911b8d0c91a5bb4def48956ee020],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe, Delete-on-Reboot, [3e286448a1f8d5613fca5bdc12f1bc44],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\CRX\ToolbarCR.crx, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\CRX\119.12\Toolbar.crx, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\Updater\30.3.2.0\2\config.xml, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\Updater\Config\Config.30.5.0.0-3.xml, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\Updater\Config\Config.31.2.0.0-3.xml, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\Updater\Config\Config.31.26.0.0-15.xml, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\Updater\Config\Config.31.6.2.0-4.xml, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\Updater\Config\Config.31.9.0.0-3.xml, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\Updater\Response\Response.31.26.0.0-0.xml, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\MYC3\Updater\Response\Response.31.26.0.0-1.xml, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\CRX\ToolbarCR.crx, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\CRX\109.8\Toolbar.crx, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\Updater\30.3.2.0\2\config.xml, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\Updater\Config\Config.30.5.0.0-0.xml, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\Updater\Config\Config.31.2.0.0-0.xml, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\Updater\Config\Config.31.26.0.0-11.xml, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\Updater\Config\Config.31.6.2.0-4.xml, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\Updater\Config\Config.31.9.0.0-3.xml, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\Updater\Response\Response.31.26.0.0-0.xml, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\AskPartnerNetwork\Toolbar\PLTV5-SAT\Updater\Response\Response.31.26.0.0-1.xml, Quarantined, [83e3129a5c3dd75fd2649d612fd350b0],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll, Quarantined, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll, Delete-on-Reboot, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Users\Long Ho\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll, Quarantined, [5c0a7a32b9e075c10532708e23dfee12],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_aaaamlnbcjjkcgabjgbhdkjncianpaah.json, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_aaaampchjhlgeekenmfaghmbmokendck.json, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
     
  5. BlazinGhost

    BlazinGhost TS Rookie Topic Starter Posts: 90

    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\SO.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar_x64.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Passport_x64.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\1031.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\1033.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\1034.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\1036.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\1040.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\1041.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\1043.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\1045.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\1049.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\2070.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\AskToolbarInstaller-12.10.2_MYC3.msi, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\AskToolbarInstaller-12.15.0_MYC3.msi, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\AskToolbarInstaller-12.3.0_MYC3.msi, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\AskToolbarInstaller-12.35.0_MYC3.msi, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_MYC3@apn.ask.com.xpi, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\ToolbarCR.crx, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_aaaamlnbcjjkcgabjgbhdkjncianpaah.json, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\SO.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\Updater\tbnhlpr.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\Updater\tbnhlpr_x64.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\VNT\content.zip, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\VNT\vntldr.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\MYC3\Source\program files\VNT\vntsrv.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Passport.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Passport_x64.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\1031.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\1033.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\1034.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\1036.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\1040.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\1041.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\1043.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\1045.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\1049.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\2070.mst, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\AskToolbarInstaller-12.10.2_PLTV5-SAT.msi, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\AskToolbarInstaller-12.10.6_PLTV5-SAT.msi, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\AskToolbarInstaller-12.15.0_PLTV5-SAT.msi, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\AskToolbarInstaller-12.29.0_PLTV5-SAT.msi, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\AskToolbarInstaller-12.3.0_PLTV5-SAT.msi, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_PLTV5-SAT@apn.ask.com.xpi, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\ToolbarCR.crx, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_aaaampchjhlgeekenmfaghmbmokendck.json, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\SO.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\VNT\content.zip, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\VNT\vntldr.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\PLTV5-SAT\Source\program files\VNT\vntsrv.dll, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\ask-search.xml, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\tbnhlpr_x64.exe, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\MYC3\config.xml, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.APNToolBar.Gen, C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\PLTV5-SAT\config.xml, Quarantined, [e4825458039693a3ba7e4db148bafb05],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\MYC3\Msi16e2f068-e20c-4865-95fc-2289de045efe.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\MYC3\Msi2c662edc-dad6-4f04-9827-6f1d820ae73f.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\MYC3\Msi785c47e2-2c7a-4f3a-b49c-85d4efbb68dc.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\MYC3\Msi80c8b02e-9a35-49b0-ad32-8f68725742b6.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\MYC3\Msiadff6bdb-78eb-434b-a009-d6279bd06fec.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\MYC3\Msid4e49a08-9b84-4593-9585-700539159865.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\MYC3\Stb16e2f068-e20c-4865-95fc-2289de045efe.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\MYC3\Stb2c662edc-dad6-4f04-9827-6f1d820ae73f.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\MYC3\Stb785c47e2-2c7a-4f3a-b49c-85d4efbb68dc.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\MYC3\Stb80c8b02e-9a35-49b0-ad32-8f68725742b6.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\MYC3\Stbadff6bdb-78eb-434b-a009-d6279bd06fec.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\MYC3\Stbd4e49a08-9b84-4593-9585-700539159865.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Stb3638d16e-5cda-44f2-88a1-6540f915c342.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Msi17bf7e10-1abd-4a4d-ac43-f9a492531e5e.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Msi5d9320e8-9c66-45b1-87b9-f6856c1f756f.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Msi74b4637c-af96-4280-ac6b-be1e0f08a001.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Msi94ce076b-675c-4ebc-aad7-7b7eab47f93b.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Msi95e183bd-d3f8-42db-ba17-9a0f2cb31f59.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Msi99ce009b-c90b-4c66-90a5-32f93665ee1d.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Msiec1db2b3-6df7-4bb1-b7dc-3cf1a67c4b57.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Stb05b76126-933a-450f-8789-f93d482ca778.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Stb17bf7e10-1abd-4a4d-ac43-f9a492531e5e.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Stb5d9320e8-9c66-45b1-87b9-f6856c1f756f.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Stb74b4637c-af96-4280-ac6b-be1e0f08a001.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Stb94ce076b-675c-4ebc-aad7-7b7eab47f93b.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Stb95e183bd-d3f8-42db-ba17-9a0f2cb31f59.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Stb99ce009b-c90b-4c66-90a5-32f93665ee1d.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Stbadeeee24-68db-4871-b267-709b01097935.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Stbec1db2b3-6df7-4bb1-b7dc-3cf1a67c4b57.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\PLTV5-SAT\Stbfdcf39da-3731-47f0-83eb-e253c2c0aedb.log, Quarantined, [a1c533791b7e74c28adfef3514ef669a],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318.1000034.Settings.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318.1000082.currentList.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318.1000082.localStations.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318.1000082.nowPlaying.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318.1000082.publisherStations.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_RAW.serviceLayer_services_translation.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.40.128.serviceLayer_services_toolbarSettings.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.40.128.serviceLayer_services_translation.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.40.128.serviceLayer_services_userApps.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_RAW.serviceLayer_services_appsMetadata.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_RAW.serviceLayer_services_appTrackingFirstTime.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_RAW.serviceLayer_services_gottenAppsContextMenu.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_RAW.serviceLayer_services_login.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_RAW.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_RAW.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_RAW.serviceLayer_services_otherAppsContextMenu.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_RAW.serviceLayer_services_searchAPI.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_RAW.serviceLayer_services_serviceMap.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_RAW.serviceLayer_services_toolbarContextMenu.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318.129768733323172459.search.history.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.250.13.serviceLayer_services_appTrackingFirstTime.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.250.13.serviceLayer_services_translation.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.40.128.serviceLayer_services_appsMetadata.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.40.128.serviceLayer_services_toolbarContextMenu.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_RAW.serviceLayer_services_toolbarSettings.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.40.128.serviceLayer_services_appTrackingFirstTime.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.40.128.serviceLayer_services_gottenAppsContextMenu.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.40.128.serviceLayer_services_login.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.40.128.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.40.128.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.40.128.serviceLayer_services_otherAppsContextMenu.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.40.128.serviceLayer_services_searchAPI.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.40.128.serviceLayer_services_serviceMap.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\serviceLayer_userApps_added.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\serviceLayer_userApps_removed.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\toolbar_initializing_logger.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\uninstallData.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\uninstallUrl.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318.129768733323172459.search.selectedEngineId.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318.129768733323172459.search.settings.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318.appOptions.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318.NotificationSettings.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318.NOTIFICATION_ID.notifications-repository.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318.NOTIFICATION_ID.notifications-servicemap.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318.NOTIFICATION_ID.notifications-service_1620587.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318.pg_conf_global.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318.savedPositions.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318.searchProtectorData.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.250.13.serviceLayer_services_appsMetadata.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.250.13.serviceLayer_services_gottenAppsContextMenu.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.250.13.serviceLayer_services_login.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.250.13.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.250.13.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.250.13.serviceLayer_services_otherAppsContextMenu.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.250.13.serviceLayer_services_searchAPI.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.250.13.serviceLayer_services_serviceMap.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.250.13.serviceLayer_services_toolbarContextMenu.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.250.13.serviceLayer_services_toolbarSettings.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.250.13.serviceLayer_services_userApps.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.251.3.serviceLayer_services_appsMetadata.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.251.3.serviceLayer_services_appTrackingFirstTime.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.251.3.serviceLayer_services_gottenAppsContextMenu.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.251.3.serviceLayer_services_login.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.251.3.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.251.3.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.251.3.serviceLayer_services_otherAppsContextMenu.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.251.3.serviceLayer_services_searchAPI.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.251.3.serviceLayer_services_serviceMap.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.251.3.serviceLayer_services_toolbarContextMenu.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.251.3.serviceLayer_services_toolbarSettings.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.251.3.serviceLayer_services_translation.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],
    PUP.Optional.Conduit, C:\Users\Long Ho\AppData\LocalLow\Conduit\ChromeExtData\ahilkiibpgjnonbhdfkkgjddddmapala\Repository\CT3201318_10.14.251.3.serviceLayer_services_userApps.txt, Quarantined, [32341b91574263d3deb99593e71c46ba],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  6. BlazinGhost

    BlazinGhost TS Rookie Topic Starter Posts: 90

    # AdwCleaner v5.109 - Logfile created 08/04/2016 at 19:51:32
    # Updated 04/04/2016 by Xplode
    # Database : 2016-04-04.2 [Local]
    # Operating system : Windows 7 Home Premium Service Pack 1 (x64)
    # Username : Long Ho - LONGHO-PC
    # Running from : C:\Users\Long Ho\Desktop\adwcleaner_5.109.exe
    # Option : Clean
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****

    [-] Service Deleted : vToolbarUpdater19.3.0

    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    [-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    [-] Folder Deleted : C:\ProgramData\apn
    [-] Folder Deleted : C:\ProgramData\Ask
    [-] Folder Deleted : C:\ProgramData\AVG Secure Search
    [#] Folder Deleted : C:\ProgramData\Application Data\apn
    [#] Folder Deleted : C:\ProgramData\Application Data\Ask
    [#] Folder Deleted : C:\ProgramData\Application Data\AVG Secure Search
    [-] Folder Deleted : C:\Users\Long Ho\AppData\Local\apn
    [-] Folder Deleted : C:\Users\Long Ho\AppData\Local\AVG Secure Search
    [-] Folder Deleted : C:\Users\Long Ho\AppData\Local\VNT
    [-] Folder Deleted : C:\Users\Long Ho\AppData\LocalLow\AVG Secure Search
    [-] Folder Deleted : C:\Users\Long Ho\AppData\LocalLow\AVG Security Toolbar
    [-] Folder Deleted : C:\Users\Long Ho\AppData\Roaming\SuperEasy Software
    [-] Folder Deleted : C:\Users\LONGHO~1\AppData\Local\Temp\apn

    ***** [ Files ] *****

    [-] File Deleted : C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage
    [-] File Deleted : C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_foxi69.tlscdn.com_0.localstorage-journal
    [-] File Deleted : C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_dealscrawler.com_0.localstorage
    [-] File Deleted : C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_dealscrawler.com_0.localstorage-journal
    [-] File Deleted : C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage
    [-] File Deleted : C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage-journal
    [-] File Deleted : C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lp.bearshare.com_0.localstorage
    [-] File Deleted : C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lp.bearshare.com_0.localstorage-journal
    [-] File Deleted : C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
    [-] File Deleted : C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****

    [-] Task Deleted : SuperEasyDriverUpdater_UPDATES
    [-] Task Deleted : SuperEasyDriverUpdaterRunAtStartup

    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
    [-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
    [-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    [-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Key Deleted : HKCU\Software\APN PIP
    [-] Key Deleted : HKCU\Software\AVG Secure Search
    [-] Key Deleted : HKCU\Software\Conduit
    [-] Key Deleted : HKCU\Software\PIP
    [-] Key Deleted : HKCU\Software\SuperEasy Software
    [-] Key Deleted : HKCU\Software\VNT
    [-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\AVG Security Toolbar
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3848370409-3741171536-3620649475-1000\Software\AVG Secure Search
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3848370409-3741171536-3620649475-1000\Software\AVG Security Toolbar
    [-] Key Deleted : HKU\S-1-5-21-3848370409-3741171536-3620649475-1001\Software\APN PIP
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C95F22AA-1961-4356-AC01-7619219EF0F8}
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

    ***** [ Web browsers ] *****

    [-] [C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : isearch.avg.com_
    [-] [C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : isearch.avg.com
    [-] [C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.ask.com
    [-] [C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
    [-] [C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com_
    [-] [C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask search
    [-] [C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://isearch.avg.com?cid={F7E255C4-D628-4693-9842-5AC2C5B3FEFF}&mid=61ce2aa8191747d0808475f39d2ca47c-1c6cb6d579c7b10557b9717f83c3207e7f91abd2&lang=en&ds=AVG&coid=&cmpid=&pr=pr&d=2012-11-04 22:52:40&v=18.1.7.644&pid=avg&sg=&sap=hp
    [-] [C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaamlnbcjjkcgabjgbhdkjncianpaah
    [-] [C:\Users\Long Ho\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.search.ask.com/?p2=%5EAHN%5EYYYYYY%5EYY%5EUS&gct=hp&o=APN10278cr&apn_ptnrs=%5EAHN&apn_dtid=%5EYYYYYY%5EYY%5EUS&tpid=PLTV5-SAT&apn_dbr=cr_26.0.1410.64&trgb=&apn_uid=16619FA3-A59C-49C5-8B70-3E2570485237&itbv=11.8.1.373&doi=2013-05-03&psv=

    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [15547 bytes] - [08/04/2016 19:51:32]
    C:\AdwCleaner\AdwCleaner[S1].txt - [15854 bytes] - [08/04/2016 19:48:11]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15695 bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.4 (03.14.2016)
    Operating System: Windows 7 Home Premium x64
    Ran by Long Ho (Administrator) on Fri 04/08/2016 at 19:59:33.23
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 74

    Successfully deleted: C:\Users\Public\Desktop\hotspot shield.lnk (Shortcut)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HJUAWLL (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UIYLEH9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15UCK77O (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EJK4TDT (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39XPP70F (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Y7PPJPY (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43S6384Y (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DZPWHAD (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I93B0UL (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9Y3QICUC (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJ5S3JE2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DURJ1EA9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HRL811QJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJUPV2V8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JWDOQD60 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0EMWBV2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K51GE59D (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAA86SU0 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5LQKKRN (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N21WTJA3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3VSAZGG (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N7PIT05S (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPNYJPL9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q6L3W4K9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZK02UVP (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQPUIFME (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1ADOUER (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VNSPIBTD (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWX0HN6N (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZYK12MN (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQEGULMR (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Long Ho\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZE55HTWZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\prefetch\DRIVERHIVE.EXE-134E6139.pf (File)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0HJUAWLL (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UIYLEH9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15UCK77O (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EJK4TDT (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39XPP70F (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Y7PPJPY (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43S6384Y (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DZPWHAD (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6I93B0UL (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9Y3QICUC (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJ5S3JE2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DURJ1EA9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HRL811QJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJUPV2V8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JWDOQD60 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0EMWBV2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K51GE59D (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAA86SU0 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5LQKKRN (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N21WTJA3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N3VSAZGG (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N7PIT05S (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPNYJPL9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q6L3W4K9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RZK02UVP (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQPUIFME (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1ADOUER (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VNSPIBTD (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWX0HN6N (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZYK12MN (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQEGULMR (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZE55HTWZ (Temporary Internet Files Folder)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 04/08/2016 at 20:06:30.37
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  8. BlazinGhost

    BlazinGhost TS Rookie Topic Starter Posts: 90

    Apologies!

    I currently cannot continue the cleaning because I am out of town and I didn't bring my uncles laptop with me. Sorry!
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Let me know.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Still with me?
     
  11. BlazinGhost

    BlazinGhost TS Rookie Topic Starter Posts: 90

    Yeah, my apologies, I'll be back in town next Tuesday if that still works for you.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    OK.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Still with me?
     
  14. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...