Malware disables keyboard on removal

redarmyblues

I discovered an infection on my desktop PC, after I re-booted the keyboard was not connected to the machine, the power light was not on, I tried another keyboard and it was the same. I figured the registry had been changed and I was right, the values for

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid

displays a different value set on reboot when the malware is removed and

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass is not visible

As far as I can guess, the keyboard is disabled in the registry on boot and and the malware then changes the settings to enable sometime after that making it available when Windows has fully loaded. The upshot of this is that I have to use system restore to use the keyboard unfortunately it also restores the malware.

Here are the registry settings when the malware is on the machine and the keyboard is working, if anybody can help it would be appreciated.

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass
Class Name: <NO CLASS>
Last Write Time: 21/01/2015 - 21:11
Value 0
Name: Start
Type: REG_DWORD
Data: 0x3

Value 1
Name: Type
Type: REG_DWORD
Data: 0x1

Value 2
Name: ErrorControl
Type: REG_DWORD
Data: 0x1

Value 3
Name: ImagePath
Type: REG_EXPAND_SZ
Data: system32\DRIVERS\kbdclass.sys

Value 4
Name: DisplayName
Type: REG_SZ
Data: Keyboard Class Driver

Value 5
Name: Group
Type: REG_SZ
Data: Keyboard Class

Value 6
Name: Tag
Type: REG_DWORD
Data: 0x2


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass\Parameters
Class Name: <NO CLASS>
Last Write Time: 14/07/2009 - 04:37
Value 0
Name: ConnectMultiplePorts
Type: REG_DWORD
Data: 0

Value 1
Name: KeyboardDataQueueSize
Type: REG_DWORD
Data: 0x64

Value 2
Name: KeyboardDeviceBaseName
Type: REG_SZ
Data: KeyboardClass

Value 3
Name: MaximumPortsServiced
Type: REG_DWORD
Data: 0x3

Value 4
Name: SendOutputToAllPorts
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass\Enum
Class Name: <NO CLASS>
Last Write Time: 21/01/2015 - 21:12
Value 0
Name: 0
Type: REG_SZ
Data: Root\RDP_KBD\0000

Value 1
Name: Count
Type: REG_DWORD
Data: 0x2

Value 2
Name: NextInstance
Type: REG_DWORD
Data: 0x2

Value 3
Name: 1
Type: REG_SZ
Data: HID\VID_413C&PID_2005\6&8328f36&0&0000



Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid
Class Name: <NO CLASS>
Last Write Time: 21/01/2015 - 21:12
Value 0
Name: Start
Type: REG_DWORD
Data: 0x3

Value 1
Name: Type
Type: REG_DWORD
Data: 0x1

Value 2
Name: ErrorControl
Type: REG_DWORD
Data: 0

Value 3
Name: ImagePath
Type: REG_EXPAND_SZ
Data: system32\DRIVERS\kbdhid.sys

Value 4
Name: DisplayName
Type: REG_SZ
Data: Keyboard HID Driver

Value 5
Name: Group
Type: REG_SZ
Data: Keyboard Port

Value 6
Name: DriverPackageId
Type: REG_SZ
Data: hidirkbd.inf_x86_neutral_b7b6ffb126da2654

Value 7
Name: Tag
Type: REG_DWORD
Data: 0x5


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid\Parameters
Class Name: <NO CLASS>
Last Write Time: 31/08/2011 - 08:52
Value 0
Name: WorkNicely
Type: REG_DWORD
Data: 0


Key Name: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid\Enum
Class Name: <NO CLASS>
Last Write Time: 21/01/2015 - 21:12
Value 0
Name: 0
Type: REG_SZ
Data: HID\VID_413C&PID_2005\6&8328f36&0&0000

Value 1
Name: Count
Type: REG_DWORD
Data: 0x1

Value 2
Name: NextInstance
Type: REG_DWORD
Data: 0x1

jsa112

need to remove the malware first


Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files here

redarmyblues

Thanks here be the files.

OTL logfile created on: 21/01/2015 22:38:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 36.92% Memory free
5.75 Gb Paging File | 4.11 Gb Available in Paging File | 71.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.66 Gb Total Space | 112.19 Gb Free Space | 24.62% Space Free | Partition Type: NTFS
Drive E: | 5.00 Gb Total Space | 2.77 Gb Free Space | 55.44% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 61.86 Mb Free Space | 61.86% Space Free | Partition Type: NTFS
Drive H: | 5.00 Gb Total Space | 2.36 Gb Free Space | 47.18% Space Free | Partition Type: NTFS

Computer Name: I-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/01/21 22:38:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2014/11/14 09:51:09 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/09/12 18:14:55 | 013,559,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe
PRC - [2014/09/12 18:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/09/12 18:00:53 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\tv_w32.exe
PRC - [2014/09/03 05:17:26 | 000,054,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2014/09/03 03:14:42 | 000,936,288 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2014/09/03 03:13:54 | 000,153,952 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\redirector.exe
PRC - [2014/09/03 03:13:36 | 000,395,616 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2014/09/03 01:09:42 | 001,505,560 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Receiver\Receiver.exe
PRC - [2013/08/02 00:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/04/18 10:09:20 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2013/02/19 20:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/31 09:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/31 09:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2012/02/29 19:27:18 | 001,355,968 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012/02/29 19:27:18 | 000,864,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/01 17:57:16 | 000,561,984 | ---- | M] (Apple Inc.) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
PRC - [2011/03/16 09:58:34 | 000,755,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe
PRC - [2011/03/16 09:58:34 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2011/03/02 15:20:58 | 000,224,256 | ---- | M] () -- C:\Program Files\GNU\GnuPG\dirmngr.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/25 09:06:12 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 08:56:30 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/11 16:02:24 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/11 16:01:51 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/09/11 16:01:50 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/01 00:50:20 | 000,062,848 | ---- | M] (CANON INC.) -- C:\Windows\System32\CNAB4RPK.EXE
PRC - [2008/07/29 15:28:36 | 000,364,630 | ---- | M] () -- C:\Program Files\DVPCR Plus\rmc\RMCserver.exe


========== Modules (No Company Name) ==========

MOD - [2014/10/20 02:26:27 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/20 02:26:19 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/20 02:26:14 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/02/13 19:49:42 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/09/04 23:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/02/29 19:27:34 | 000,185,880 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
MOD - [2011/03/02 15:18:28 | 000,656,384 | ---- | M] () -- C:\Program Files\GNU\GnuPG\gpgex.dll
MOD - [2011/02/09 00:56:38 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\TrueCafe\PWClient.exe -- (srvTrueCafePrinterWatcherClient)
SRV - File not found [Auto | Stopped] -- C:\Program Files\TrueCafe\TrueCafeServer.exe -- (srvTrueCafe)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2015/01/13 22:56:06 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/22 01:55:14 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/09/12 18:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/12/18 23:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/10/05 02:38:22 | 000,071,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe -- (VsEtwService120)
SRV - [2013/08/21 20:55:10 | 000,091,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2013/08/21 20:33:20 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.1\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2013/05/27 04:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/18 10:09:20 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2013/02/19 20:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/02/29 19:27:18 | 001,355,968 | ---- | M] (Lavasoft) [On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/11/10 13:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/03/16 09:58:34 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/03/02 15:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Program Files\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2010/09/11 16:01:51 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/08 17:04:12 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/02 23:03:04 | 000,015,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/07/29 15:28:36 | 000,364,630 | ---- | M] () [Auto | Running] -- C:\Program Files\DVPCR Plus\rmc\RMCserver.exe -- (RMCServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\NPF.sys -- (NPF)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2014/08/27 22:31:42 | 000,070,008 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2014/06/18 18:39:06 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/08/21 04:31:26 | 000,153,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2013/08/21 04:31:26 | 000,136,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2013/08/21 04:31:26 | 000,130,248 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2013/08/21 04:31:26 | 000,032,064 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2013/08/21 04:31:26 | 000,017,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2013/04/18 10:09:20 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2013/02/19 20:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/01/15 23:11:33 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2012/08/23 14:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 14:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/02/29 19:27:24 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2012/01/09 20:18:17 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/01/09 20:18:17 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/09/13 08:35:26 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/12 08:40:29 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/11/25 05:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/08/12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/05/29 09:29:20 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/12/14 14:45:20 | 000,021,504 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndistc.sys -- (ndistc)
DRV - [2009/09/10 13:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/24 13:51:38 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/07/13 22:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/05/25 04:38:16 | 000,734,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2005/03/16 06:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\System32\drivers\BIOS.sys -- (BIOS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {a4f69070-5eb1-4e89-a7da-809b992b434e}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{a4f69070-5eb1-4e89-a7da-809b992b434e}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3315041&CUI=UN11379035163226023&UM=2
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120512074553080&tb_oid=12-05-2012&tb_mrud=12-05-2012

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ie/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 9A 86 D0 36 03 D0 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Administrator\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 08:36:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/08/11 07:25:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012/09/22 19:21:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/09 17:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2014/01/04 18:03:32 | 000,002,495 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\sweettunes_search.xml

========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gafhhbahpojnjfhpepjjfjojbphnogmn\11.87.5.37727_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll ()
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Microsoft Web Test Recorder 12.0 Helper) - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Redirector] C:\Program Files\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.71.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.71.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.5 89.101.160.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A54ECA8-51D0-4663-8360-D175ED0B0F24}: DhcpNameServer = 89.101.160.5 89.101.160.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B768BA5-2F65-48CB-974B-5E0A15E72314}: DhcpNameServer = 89.101.160.5 89.101.160.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDCC7ED8-E091-45DE-8ADC-BB8D17C30555}: DhcpNameServer = 89.101.160.5 89.101.160.4
O18 - Protocol\Handler\gameboxchrome {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files\GameBox\gamebox_toolbar.dll ()
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/22 04:24:09 | 000,000,175 | ---- | M] () - H:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/01/21 21:22:32 | 000,000,000 | ---D | C] -- C:\cb2ca3e0f9f8534020909ffa
[2015/01/21 17:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/01/21 17:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015/01/21 17:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/01/21 17:46:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Programs
[2015/01/15 20:12:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\How to get htm file - Get Started - The SitePoint Forums_files
[2015/01/11 21:16:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Webproj2
[2015/01/07 14:55:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Tor Browser
[2015/01/07 14:46:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\tor
[2015/01/07 14:45:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Vidalia

========== Files - Modified Within 30 Days ==========

[2015/01/21 22:07:39 | 000,001,590 | ---- | M] () -- C:\Users\Administrator\Desktop\kbdhid.reg
[2015/01/21 21:58:49 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/21 21:57:58 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/21 21:54:31 | 000,118,197 | ---- | M] () -- C:\Users\Administrator\Desktop\How to restore Win7 Registry files [Solved] - How To - Windows 7.html
[2015/01/21 21:20:03 | 000,022,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/21 21:20:02 | 000,022,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/21 21:17:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/21 21:17:28 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2015/01/21 21:16:24 | 164,017,240 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2015/01/21 21:12:37 | 000,000,021 | ---- | M] () -- C:\Windows\S.dirmngr
[2015/01/21 21:12:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/21 21:12:07 | 2314,067,968 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/21 19:32:37 | 000,025,917 | ---- | M] () -- C:\Users\Administrator\Desktop\Create a System Restore point in Windows 7 from cmd or windows.html
[2015/01/15 20:32:53 | 000,112,499 | ---- | M] () -- C:\Users\Administrator\Desktop\How to get htm file - Get Started - The SitePoint Forums.html
[2015/01/11 21:13:26 | 000,013,979 | ---- | M] () -- C:\Users\Administrator\Desktop\Free.zip - Shortcut.lnk
[2015/01/11 18:04:03 | 000,669,594 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/01/11 18:04:03 | 000,127,210 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2015/01/21 22:07:39 | 000,001,590 | ---- | C] () -- C:\Users\Administrator\Desktop\kbdhid.reg
[2015/01/21 21:54:23 | 000,118,197 | ---- | C] () -- C:\Users\Administrator\Desktop\How to restore Win7 Registry files [Solved] - How To - Windows 7.html
[2015/01/21 19:32:36 | 000,025,917 | ---- | C] () -- C:\Users\Administrator\Desktop\Create a System Restore point in Windows 7 from cmd or windows.html
[2015/01/15 20:12:37 | 000,112,499 | ---- | C] () -- C:\Users\Administrator\Desktop\How to get htm file - Get Started - The SitePoint Forums.html
[2015/01/11 21:13:26 | 000,013,979 | ---- | C] () -- C:\Users\Administrator\Desktop\Free.zip - Shortcut.lnk
[2015/01/11 11:45:54 | 000,000,021 | ---- | C] () -- C:\Windows\S.dirmngr
[2014/04/15 11:12:12 | 000,000,204 | ---- | C] () -- C:\Windows\POWERPNT.INI
[2014/04/15 11:12:01 | 000,000,055 | ---- | C] () -- C:\Windows\exchng32.ini
[2014/04/15 11:12:01 | 000,000,026 | ---- | C] () -- C:\Windows\datalink.ini
[2014/04/15 11:11:52 | 000,000,032 | ---- | C] () -- C:\Windows\GRAPH5.INI
[2014/04/15 11:11:32 | 000,000,000 | ---- | C] () -- C:\Windows\WINHELP.INI
[2014/04/15 11:08:14 | 000,001,103 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/05/17 09:04:44 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013/05/17 09:04:44 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2013/02/20 13:42:25 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 01:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/11/25 17:04:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/09/30 18:26:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\e-academy Inc
[2014/11/01 15:08:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICAClient
[2014/10/09 21:40:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\JetBrains
[2014/11/02 14:33:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Notepad++
[2014/10/09 21:37:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NuGet
[2014/09/30 20:14:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera Software
[2014/10/09 14:09:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PDAppFlex
[2014/11/05 22:13:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2015/01/02 00:01:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 21/01/2015 22:38:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 36.92% Memory free
5.75 Gb Paging File | 4.11 Gb Available in Paging File | 71.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.66 Gb Total Space | 112.19 Gb Free Space | 24.62% Space Free | Partition Type: NTFS
Drive E: | 5.00 Gb Total Space | 2.77 Gb Free Space | 55.44% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 61.86 Mb Free Space | 61.86% Space Free | Partition Type: NTFS
Drive H: | 5.00 Gb Total Space | 2.36 Gb Free Space | 47.18% Space Free | Partition Type: NTFS

Computer Name: I-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
.reg [@ = Regedit.Document] -- c:\Winnt\Regedit.exe %1

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" /n /dde
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\OneRoof CyberCafePro Server\OneRoof_CCP_Server.exe" = C:\Program Files\OneRoof CyberCafePro Server\OneRoof_CCP_Server.exe:*:Enabled:OneRoof CyberCafePro Control Station


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06DAD023-D353-474D-A017-99D6E6506030}" = lport=445 | protocol=6 | dir=in | app=system |
"{1836A06B-E38B-4D92-963D-15AD25AEB5B2}" = lport=6918 | protocol=6 | dir=in | app=c:\program files\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{183C619E-FF51-4E00-A10F-EF5DF6FD5FE3}" = lport=6915 | protocol=6 | dir=in | app=c:\program files\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{19669569-5078-4409-AB71-38DD36D69E38}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{1ACAAFE9-07F5-433A-8F75-0D85BA7588CC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1CCA2231-4C3C-4582-946A-48E316A78AC1}" = rport=445 | protocol=6 | dir=out | app=system |
"{1EFC0BEF-86F2-46E2-BBAA-C7070450570D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20C0E07C-39E3-4DE2-AA79-70115E9B5268}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2506EB92-BB6E-428E-8813-1B67A6F7D35D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2C6DCCD1-F0D4-4DEE-A2CB-89ACBD1CF72F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2E479DAE-F354-430F-98CB-8F15C6FD8555}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2EE289DA-9F80-4EEF-8EA0-BD357F72BB97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31E89FDE-179E-483E-B96B-D8EADD5C4E53}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3707ED2C-CA38-4198-9EE7-ABE40A789DC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4129BEA4-7984-4A7C-BA3E-0F1C3C35E71B}" = lport=6916 | protocol=6 | dir=in | app=c:\program files\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{42EE4EA3-58E6-44A3-A846-F883F35CBBF6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C6EBBD8-B79E-4F56-BE22-12E9486A9A7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4DF0A9A3-A853-4497-9B30-6CCBE1EB061E}" = rport=137 | protocol=17 | dir=out | app=system |
"{53B30778-1088-43EC-92CA-BD2B10C168E9}" = lport=139 | protocol=6 | dir=in | app=system |
"{5905DC09-1DC3-4871-BE80-219C12B7CA90}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59E011F1-6A59-46CE-B4BC-680DE9B0F5C7}" = rport=138 | protocol=17 | dir=out | app=system |
"{5C0964B1-A676-4122-AFE5-C2092DD497B4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F6B7470-6D4B-40E5-82C5-28869B7813D8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6693734B-D54F-4E02-9F1B-EA87BE3FFB32}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6BDD0D04-C46E-4E94-9B96-F67C2155A1E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BEB2403-0BD5-411A-AAC2-0232E6141093}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6F560F41-CDEA-42F9-8235-591CC3AD7D32}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7137B907-C66F-4AF9-A30C-A393A291F6B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{71A9E24A-3FFD-48B8-B6B1-9A008244A3D8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{808ED599-92F7-43DB-9739-D33A244FBBB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{826B7A95-029D-4CAE-AB96-D9A423E9AA63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8422EE32-DD9B-431D-ADDE-DC848FB65910}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96D5A134-84C0-4FDC-87E9-90579BC63A95}" = lport=6917 | protocol=6 | dir=in | app=c:\program files\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{98B2169A-5FE3-4DC3-8F29-568C18247715}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A01A41C4-4E95-4AB5-A8A9-94AE8CDE1C0D}" = lport=6920 | protocol=6 | dir=in | app=c:\program files\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{A6F256A5-D015-4C24-8A5A-4B88EE440D1A}" = lport=137 | protocol=17 | dir=in | app=system |
"{AF058FA8-004F-4498-BAE2-58A738355B81}" = lport=138 | protocol=17 | dir=in | app=system |
"{BC133D6B-F37D-49BA-BFBF-109D52398D14}" = lport=6919 | protocol=6 | dir=in | app=c:\program files\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{C236646F-00C7-4122-BE26-EA9D93E93404}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C49C1BCF-84C1-4E40-926C-EFB6CEE94B64}" = lport=3702 | protocol=17 | dir=in | app=c:\program files\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{D32C4997-761E-441B-A981-FC14B2CFFC71}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5F74710-BA30-465E-A518-2E9690CBF532}" = rport=139 | protocol=6 | dir=out | app=system |
"{EA08ED10-C624-4B44-8357-90BC24DB6C62}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004358ED-4671-4CF7-A9E9-CC6D9123F9FA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{03E8BBE7-6839-4425-AD06-63848CD5B0B3}" = protocol=17 | dir=in | app=c:\users\i\appdata\roaming\dropbox\bin\dropbox.exe |
"{055E8662-D589-4E30-8AF2-959F1160D11E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{08B6AFE7-6732-4BFD-BCF8-173EB15B9E77}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe |
"{0D9312B0-D461-4123-BA27-68B4237CC819}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe |
"{0E775415-ED14-4914-9040-E3405269A0FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0EA2EA54-5D1F-408D-B115-655B7AB494A2}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{12FA3DA3-7E42-4EBF-A424-CBC3F55E9578}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{15517E31-2724-45B4-8BD9-51BE051C6961}" = protocol=6 | dir=in | app=c:\windows\system32\cnab4rpk.exe |
"{1EA5857B-4E16-4CC8-B145-889854F3009A}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1F20314C-6DEB-418F-894D-970A43E73DFA}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{1F5AEDCC-3FF2-470B-AE92-118A50DD6097}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{206323B8-75A8-4500-8553-7DC28878BBF3}" = protocol=6 | dir=in | app=c:\program files\cafesuite\cafestation.exe |
"{212FD8EC-13F0-481D-802C-36702DE241D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2538F5DD-5E52-49F8-AA81-DD2A38638844}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27CF41CF-D639-45E2-B95A-814EE667327C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28B04569-A221-4F44-A6B1-EECA54A54C16}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2B560D4D-DC41-4DE4-830A-8063ADB05068}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2E1A09F5-AEDC-48F7-9037-8408218ACD9E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2F85D262-525B-47C4-83C4-E4EE29F07C76}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{2F95724B-D1E7-47C9-BD76-5D022AEDA04B}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{31E3B0E8-B75F-48DC-82B1-F72D79304601}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33A06675-A373-4F57-804E-7F7EF2D6ADE6}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{373D874D-B7B3-44BC-94FC-1C757F8FC7BB}" = protocol=17 | dir=in | app=c:\program files\truecafe\client\client.exe |
"{37825CEC-5F42-4417-877C-0587650011D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39094153-B829-49ED-A4C1-2A762092E054}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{3AB1AF15-E5BD-4671-AE2F-F4CE7E70EB8A}" = dir=in | app=c:\program files\truecafe\pwclient.exe |
"{3AC475A8-EC75-4783-80D0-A58FCDBE9674}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FEEEFD8-2443-4747-A9ED-4A25610E37A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{41F19D1B-B4D5-49EB-A3B1-8710AF282029}" = dir=in | app=c:\program files\truecafe\truecafe.exe |
"{42242839-3BA9-4AA9-AE75-4719F632075D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4343ECEC-2D59-41D4-9FBD-9014A8B0B746}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{490CC883-44ED-430C-93CB-2A12A4F21EB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AA2CF0D-6B4F-4EA9-8F7F-076F6C112683}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C658026-34E4-4A96-8C6B-5E25B3E1020B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E0AAD5D-9CE8-4FB3-BDB0-511C382B2E8C}" = protocol=6 | dir=in | app=c:\users\i\appdata\roaming\dropbox\bin\dropbox.exe |
"{51C450A5-7E46-4971-A168-3DECC8A19ED2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52A54CFD-8D22-4D27-8DE2-646707ED1AD7}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{552D0206-EB26-4834-9149-EAC10F964D5A}" = protocol=17 | dir=in | app=c:\windows\system32\cnab4rpk.exe |
"{59D07039-2B37-4862-9073-5643FE1A6742}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5A4BE5E1-B7DB-41B8-BAEC-B435FCC1215A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5ABA0B7C-F795-4E01-AFB1-EBEB397D066E}" = protocol=17 | dir=in | app=c:\program files\cafesuite\cafestation.exe |
"{5AFF300B-F6BD-4361-B7D8-30855E41CF42}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5B029C68-0251-4447-843A-B11047C77C01}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5BBCEDA5-8078-4C57-9E34-BD916D7385F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C40FC7A-E678-45E4-92DC-0ADE8804DCF7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D5F4959-F19E-4859-B4EE-856CE837D7A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D65B5F4-9C33-4FC2-9892-DD3C75C9D848}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{619D0C46-5A3A-4557-A064-1C8EADD5AF89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62B6D9EF-B557-421B-8C46-829295188187}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6442384B-1939-469F-A6BA-0D5308BF269E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65B7A95C-44A5-4CBF-9ECF-74E9C5271644}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{668B108C-94B2-45A7-AC7A-197C2AD5B8D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D4A29D6-2AB4-48EB-B264-FAC372C23889}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E23F86E-EAA2-45D3-ABD3-D67CC25EF962}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E9E280A-A6F4-4167-8EBB-BCC3AEDC7502}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75F7BCE0-EE83-4E80-BAC4-260ECEB55F9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78BAE8FE-449D-4543-BD6B-76A3808DADEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7FDE39BD-9731-4575-8862-2681268DA1D3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe |
"{833F1E79-6D57-488C-9DB9-56EA7A7A0119}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85BCCB77-2097-4293-A0EC-8BA12016D9CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{86DA796F-C1C3-4052-8C33-43E2BF361283}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{88B3DA8B-011A-4C23-AB4D-302C564BCFA1}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{8A6561C0-7174-41A5-8277-406D85DEC690}" = protocol=6 | dir=in | app=c:\program files\oneroof cybercafepro server\oneroof_ccp_server.exe |
"{8B82AB80-4C5E-418A-AF3A-B00D572FC850}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{8BB08998-630B-4E9B-90F0-7517EB31042C}" = protocol=6 | dir=in | app=c:\program files\truecafe\client\client.exe |
"{8BD6CFA9-4921-4138-90EC-3B3D7DE7C8F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8F918F0F-5514-41A5-948F-B701539067C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{91C5447D-4272-46F4-88B7-1CE8EE4A7047}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{933BC869-5808-4EB8-BA93-61D655C735B8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{93B62211-8B76-4E0B-982E-AA1C79770C61}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{95A8E950-96A5-4706-A7AB-BB4FCE4487CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9698BD9D-C323-4876-8D43-C2617292A78A}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{99FB28D6-9822-4BBC-9D5D-0E5B517B6536}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9BBF7D3B-70A1-443C-B91E-B4CC4A42FE2E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D3A839D-436B-4675-BB37-58CE7C3C9D77}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A669DD72-4792-4DCD-9DF9-47A8BEB3CF59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A91AC2B9-D5B6-4891-90E8-DFC41B2BEEF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A92F0708-C596-460C-B45C-13FB52DF7E03}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe |
"{A9ACF32B-B673-4551-BE6E-93FE93D6BB4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9D81E32-BFDA-4C9D-B260-67D5698F6C7D}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{AAC5C250-063F-4742-8F2F-DA513FB88D52}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{AB374ABF-4B8E-4B89-A01F-E8D68CCD5DEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACC1DAD3-6946-432E-BC56-6304B66720B5}" = dir=in | app=c:\program files\truecafe\truecafeserver.exe |
"{B09EA894-A333-4D63-8781-E243E4759742}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B268BF0F-EA08-4EBD-84CB-D5DD16012B03}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B35E0CAB-3DC0-4E9E-BFAE-E86BEA67ED48}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4906E43-66FD-4FE0-BB0E-57A870E1D69F}" = protocol=6 | dir=out | app=system |
"{B4E8988D-494E-44D7-BD4D-20830800F870}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5ADC743-8EA3-499B-BFC0-9E016393911C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5F22925-EFB4-42FB-AFBD-D4CA04031589}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B80E79ED-F492-4B23-96EE-6CFA55462F2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA29154F-1280-4319-A8EF-190A4DA341E8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BA883F5F-4FA2-40B5-A5A4-7DFE80B02B51}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{BD524952-FB36-464B-8469-8087A8EEE938}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{C1EFD8F0-AA23-4F75-8C88-69B573379021}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C23C7C30-464F-4549-9DD1-19A2215FDDBD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3D4E3B5-3187-4B62-980E-822039078BFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4A822A7-E6B3-42A8-B0D4-CEE12D15D007}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C8206320-EE0E-4E4D-9548-EA9606086622}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CA9722D1-32EA-42CE-A07C-E0CD1290D7E2}" = protocol=17 | dir=in | app=c:\users\i\appdata\roaming\utorrent\utorrent.exe |
"{CBD3239A-86D6-4954-8B8A-8ED11C624779}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CDD89230-BD61-468B-8705-1CE3B0E71EDA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE2CB9D3-009E-42A0-B79A-C888FED45BA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5D04ADB-5556-4B40-A24F-9FBEAB08B0FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5F292D7-E70F-478F-849B-DFFE85B652E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D82A28C9-9C49-4680-AD32-AA88BF2D28AB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{DA5FAF7F-15EF-4416-A334-F55BA2C830EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1CE8D62-A4E5-417B-8917-341A42D09795}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4E0F79B-5169-4B3E-8650-7A041B260BBC}" = protocol=17 | dir=in | app=c:\program files\oneroof cybercafepro server\oneroof_ccp_server.exe |
"{E8662E30-BB8B-4489-A8CF-B4A3683D6D7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8A1F8B3-9CFF-46F2-B25C-097C269D8CF4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9D7FDB1-0E48-4DAD-835C-26CCD6F4DE38}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EAA3929B-4C2C-459F-A218-63127A939FB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE29ECC9-19C0-41CA-9A46-E4F5749958B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE34B3EE-5557-400B-BD33-B7D9C89F90C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF899CEF-EB65-44A6-B32A-62E3C46CB2E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF9896C7-C200-43BC-9F13-2969CCA616C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0ADFCAF-755D-4F9B-B635-F38696DED167}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F17723D6-3018-471D-8A64-C5724557C68E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F3BEAFA6-5EC7-4A75-8784-F19653576EB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F58DD41A-E887-4575-9973-31670B6633BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F65E2A72-F6E0-4E41-B07D-5C2FBF7897A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB625BA7-8A4A-42ED-AEE5-9EFCB811E57F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE6E30D0-C236-4494-A222-CB2BE4B39C04}" = protocol=6 | dir=in | app=c:\users\i\appdata\roaming\utorrent\utorrent.exe |
"{FEA0183A-4CA9-4F62-B430-112DAEA7FBFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FEFC38D8-777B-4E53-BBB9-FBC177D1C515}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"TCP Query User{2A930C8D-E182-4F7A-8802-FFA6D91DAF64}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{32BE274D-8819-495B-B377-7CACA0C70F49}C:\program files\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
"TCP Query User{38D30700-9D64-4C13-9984-7242A729CA8C}C:\program files\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
"TCP Query User{5C7D4CC9-B2D7-4A9B-8911-9656DC9C2558}C:\program files\cisco packet tracer 5.3.2\bin\packettracer5.exe" = protocol=6 | dir=in | app=c:\program files\cisco packet tracer 5.3.2\bin\packettracer5.exe |
"TCP Query User{7602B371-5C15-4BD5-90FE-17BBEEBB6F29}C:\users\i\appdata\roaming\gamemaker-studio\runner.exe" = protocol=6 | dir=in | app=c:\users\i\appdata\roaming\gamemaker-studio\runner.exe |
"TCP Query User{B743D71D-21EA-4226-8250-39B7D4C60998}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{DC16B9C1-AEA5-4202-BFAD-97D5F4FC6C3A}C:\users\administrator\appdata\local\temp\g2_1470\g2viewer.exe" = protocol=6 |

redarmyblues

Thanks here be the files.

OTL logfile created on: 21/01/2015 22:38:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 36.92% Memory free
5.75 Gb Paging File | 4.11 Gb Available in Paging File | 71.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.66 Gb Total Space | 112.19 Gb Free Space | 24.62% Space Free | Partition Type: NTFS
Drive E: | 5.00 Gb Total Space | 2.77 Gb Free Space | 55.44% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 61.86 Mb Free Space | 61.86% Space Free | Partition Type: NTFS
Drive H: | 5.00 Gb Total Space | 2.36 Gb Free Space | 47.18% Space Free | Partition Type: NTFS

Computer Name: I-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/01/21 22:38:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2014/11/14 09:51:09 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/09/12 18:14:55 | 013,559,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe
PRC - [2014/09/12 18:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/09/12 18:00:53 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\tv_w32.exe
PRC - [2014/09/03 05:17:26 | 000,054,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2014/09/03 03:14:42 | 000,936,288 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2014/09/03 03:13:54 | 000,153,952 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\redirector.exe
PRC - [2014/09/03 03:13:36 | 000,395,616 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2014/09/03 01:09:42 | 001,505,560 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Receiver\Receiver.exe
PRC - [2013/08/02 00:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/04/18 10:09:20 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2013/02/19 20:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/31 09:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/31 09:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2012/02/29 19:27:18 | 001,355,968 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012/02/29 19:27:18 | 000,864,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/01 17:57:16 | 000,561,984 | ---- | M] (Apple Inc.) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
PRC - [2011/03/16 09:58:34 | 000,755,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe
PRC - [2011/03/16 09:58:34 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2011/03/02 15:20:58 | 000,224,256 | ---- | M] () -- C:\Program Files\GNU\GnuPG\dirmngr.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/25 09:06:12 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 08:56:30 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/11 16:02:24 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/11 16:01:51 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/09/11 16:01:50 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/01 00:50:20 | 000,062,848 | ---- | M] (CANON INC.) -- C:\Windows\System32\CNAB4RPK.EXE
PRC - [2008/07/29 15:28:36 | 000,364,630 | ---- | M] () -- C:\Program Files\DVPCR Plus\rmc\RMCserver.exe


========== Modules (No Company Name) ==========

MOD - [2014/10/20 02:26:27 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/20 02:26:19 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/20 02:26:14 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/02/13 19:49:42 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/09/04 23:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/02/29 19:27:34 | 000,185,880 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
MOD - [2011/03/02 15:18:28 | 000,656,384 | ---- | M] () -- C:\Program Files\GNU\GnuPG\gpgex.dll
MOD - [2011/02/09 00:56:38 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\TrueCafe\PWClient.exe -- (srvTrueCafePrinterWatcherClient)
SRV - File not found [Auto | Stopped] -- C:\Program Files\TrueCafe\TrueCafeServer.exe -- (srvTrueCafe)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2015/01/13 22:56:06 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/22 01:55:14 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/09/12 18:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/12/18 23:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013/10/05 02:38:22 | 000,071,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe -- (VsEtwService120)
SRV - [2013/08/21 20:55:10 | 000,091,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2013/08/21 20:33:20 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Kits\8.1\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2013/05/27 04:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/18 10:09:20 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2013/02/19 20:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/02/29 19:27:18 | 001,355,968 | ---- | M] (Lavasoft) [On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/11/10 13:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/03/16 09:58:34 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/03/02 15:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Program Files\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2010/09/11 16:01:51 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/08 17:04:12 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/02 23:03:04 | 000,015,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe -- (c2wts)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/07/29 15:28:36 | 000,364,630 | ---- | M] () [Auto | Running] -- C:\Program Files\DVPCR Plus\rmc\RMCserver.exe -- (RMCServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\NPF.sys -- (NPF)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2014/08/27 22:31:42 | 000,070,008 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2014/06/18 18:39:06 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/08/21 04:31:26 | 000,153,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2013/08/21 04:31:26 | 000,136,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2013/08/21 04:31:26 | 000,130,248 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2013/08/21 04:31:26 | 000,032,064 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2013/08/21 04:31:26 | 000,017,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2013/04/18 10:09:20 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2013/02/19 20:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/01/15 23:11:33 | 000,226,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2012/08/23 14:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 14:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/02/29 19:27:24 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2012/01/09 20:18:17 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/01/09 20:18:17 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/09/13 08:35:26 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/12 08:40:29 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/11/25 05:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/08/12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010/05/29 09:29:20 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/12/14 14:45:20 | 000,021,504 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndistc.sys -- (ndistc)
DRV - [2009/09/10 13:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/24 13:51:38 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/07/13 22:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/05/25 04:38:16 | 000,734,208 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2005/03/16 06:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\System32\drivers\BIOS.sys -- (BIOS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {a4f69070-5eb1-4e89-a7da-809b992b434e}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{a4f69070-5eb1-4e89-a7da-809b992b434e}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3315041&CUI=UN11379035163226023&UM=2
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120512074553080&tb_oid=12-05-2012&tb_mrud=12-05-2012

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ie/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 9A 86 D0 36 03 D0 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Administrator\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 08:36:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/08/11 07:25:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012/09/22 19:21:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/09 17:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2014/01/04 18:03:32 | 000,002,495 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\sweettunes_search.xml

========== Chrome ==========

CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gafhhbahpojnjfhpepjjfjojbphnogmn\11.87.5.37727_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll ()
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Microsoft Web Test Recorder 12.0 Helper) - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Redirector] C:\Program Files\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.71.2)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.71.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.5 89.101.160.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A54ECA8-51D0-4663-8360-D175ED0B0F24}: DhcpNameServer = 89.101.160.5 89.101.160.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B768BA5-2F65-48CB-974B-5E0A15E72314}: DhcpNameServer = 89.101.160.5 89.101.160.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDCC7ED8-E091-45DE-8ADC-BB8D17C30555}: DhcpNameServer = 89.101.160.5 89.101.160.4
O18 - Protocol\Handler\gameboxchrome {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files\GameBox\gamebox_toolbar.dll ()
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/22 04:24:09 | 000,000,175 | ---- | M] () - H:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/01/21 21:22:32 | 000,000,000 | ---D | C] -- C:\cb2ca3e0f9f8534020909ffa
[2015/01/21 17:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/01/21 17:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015/01/21 17:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/01/21 17:46:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Programs
[2015/01/15 20:12:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\How to get htm file - Get Started - The SitePoint Forums_files
[2015/01/11 21:16:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Webproj2
[2015/01/07 14:55:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Tor Browser
[2015/01/07 14:46:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\tor
[2015/01/07 14:45:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Vidalia

========== Files - Modified Within 30 Days ==========

[2015/01/21 22:07:39 | 000,001,590 | ---- | M] () -- C:\Users\Administrator\Desktop\kbdhid.reg
[2015/01/21 21:58:49 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/21 21:57:58 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/21 21:54:31 | 000,118,197 | ---- | M] () -- C:\Users\Administrator\Desktop\How to restore Win7 Registry files [Solved] - How To - Windows 7.html
[2015/01/21 21:20:03 | 000,022,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/21 21:20:02 | 000,022,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/21 21:17:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/21 21:17:28 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2015/01/21 21:16:24 | 164,017,240 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2015/01/21 21:12:37 | 000,000,021 | ---- | M] () -- C:\Windows\S.dirmngr
[2015/01/21 21:12:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/21 21:12:07 | 2314,067,968 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/21 19:32:37 | 000,025,917 | ---- | M] () -- C:\Users\Administrator\Desktop\Create a System Restore point in Windows 7 from cmd or windows.html
[2015/01/15 20:32:53 | 000,112,499 | ---- | M] () -- C:\Users\Administrator\Desktop\How to get htm file - Get Started - The SitePoint Forums.html
[2015/01/11 21:13:26 | 000,013,979 | ---- | M] () -- C:\Users\Administrator\Desktop\Free.zip - Shortcut.lnk
[2015/01/11 18:04:03 | 000,669,594 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/01/11 18:04:03 | 000,127,210 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2015/01/21 22:07:39 | 000,001,590 | ---- | C] () -- C:\Users\Administrator\Desktop\kbdhid.reg
[2015/01/21 21:54:23 | 000,118,197 | ---- | C] () -- C:\Users\Administrator\Desktop\How to restore Win7 Registry files [Solved] - How To - Windows 7.html
[2015/01/21 19:32:36 | 000,025,917 | ---- | C] () -- C:\Users\Administrator\Desktop\Create a System Restore point in Windows 7 from cmd or windows.html
[2015/01/15 20:12:37 | 000,112,499 | ---- | C] () -- C:\Users\Administrator\Desktop\How to get htm file - Get Started - The SitePoint Forums.html
[2015/01/11 21:13:26 | 000,013,979 | ---- | C] () -- C:\Users\Administrator\Desktop\Free.zip - Shortcut.lnk
[2015/01/11 11:45:54 | 000,000,021 | ---- | C] () -- C:\Windows\S.dirmngr
[2014/04/15 11:12:12 | 000,000,204 | ---- | C] () -- C:\Windows\POWERPNT.INI
[2014/04/15 11:12:01 | 000,000,055 | ---- | C] () -- C:\Windows\exchng32.ini
[2014/04/15 11:12:01 | 000,000,026 | ---- | C] () -- C:\Windows\datalink.ini
[2014/04/15 11:11:52 | 000,000,032 | ---- | C] () -- C:\Windows\GRAPH5.INI
[2014/04/15 11:11:32 | 000,000,000 | ---- | C] () -- C:\Windows\WINHELP.INI
[2014/04/15 11:08:14 | 000,001,103 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/05/17 09:04:44 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013/05/17 09:04:44 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2013/02/20 13:42:25 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 01:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/11/25 17:04:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/09/30 18:26:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\e-academy Inc
[2014/11/01 15:08:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICAClient
[2014/10/09 21:40:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\JetBrains
[2014/11/02 14:33:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Notepad++
[2014/10/09 21:37:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NuGet
[2014/09/30 20:14:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera Software
[2014/10/09 14:09:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PDAppFlex
[2014/11/05 22:13:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Samsung
[2015/01/02 00:01:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 21/01/2015 22:38:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 36.92% Memory free
5.75 Gb Paging File | 4.11 Gb Available in Paging File | 71.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.66 Gb Total Space | 112.19 Gb Free Space | 24.62% Space Free | Partition Type: NTFS
Drive E: | 5.00 Gb Total Space | 2.77 Gb Free Space | 55.44% Space Free | Partition Type: NTFS
Drive F: | 100.00 Mb Total Space | 61.86 Mb Free Space | 61.86% Space Free | Partition Type: NTFS
Drive H: | 5.00 Gb Total Space | 2.36 Gb Free Space | 47.18% Space Free | Partition Type: NTFS

Computer Name: I-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
.reg [@ = Regedit.Document] -- c:\Winnt\Regedit.exe %1

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" /n /dde
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\OneRoof CyberCafePro Server\OneRoof_CCP_Server.exe" = C:\Program Files\OneRoof CyberCafePro Server\OneRoof_CCP_Server.exe:*:Enabled:OneRoof CyberCafePro Control Station


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06DAD023-D353-474D-A017-99D6E6506030}" = lport=445 | protocol=6 | dir=in | app=system |
"{1836A06B-E38B-4D92-963D-15AD25AEB5B2}" = lport=6918 | protocol=6 | dir=in | app=c:\program files\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{183C619E-FF51-4E00-A10F-EF5DF6FD5FE3}" = lport=6915 | protocol=6 | dir=in | app=c:\program files\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{19669569-5078-4409-AB71-38DD36D69E38}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{1ACAAFE9-07F5-433A-8F75-0D85BA7588CC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1CCA2231-4C3C-4582-946A-48E316A78AC1}" = rport=445 | protocol=6 | dir=out | app=system |
"{1EFC0BEF-86F2-46E2-BBAA-C7070450570D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20C0E07C-39E3-4DE2-AA79-70115E9B5268}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2506EB92-BB6E-428E-8813-1B67A6F7D35D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2C6DCCD1-F0D4-4DEE-A2CB-89ACBD1CF72F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2E479DAE-F354-430F-98CB-8F15C6FD8555}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2EE289DA-9F80-4EEF-8EA0-BD357F72BB97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31E89FDE-179E-483E-B96B-D8EADD5C4E53}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3707ED2C-CA38-4198-9EE7-ABE40A789DC1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4129BEA4-7984-4A7C-BA3E-0F1C3C35E71B}" = lport=6916 | protocol=6 | dir=in | app=c:\program files\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{42EE4EA3-58E6-44A3-A846-F883F35CBBF6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C6EBBD8-B79E-4F56-BE22-12E9486A9A7F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4DF0A9A3-A853-4497-9B30-6CCBE1EB061E}" = rport=137 | protocol=17 | dir=out | app=system |
"{53B30778-1088-43EC-92CA-BD2B10C168E9}" = lport=139 | protocol=6 | dir=in | app=system |
"{5905DC09-1DC3-4871-BE80-219C12B7CA90}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59E011F1-6A59-46CE-B4BC-680DE9B0F5C7}" = rport=138 | protocol=17 | dir=out | app=system |
"{5C0964B1-A676-4122-AFE5-C2092DD497B4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5F6B7470-6D4B-40E5-82C5-28869B7813D8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6693734B-D54F-4E02-9F1B-EA87BE3FFB32}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6BDD0D04-C46E-4E94-9B96-F67C2155A1E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BEB2403-0BD5-411A-AAC2-0232E6141093}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6F560F41-CDEA-42F9-8235-591CC3AD7D32}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7137B907-C66F-4AF9-A30C-A393A291F6B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{71A9E24A-3FFD-48B8-B6B1-9A008244A3D8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{808ED599-92F7-43DB-9739-D33A244FBBB3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{826B7A95-029D-4CAE-AB96-D9A423E9AA63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8422EE32-DD9B-431D-ADDE-DC848FB65910}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96D5A134-84C0-4FDC-87E9-90579BC63A95}" = lport=6917 | protocol=6 | dir=in | app=c:\program files\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{98B2169A-5FE3-4DC3-8F29-568C18247715}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A01A41C4-4E95-4AB5-A8A9-94AE8CDE1C0D}" = lport=6920 | protocol=6 | dir=in | app=c:\program files\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{A6F256A5-D015-4C24-8A5A-4B88EE440D1A}" = lport=137 | protocol=17 | dir=in | app=system |
"{AF058FA8-004F-4498-BAE2-58A738355B81}" = lport=138 | protocol=17 | dir=in | app=system |
"{BC133D6B-F37D-49BA-BFBF-109D52398D14}" = lport=6919 | protocol=6 | dir=in | app=c:\program files\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{C236646F-00C7-4122-BE26-EA9D93E93404}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C49C1BCF-84C1-4E40-926C-EFB6CEE94B64}" = lport=3702 | protocol=17 | dir=in | app=c:\program files\microsoft visual studio 12.0\common7\ide\devenv.exe |
"{D32C4997-761E-441B-A981-FC14B2CFFC71}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5F74710-BA30-465E-A518-2E9690CBF532}" = rport=139 | protocol=6 | dir=out | app=system |
"{EA08ED10-C624-4B44-8357-90BC24DB6C62}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004358ED-4671-4CF7-A9E9-CC6D9123F9FA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{03E8BBE7-6839-4425-AD06-63848CD5B0B3}" = protocol=17 | dir=in | app=c:\users\i\appdata\roaming\dropbox\bin\dropbox.exe |
"{055E8662-D589-4E30-8AF2-959F1160D11E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{08B6AFE7-6732-4BFD-BCF8-173EB15B9E77}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe |
"{0D9312B0-D461-4123-BA27-68B4237CC819}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer.exe |
"{0E775415-ED14-4914-9040-E3405269A0FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0EA2EA54-5D1F-408D-B115-655B7AB494A2}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{12FA3DA3-7E42-4EBF-A424-CBC3F55E9578}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{15517E31-2724-45B4-8BD9-51BE051C6961}" = protocol=6 | dir=in | app=c:\windows\system32\cnab4rpk.exe |
"{1EA5857B-4E16-4CC8-B145-889854F3009A}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1F20314C-6DEB-418F-894D-970A43E73DFA}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{1F5AEDCC-3FF2-470B-AE92-118A50DD6097}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{206323B8-75A8-4500-8553-7DC28878BBF3}" = protocol=6 | dir=in | app=c:\program files\cafesuite\cafestation.exe |
"{212FD8EC-13F0-481D-802C-36702DE241D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2538F5DD-5E52-49F8-AA81-DD2A38638844}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27CF41CF-D639-45E2-B95A-814EE667327C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28B04569-A221-4F44-A6B1-EECA54A54C16}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2B560D4D-DC41-4DE4-830A-8063ADB05068}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2E1A09F5-AEDC-48F7-9037-8408218ACD9E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2F85D262-525B-47C4-83C4-E4EE29F07C76}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{2F95724B-D1E7-47C9-BD76-5D022AEDA04B}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{31E3B0E8-B75F-48DC-82B1-F72D79304601}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33A06675-A373-4F57-804E-7F7EF2D6ADE6}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{373D874D-B7B3-44BC-94FC-1C757F8FC7BB}" = protocol=17 | dir=in | app=c:\program files\truecafe\client\client.exe |
"{37825CEC-5F42-4417-877C-0587650011D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39094153-B829-49ED-A4C1-2A762092E054}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{3AB1AF15-E5BD-4671-AE2F-F4CE7E70EB8A}" = dir=in | app=c:\program files\truecafe\pwclient.exe |
"{3AC475A8-EC75-4783-80D0-A58FCDBE9674}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FEEEFD8-2443-4747-A9ED-4A25610E37A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{41F19D1B-B4D5-49EB-A3B1-8710AF282029}" = dir=in | app=c:\program files\truecafe\truecafe.exe |
"{42242839-3BA9-4AA9-AE75-4719F632075D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4343ECEC-2D59-41D4-9FBD-9014A8B0B746}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{490CC883-44ED-430C-93CB-2A12A4F21EB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4AA2CF0D-6B4F-4EA9-8F7F-076F6C112683}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C658026-34E4-4A96-8C6B-5E25B3E1020B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E0AAD5D-9CE8-4FB3-BDB0-511C382B2E8C}" = protocol=6 | dir=in | app=c:\users\i\appdata\roaming\dropbox\bin\dropbox.exe |
"{51C450A5-7E46-4971-A168-3DECC8A19ED2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{52A54CFD-8D22-4D27-8DE2-646707ED1AD7}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{552D0206-EB26-4834-9149-EAC10F964D5A}" = protocol=17 | dir=in | app=c:\windows\system32\cnab4rpk.exe |
"{59D07039-2B37-4862-9073-5643FE1A6742}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5A4BE5E1-B7DB-41B8-BAEC-B435FCC1215A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5ABA0B7C-F795-4E01-AFB1-EBEB397D066E}" = protocol=17 | dir=in | app=c:\program files\cafesuite\cafestation.exe |
"{5AFF300B-F6BD-4361-B7D8-30855E41CF42}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5B029C68-0251-4447-843A-B11047C77C01}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5BBCEDA5-8078-4C57-9E34-BD916D7385F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C40FC7A-E678-45E4-92DC-0ADE8804DCF7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D5F4959-F19E-4859-B4EE-856CE837D7A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D65B5F4-9C33-4FC2-9892-DD3C75C9D848}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{619D0C46-5A3A-4557-A064-1C8EADD5AF89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62B6D9EF-B557-421B-8C46-829295188187}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6442384B-1939-469F-A6BA-0D5308BF269E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65B7A95C-44A5-4CBF-9ECF-74E9C5271644}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{668B108C-94B2-45A7-AC7A-197C2AD5B8D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D4A29D6-2AB4-48EB-B264-FAC372C23889}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E23F86E-EAA2-45D3-ABD3-D67CC25EF962}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6E9E280A-A6F4-4167-8EBB-BCC3AEDC7502}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75F7BCE0-EE83-4E80-BAC4-260ECEB55F9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78BAE8FE-449D-4543-BD6B-76A3808DADEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7FDE39BD-9731-4575-8862-2681268DA1D3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe |
"{833F1E79-6D57-488C-9DB9-56EA7A7A0119}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85BCCB77-2097-4293-A0EC-8BA12016D9CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{86DA796F-C1C3-4052-8C33-43E2BF361283}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{88B3DA8B-011A-4C23-AB4D-302C564BCFA1}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{8A6561C0-7174-41A5-8277-406D85DEC690}" = protocol=6 | dir=in | app=c:\program files\oneroof cybercafepro server\oneroof_ccp_server.exe |
"{8B82AB80-4C5E-418A-AF3A-B00D572FC850}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{8BB08998-630B-4E9B-90F0-7517EB31042C}" = protocol=6 | dir=in | app=c:\program files\truecafe\client\client.exe |
"{8BD6CFA9-4921-4138-90EC-3B3D7DE7C8F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8F918F0F-5514-41A5-948F-B701539067C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{91C5447D-4272-46F4-88B7-1CE8EE4A7047}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{933BC869-5808-4EB8-BA93-61D655C735B8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{93B62211-8B76-4E0B-982E-AA1C79770C61}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{95A8E950-96A5-4706-A7AB-BB4FCE4487CA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9698BD9D-C323-4876-8D43-C2617292A78A}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{99FB28D6-9822-4BBC-9D5D-0E5B517B6536}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9BBF7D3B-70A1-443C-B91E-B4CC4A42FE2E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D3A839D-436B-4675-BB37-58CE7C3C9D77}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A669DD72-4792-4DCD-9DF9-47A8BEB3CF59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A91AC2B9-D5B6-4891-90E8-DFC41B2BEEF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A92F0708-C596-460C-B45C-13FB52DF7E03}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version9\teamviewer_service.exe |
"{A9ACF32B-B673-4551-BE6E-93FE93D6BB4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9D81E32-BFDA-4C9D-B260-67D5698F6C7D}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{AAC5C250-063F-4742-8F2F-DA513FB88D52}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{AB374ABF-4B8E-4B89-A01F-E8D68CCD5DEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACC1DAD3-6946-432E-BC56-6304B66720B5}" = dir=in | app=c:\program files\truecafe\truecafeserver.exe |
"{B09EA894-A333-4D63-8781-E243E4759742}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B268BF0F-EA08-4EBD-84CB-D5DD16012B03}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B35E0CAB-3DC0-4E9E-BFAE-E86BEA67ED48}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4906E43-66FD-4FE0-BB0E-57A870E1D69F}" = protocol=6 | dir=out | app=system |
"{B4E8988D-494E-44D7-BD4D-20830800F870}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5ADC743-8EA3-499B-BFC0-9E016393911C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5F22925-EFB4-42FB-AFBD-D4CA04031589}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B80E79ED-F492-4B23-96EE-6CFA55462F2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA29154F-1280-4319-A8EF-190A4DA341E8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BA883F5F-4FA2-40B5-A5A4-7DFE80B02B51}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{BD524952-FB36-464B-8469-8087A8EEE938}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |
"{C1EFD8F0-AA23-4F75-8C88-69B573379021}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C23C7C30-464F-4549-9DD1-19A2215FDDBD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3D4E3B5-3187-4B62-980E-822039078BFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C4A822A7-E6B3-42A8-B0D4-CEE12D15D007}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C8206320-EE0E-4E4D-9548-EA9606086622}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CA9722D1-32EA-42CE-A07C-E0CD1290D7E2}" = protocol=17 | dir=in | app=c:\users\i\appdata\roaming\utorrent\utorrent.exe |
"{CBD3239A-86D6-4954-8B8A-8ED11C624779}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CDD89230-BD61-468B-8705-1CE3B0E71EDA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CE2CB9D3-009E-42A0-B79A-C888FED45BA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5D04ADB-5556-4B40-A24F-9FBEAB08B0FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5F292D7-E70F-478F-849B-DFFE85B652E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D82A28C9-9C49-4680-AD32-AA88BF2D28AB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{DA5FAF7F-15EF-4416-A334-F55BA2C830EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1CE8D62-A4E5-417B-8917-341A42D09795}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E4E0F79B-5169-4B3E-8650-7A041B260BBC}" = protocol=17 | dir=in | app=c:\program files\oneroof cybercafepro server\oneroof_ccp_server.exe |
"{E8662E30-BB8B-4489-A8CF-B4A3683D6D7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8A1F8B3-9CFF-46F2-B25C-097C269D8CF4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9D7FDB1-0E48-4DAD-835C-26CCD6F4DE38}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EAA3929B-4C2C-459F-A218-63127A939FB0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE29ECC9-19C0-41CA-9A46-E4F5749958B0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE34B3EE-5557-400B-BD33-B7D9C89F90C1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF899CEF-EB65-44A6-B32A-62E3C46CB2E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF9896C7-C200-43BC-9F13-2969CCA616C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0ADFCAF-755D-4F9B-B635-F38696DED167}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F17723D6-3018-471D-8A64-C5724557C68E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{F3BEAFA6-5EC7-4A75-8784-F19653576EB8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F58DD41A-E887-4575-9973-31670B6633BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F65E2A72-F6E0-4E41-B07D-5C2FBF7897A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB625BA7-8A4A-42ED-AEE5-9EFCB811E57F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE6E30D0-C236-4494-A222-CB2BE4B39C04}" = protocol=6 | dir=in | app=c:\users\i\appdata\roaming\utorrent\utorrent.exe |
"{FEA0183A-4CA9-4F62-B430-112DAEA7FBFB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FEFC38D8-777B-4E53-BBB9-FBC177D1C515}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"TCP Query User{2A930C8D-E182-4F7A-8802-FFA6D91DAF64}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{32BE274D-8819-495B-B377-7CACA0C70F49}C:\program files\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
"TCP Query User{38D30700-9D64-4C13-9984-7242A729CA8C}C:\program files\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files\unified remote\remoteserver.exe |
"TCP Query User{5C7D4CC9-B2D7-4A9B-8911-9656DC9C

jsa112

can you post the logs from malwarebytes ?

redarmyblues

Logfile created: 20/01/2015 18:04:49
Ad-Aware version: 8.2.6
Extended engine: 1997144064
Extended engine version:
User performing scan: Administrator

*********************** Definitions database information ***********************
Lavasoft definition file: 153.49
Genotype definition file version: 2012/02/13 12:34:31

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 140441
Objects detected: 17


Type Detected
==========================
Processes.......: 0
Registry entries: 16
Hostfile entries: 0
Files...........: 1
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0



Quarantined items:
Description: c:\users\i\desktop\downloads\cnet2_peerblock-setup_v1_1_r518_exe.exe Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 12932902 Family ID: 936 MD5: 6b9b6d0eb4484a786a31b2b16bbe1a36
Description: HKCR:CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303}: Family Name: Win32.FraudTool.ErrorDoctor Engine: 1 Clean status: Success Item ID: 687957 Family ID: 1131
Description: HKLM:SOFTWARE\Microsoft\Ole:EnableDCOM Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 414216 Family ID: 936
Description: HKU:S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Windows:load Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 414316 Family ID: 936
Description: HKU:S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Windows:load Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 414316 Family ID: 936
Description: HKU:S-1-5-21-4178704981-3335108533-2927541611-1005\Software\Microsoft\Windows NT\CurrentVersion\Windows:load Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 414316 Family ID: 936
Description: HKU:S-1-5-21-4178704981-3335108533-2927541611-500\Software\Microsoft\Windows NT\CurrentVersion\Windows:load Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 414316 Family ID: 936
Description: HKCR:regfile\shell\open\command: Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 414317 Family ID: 936
Description: HKU:S-1-5-21-4178704981-3335108533-2927541611-1005\software\microsoft\windows\currentversion\uninstall: Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 414323 Family ID: 936
Description: HKLM:system\currentcontrolset\services\kbdclass: Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 414329 Family ID: 936
Description: HKU:S-1-5-21-4178704981-3335108533-2927541611-1005\software\microsoft\internet explorer\main:formsuggest pw ask Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 414334 Family ID: 936
Description: HKU:S-1-5-21-4178704981-3335108533-2927541611-1005\software\microsoft\internet explorer\main:use formsuggest Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 414335 Family ID: 936
Description: HKU:S-1-5-21-4178704981-3335108533-2927541611-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3:1004 Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 414336 Family ID: 936
Description: HKU:S-1-5-21-4178704981-3335108533-2927541611-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3:1201 Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 414337 Family ID: 936
Description: HKU:S-1-5-21-4178704981-3335108533-2927541611-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3:2201 Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 414338 Family ID: 936
Description: HKLM:system\controlset001\enum\root\legacy_cdfs: Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 414358 Family ID: 936
Description: HKLM:system\currentcontrolset\enum\root\legacy_cdfs: Family Name: Win32.Trojan.Agent Engine: 1 Clean status: Success Item ID: 414360 Family ID: 936

Scan and cleaning complete: Finished correctly after 1300 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: folderstoscan, enabled:1, value:
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Wed Jun 13 23:22:00 2012
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Wed Jun 13 05:22:00 2012
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Wed Jun 13 11:22:00 2012
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Wed Jun 13 17:22:00 2012
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Jun 13 23:22:00 2012
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true


****************************** System information ******************************
Computer name: I-PC
Processor name: AMD Athlon(tm) II X2 240 Processor
Processor identifier: x86 Family 16 Model 6 Stepping 2
Processor speed: ~2813MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 16, processor revision 1538, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3,3DNow]
Physical memory available: 1272856576 bytes
Physical memory total: 3085426688 bytes
Virtual memory available: 2000760832 bytes
Virtual memory total: 2147352576 bytes
Memory load: 58%
Microsoft Service Pack 1 (build 7601)
Windows startup mode:

Running processes:
PID: 292 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 396 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 456 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
PID: 468 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 480 name: C:\Program Files\AVG\AVG9\avgchsvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 496 name: C:\Program Files\AVG\AVG9\avgrsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 532 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 584 name: C:\Program Files\AVG\AVG9\avgcsrvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 628 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 640 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 648 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
PID: 908 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 972 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1000 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1112 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1148 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1172 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1196 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1332 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1432 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1572 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1660 name: C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1668 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1868 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1916 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 344 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 412 name: C:\Program Files\AVG\AVG9\avgwdsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 472 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 380 name: C:\Program Files\GNU\GnuPG\dirmngr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1052 name: C:\Windows\System32\FsUsbExService.Exe owner: SYSTEM domain: NT AUTHORITY
PID: 1584 name: C:\Program Files\DVPCR Plus\rmc\RMCserver.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1704 name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1736 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 340 name: C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1288 name: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2456 name: C:\Windows\System32\taskhost.exe owner: Administrator domain: i-PC
PID: 2512 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2716 name: C:\Program Files\AVG\AVG9\avgemc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2736 name: C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2824 name: C:\Program Files\AVG\AVG9\avgnsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3092 name: C:\Windows\System32\dwm.exe owner: Administrator domain: i-PC
PID: 3120 name: C:\Windows\explorer.exe owner: Administrator domain: i-PC
PID: 3192 name: C:\Windows\System32\CNAB4RPK.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 3232 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3328 name: C:\Program Files\Citrix\ICA Client\concentr.exe owner: Administrator domain: i-PC
PID: 3336 name: C:\Program Files\Citrix\ICA Client\redirector.exe owner: Administrator domain: i-PC
PID: 3344 name: C:\Program Files\Common Files\Java\Java Update\jusched.exe owner: Administrator domain: i-PC
PID: 3412 name: C:\Program Files\Citrix\Receiver\Receiver.exe owner: Administrator domain: i-PC
PID: 3704 name: C:\Program Files\AVG\AVG9\avgcsrvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3976 name: C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe owner: Administrator domain: i-PC
PID: 3992 name: C:\Program Files\Citrix\ICA Client\wfcrun32.exe owner: Administrator domain: i-PC
PID: 3360 name: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe owner: Administrator domain: i-PC
PID: 1244 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
PID: 212 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 4616 name: C:\Program Files\TeamViewer\Version9\TeamViewer.exe owner: Administrator domain: i-PC
PID: 4832 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Administrator domain: i-PC
PID: 4928 name: C:\Program Files\TeamViewer\Version9\tv_w32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4960 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Administrator domain: i-PC
PID: 4288 name: C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe owner: UpdatusUser domain: i-PC
PID: 4660 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 6108 name: C:\Windows\servicing\TrustedInstaller.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3972 name: C:\Windows\System32\SearchProtocolHost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 6120 name: C:\Program Files\AVG\AVG9\avgscanx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 6096 name: C:\Windows\System32\conhost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5944 name: C:\Program Files\AVG\AVG9\avgcsrvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 6060 name: C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe owner: Administrator domain: i-PC
PID: 6048 name: C:\Program Files\Apple Software Update\SoftwareUpdate.exe owner: Administrator domain: i-PC
PID: 5180 name: C:\Windows\System32\osk.exe owner: Administrator domain: i-PC
PID: 5076 name: C:\Windows\System32\notepad.exe owner: Administrator domain: i-PC
PID: 5348 name: C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2664 name: C:\Program Files\Citrix\SelfServicePlugin\SelfService.exe owner: Administrator domain: i-PC
PID: 5328 name: C:\Windows\System32\SearchFilterHost.exe owner: SYSTEM domain: NT AUTHORITY

Startup items:
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: AdobeAAMUpdater-1.0
imagepath: "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Name: SwitchBoard
imagepath: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
Name: AdobeCS6ServiceManager
imagepath: "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
Name: vProt
imagepath: "C:\Program Files\AVG Secure Search\vprot.exe"
Name: ROC_roc_dec12
imagepath: "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
Name: CitrixReceiver
imagepath: "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
Name: ConnectionCenter
imagepath: "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
Name: Redirector
imagepath: "C:\Program Files\Citrix\ICA Client\redirector.exe" /startup
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioEndpointBuilder
displayname: Windows Audio Endpoint Builder
Name: Audiosrv
displayname: Windows Audio
Name: avg9emc
displayname: AVG Free E-mail Scanner
Name: avg9wd
displayname: AVG Free WatchDog
Name: BFE
displayname: Base Filtering Engine
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: Bonjour Service
Name: Browser
displayname: Computer Browser
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: DirMngr
displayname: DirMngr
Name: Dnscache
displayname: DNS Client
Name: DPS
displayname: Diagnostic Policy Service
Name: EapHost
displayname: Extensible Authentication Protocol
Name: EFS
displayname: Encrypting File System (EFS)
Name: eventlog
displayname: Windows Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FontCache
displayname: Windows Font Cache Service
Name: FsUsbExService
displayname: FsUsbExService
Name: gpsvc
displayname: Group Policy Client
Name: IKEEXT
displayname: IKE and AuthIP IPsec Keying Modules
Name: iphlpsvc
displayname: IP Helper
Name: KeyIso
displayname: CNG Key Isolation
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: lmhosts
displayname: TCP/IP NetBIOS Helper
Name: MpsSvc
displayname: Windows Firewall
Name: Netman
displayname: Network Connections
Name: netprofm
displayname: Network List Service
Name: NlaSvc
displayname: Network Location Awareness
Name: nsi
displayname: Network Store Interface Service
Name: nvsvc
displayname: NVIDIA Display Driver Service
Name: nvUpdatusService
displayname: NVIDIA Update Service Daemon
Name: osppsvc
displayname: Office Software Protection Platform
Name: PcaSvc
displayname: Program Compatibility Assistant Service
Name: PlugPlay
displayname: Plug and Play
Name: Power
displayname: Power
Name: ProfSvc
displayname: User Profile Service
Name: RMCServer
displayname: RMCServer
Name: RpcEptMapper
displayname: RPC Endpoint Mapper
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: SBSDWSCService
displayname: SBSD Security Center Service
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification Service
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: SQLWriter
displayname: SQL Server VSS Writer
Name: SSDPSRV
displayname: SSDP Discovery
Name: StiSvc
displayname: Windows Image Acquisition (WIA)
Name: SysMain
displayname: Superfetch
Name: TeamViewer9
displayname: TeamViewer 9
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: TrustedInstaller
displayname: Windows Modules Installer
Name: upnphost
displayname: UPnP Device Host
Name: UxSms
displayname: Desktop Window Manager Session Manager
Name: WdiServiceHost
displayname: Diagnostic Service Host
Name: Winmgmt
displayname: Windows Management Instrumentation
Name: Wlansvc
displayname: WLAN AutoConfig
Name: WMPNetworkSvc
displayname: Windows Media Player Network Sharing Service
Name: wscsvc
displayname: Security Center
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update

jsa112

looks like ad-aware is deleting these two services

kbdclass
legacy_cdfs

so don't use it for the time being.


Can you post the log from Malwarebytes Anti-Malware, I assume you have run it, its far better than ad-aware


I assume you made this file ?

C:\Users\Administrator\Desktop\kbdhid.reg

redarmyblues

Malwarebytes doesnt seem to detecting the win32 trojan, I know it could be a false positive but chrome and opera are complete slugs even though I am getting speed tests of around 25 mbps.


I made C:\Users\Administrator\Desktop\kbdhid.reg when I was making the text files.

here is the mb log.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21/01/2015
Scan Time: 17:56:52
Logfile: malwarebyteslog.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.21.08
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 457094
Time Elapsed: 25 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 22
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\CLASSES\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [67a5f10998f10c2a845c9c54c83ab947],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [67a5f10998f10c2a845c9c54c83ab947],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [67a5f10998f10c2a845c9c54c83ab947],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [67a5f10998f10c2a845c9c54c83ab947],
PUP.Optional.Mediabar.A, HKLM\SOFTWARE\iMeshMediabarTb, Quarantined, [1def2cce3455c86e90d7fa8349babe42],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\Mindspark, Quarantined, [a4687f7bc9c056e0acdcc83136cea15f],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\uTorrentBar, Quarantined, [967696646e1b45f14a93e99dfc075fa1],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bejbohlohkkgompgecdcbbglkpjfjgdj, Quarantined, [a16bb7431b6e2f07459698ee847f629e],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\niapdbllcanepiiimjjndipklodoedlc, Quarantined, [38d40dedcebba88e6ca901a4fe057f81],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\uTorrentBar, Quarantined, [1cf0b644404954e2d7070c7aad568779],
PUP.Optional.Conduit.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [62aac3372b5ea29498e3ee906f9440c0],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\uTorrentBar, Quarantined, [12fae31797f21b1bc11ee89edd26fa06],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [26e60ceecdbc67cfb92e05cc897b4cb4],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\uTorrentBar Toolbar, Quarantined, [6aa2c832860305319f3af66f53b0dc24],

Registry Values: 14
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, úâ?¬s¿´ã²M¯>Ââ?¡Æ?€[ü, Quarantined, [53b9d2283a4f162042c97e7005fd629e]
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, úâ?¬s¿´ã²M¯>Ââ?¡Æ?€[ü, Quarantined, [53b9d2283a4f162042c97e7005fd629e]
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, uTorrentBar Toolbar, Quarantined, [53b9d2283a4f162042c97e7005fd629e]
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b98d6dc1c8ec4adf2cc82643bf54ac],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [a468cc2eaadff73f12f96985f111d729],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}, Quarantined, [7c902bcf3851e25445c6bc3208fa36ca],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}, Quarantined, [d834ed0d2d5cc373ff0c6c8257ab916f],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}, Quarantined, [9775e713deab71c57b9012dc61a1c23e],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}, Quarantined, [7d8fb04a0089c373d13a965846bc18e8],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0M1L1FtGtCtH1R1N1R1XtG0D, Quarantined, [26e60ceecdbc67cfb92e05cc897b4cb4]
PUP.Optional.Conduit, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BackgroundContainer, "C:\Windows\system32\Rundll32.exe" "C:\Users\i\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun, Quarantined, [9a72b2484544ad893c9ae4fb7e8645bb]

Registry Data: 0
(No malicious items detected)

Folders: 67
PUP.Optional.OpenCandy, C:\Users\i\AppData\Roaming\OpenCandy, Quarantined, [9d6fae4ce6a33ff779b6ab925fa48d73],
PUP.Optional.OpenCandy, C:\Users\i\AppData\Roaming\OpenCandy\2552FCA34B994CB480E50903B465C01C, Quarantined, [9d6fae4ce6a33ff779b6ab925fa48d73],
PUP.Optional.OpenCandy, C:\Users\i\AppData\Roaming\OpenCandy\426CD09FAB6F48C6A50959F59AB12071, Quarantined, [9d6fae4ce6a33ff779b6ab925fa48d73],
PUP.Optional.MixiDJToolBar.A, C:\Users\i\AppData\Local\Temp\mt_ffx\mixidj, Quarantined, [789418e2741569cd92beba83cb38c43c],
PUP.Optional.MixiDJToolBar.A, C:\Users\i\AppData\Local\Temp\mt_ffx\mixidj\mixidj, Quarantined, [789418e2741569cd92beba83cb38c43c],
PUP.Optional.MixiDJToolBar.A, C:\Users\i\AppData\Local\Temp\mt_ffx\mixidj\mixidj\1.8.4.1, Quarantined, [789418e2741569cd92beba83cb38c43c],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\components, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\META-INF, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com\content, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com\defaults, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com\defaults\preferences, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com\locale, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com\locale\en-US, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\Plugins, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\AddedAppDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\DefualtImages, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\DetectedAppDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\EngineFirstTimeDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\NewSearchProtectorDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\NewSearchProtectorDialog\images, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\images, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorDialog\Images, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\Images, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\ToolbarFirstTimeDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\ToolbarFirstTimeDialog\images, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\ToolbarUntrustedAppsApprovalDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\UninstallDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\UntrustedAddedAppDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\UntrustedAppApprovalDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\UntrustedAppPendingDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\EmailNotifier, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\ExternalComponent, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Logs, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\MyStuffApps, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\plugins, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678\AppsMetaData, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678\DynamicDialogs, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarHiddenSettings, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarLogin, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarSettings, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarTranslation, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_en, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_en\ToolbarTranslation, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Rss, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\SearchInNewTab, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Program Files\uTorrentBar, Quarantined, [6aa2c832860305319f3af66f53b0dc24],

Files: 348
PUP.RiskwareTool.CK, C:\$Recycle.Bin\S-1-5-21-4178704981-3335108533-2927541611-1000\$R2F0LC9.dll, Quarantined, [4bc1f6041574cd69394e721aaf53d828],
PUP.Optional.MindSpark.A, C:\$Recycle.Bin\S-1-5-21-4178704981-3335108533-2927541611-500\$RXKWDJZ.exe, Quarantined, [24e815e598f1d85ed830a14713ee9769],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Local\Temp\YontooSetup-Silent.exe, Quarantined, [95772cce54351125bdbd22c760a1956b],
PUP.Optional.Conduit.A, C:\Users\i\AppData\Local\Temp\SP\GenericSS.zip, Quarantined, [60ace416b7d243f3be43ef5156ab8080],
PUP.Optional.Amonetize, C:\Users\Administrator\Downloads\The AubreyMaturin Collection Patrick OBrian torrent_10924_i11613061_il345.exe, Quarantined, [30dc6199c8c15ed8571d9c750bf7c53b],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com.xpi, Quarantined, [8a82f4067d0ce452c9ead7c3847fc937],
PUP.Optional.SweetTunes.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml, Quarantined, [eb2125d5d4b501351103aff108fb08f8],
PUP.Optional.ImeshWebSearch.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\searchplugins\iMeshWebSearch.xml, Quarantined, [51bb45b58504280e5a2b377a5ca72dd3],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\searchplugins\mixidj.xml, Quarantined, [de2e8d6de8a1989e5868cee3ca39af51],
PUP.Optional.ImeshWebSearch.A, C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml, Quarantined, [20ecdb1f6e1bb383de27dadfe71c0df3],
PUP.Optional.Conduit, C:\Windows\System32\Tasks\BackgroundContainer Startup Task, Quarantined, [0a0297631871c472f8484597bc48946c],
PUP.Optional.OpenCandy, C:\Users\i\AppData\Roaming\OpenCandy\2552FCA34B994CB480E50903B465C01C\Trial-14.0.1000.88_en-US_1004739_ROW-EN.exe, Quarantined, [9d6fae4ce6a33ff779b6ab925fa48d73],
PUP.Optional.OpenCandy, C:\Users\i\AppData\Roaming\OpenCandy\426CD09FAB6F48C6A50959F59AB12071\7257.ico, Quarantined, [9d6fae4ce6a33ff779b6ab925fa48d73],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\install.rdf, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\dpk.htm, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\loader.xul, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\mixidj.css, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\mixidj.xul, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\arwDwn.gif, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\closeo.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\help_16.gif, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\home.gif, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\icon_seperator.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\logo.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\privecy_16_hot.gif, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\sign.jpg, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\specialoffer.gif, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\tellafriend.gif, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\uninstall.gif, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\ae.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\bg.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\ch.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\cn.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\cz.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\de.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\eg.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\en.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\es.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\fr.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\gr.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\he.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\il.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\it.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\ja.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\jp.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\nl.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\no.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\pl.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\pt.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\ro.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\ru.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\sa.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\se.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\sv.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\tr.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\ua.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\us.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\META-INF\manifest.mf, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\META-INF\zigbert.rsa, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\META-INF\zigbert.sf, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com\content\overlay.js, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com\defaults\preferences\y2layers.js, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com\locale\en-US\y2layers.properties, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome.manifest, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\install.rdf, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\version.txt, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\alertSettingsComponent.xml, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\appContextMenu.xml, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\fbAlert.js, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\getAppsContextMenu.xml, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\postAppsContextMenu.xml, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\toolbarContextMenu.xml, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\unsharedAppsContextMenu.xml, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\manifest.mf, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.rsa, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.sf, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Chat.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\EBEncryption.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\HTTP.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Log.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\MD5.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\ObserversAndEvents.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\SearchSuggestIO.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\String.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\TEAEncryption.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Timer.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Twitter.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\URL.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Windows.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\Plugins\np-mswmp.dll, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\ldrtbuTor.dll, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\ThirdPartyComponents.xml, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\toolbar.cfg, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552502181250_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552614056250_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552723118750_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827565870150000_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827655684775000_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161798257141250_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161801077882500_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_e6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Appearance_634161804982048752_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_cc_704_cc8aceb9-fb96-4894-b4b6-78b5fb004704_Thumbnail_634503449712298469_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_drizzle_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_foggy_night_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_hazy_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_hazy_night_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_rain_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_smoke_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_smoke_night_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_night_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215829629975000_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_excel_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552376087500_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161799307581250_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634219291587531250_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634220946896281250_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634226715423943750_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634244832697856250_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_images_634818275207567291_24PX_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_SearchActivationButton-go_but01_gif-General-634220918830656250_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_commandcomps_block_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_calculator_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_93_ce3_93951332-f9a7-4af7-af02-17ec3d749ce3_Appearance_634159521796627506_24x24_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633826753881225000_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633826758646068750_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_BankImages_Facebook_Facebook_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_Images_ClientResources_mini_browser_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_eula_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215803994037500_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_MsAccess_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_msnmessenger_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_notepad_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_office_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_OutlookExpress_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_Outlook_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_paint_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_powerpoint_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_RegistryEditor_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_winword_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_WMPlayer_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\DialogsAPI.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\excanvas.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\generalDialogStyle.css, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\PIE.htc, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\RoundedCorners.css, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\RoundedCornersIE9.css, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\version.txt, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\AddedAppDialog\app-added.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\AddedAppDialog\main.html, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\DefualtImages\icon.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\DetectedAppDialog\app-2go.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\DetectedAppDialog\main.html, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\EngineFirstTimeDialog\main.html, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\EngineFirstTimeDialog\right-click.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\NewSearchProtectorDialog\main.html, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\NewSearchProtectorDialog\SearchProtector.css, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\NewSearchProtectorDialog\SearchProtector.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\NewSearchProtectorDialog\images\ok-button.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\NewSearchProtectorDialog\images\separation-line.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\NewSearchProtectorDialog\images\warning.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\bubble.css, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\bubble.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\main.html, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\images\information.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorDialog\main.html, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorDialog\SearchProtector.css, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorDialog\SearchProtector.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorDialog\Images\info.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorDialog\Images\ok-on.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorDialog\Images\ok.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\main.html, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.jpg, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\ToolbarFirstTimeDialog\main.html, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\ToolbarFirstTimeDialog\images\arrow.png, Quarantined, [bd4fe515305981b57860273

redarmyblues

Malwarebytes doesnt seem to detecting the win32 trojan, I know it could be a false positive but chrome and opera are complete slugs even though I am getting speed tests of around 25 mbps.


I made C:\Users\Administrator\Desktop\kbdhid.reg when I was making the text files.

here is the mb log.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21/01/2015
Scan Time: 17:56:52
Logfile: malwarebyteslog.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.21.08
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 457094
Time Elapsed: 25 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 22
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\CLASSES\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [67a5f10998f10c2a845c9c54c83ab947],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [67a5f10998f10c2a845c9c54c83ab947],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [67a5f10998f10c2a845c9c54c83ab947],
PUP.Optional.Yontoo.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [67a5f10998f10c2a845c9c54c83ab947],
PUP.Optional.Mediabar.A, HKLM\SOFTWARE\iMeshMediabarTb, Quarantined, [1def2cce3455c86e90d7fa8349babe42],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\Mindspark, Quarantined, [a4687f7bc9c056e0acdcc83136cea15f],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\uTorrentBar, Quarantined, [967696646e1b45f14a93e99dfc075fa1],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bejbohlohkkgompgecdcbbglkpjfjgdj, Quarantined, [a16bb7431b6e2f07459698ee847f629e],
PUP.Optional.Yontoo.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\niapdbllcanepiiimjjndipklodoedlc, Quarantined, [38d40dedcebba88e6ca901a4fe057f81],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\uTorrentBar, Quarantined, [1cf0b644404954e2d7070c7aad568779],
PUP.Optional.Conduit.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [62aac3372b5ea29498e3ee906f9440c0],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\uTorrentBar, Quarantined, [12fae31797f21b1bc11ee89edd26fa06],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [26e60ceecdbc67cfb92e05cc897b4cb4],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\uTorrentBar Toolbar, Quarantined, [6aa2c832860305319f3af66f53b0dc24],

Registry Values: 14
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, úâ?¬s¿´ã²M¯>Ââ?¡Æ?€[ü, Quarantined, [53b9d2283a4f162042c97e7005fd629e]
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, úâ?¬s¿´ã²M¯>Ââ?¡Æ?€[ü, Quarantined, [53b9d2283a4f162042c97e7005fd629e]
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, uTorrentBar Toolbar, Quarantined, [53b9d2283a4f162042c97e7005fd629e]
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b9d2283a4f162042c97e7005fd629e],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [53b98d6dc1c8ec4adf2cc82643bf54ac],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}, Quarantined, [a468cc2eaadff73f12f96985f111d729],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}, Quarantined, [7c902bcf3851e25445c6bc3208fa36ca],
PUP.Optional.uTorrentBar.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}, Quarantined, [d834ed0d2d5cc373ff0c6c8257ab916f],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}, Quarantined, [9775e713deab71c57b9012dc61a1c23e],
PUP.Optional.uTorrentBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}, Quarantined, [7d8fb04a0089c373d13a965846bc18e8],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4178704981-3335108533-2927541611-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0M1L1FtGtCtH1R1N1R1XtG0D, Quarantined, [26e60ceecdbc67cfb92e05cc897b4cb4]
PUP.Optional.Conduit, HKU\S-1-5-21-4178704981-3335108533-2927541611-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BackgroundContainer, "C:\Windows\system32\Rundll32.exe" "C:\Users\i\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun, Quarantined, [9a72b2484544ad893c9ae4fb7e8645bb]

Registry Data: 0
(No malicious items detected)

Folders: 67
PUP.Optional.OpenCandy, C:\Users\i\AppData\Roaming\OpenCandy, Quarantined, [9d6fae4ce6a33ff779b6ab925fa48d73],
PUP.Optional.OpenCandy, C:\Users\i\AppData\Roaming\OpenCandy\2552FCA34B994CB480E50903B465C01C, Quarantined, [9d6fae4ce6a33ff779b6ab925fa48d73],
PUP.Optional.OpenCandy, C:\Users\i\AppData\Roaming\OpenCandy\426CD09FAB6F48C6A50959F59AB12071, Quarantined, [9d6fae4ce6a33ff779b6ab925fa48d73],
PUP.Optional.MixiDJToolBar.A, C:\Users\i\AppData\Local\Temp\mt_ffx\mixidj, Quarantined, [789418e2741569cd92beba83cb38c43c],
PUP.Optional.MixiDJToolBar.A, C:\Users\i\AppData\Local\Temp\mt_ffx\mixidj\mixidj, Quarantined, [789418e2741569cd92beba83cb38c43c],
PUP.Optional.MixiDJToolBar.A, C:\Users\i\AppData\Local\Temp\mt_ffx\mixidj\mixidj\1.8.4.1, Quarantined, [789418e2741569cd92beba83cb38c43c],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\components, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\META-INF, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com\content, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com\defaults, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com\defaults\preferences, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com\locale, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com\locale\en-US, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\Plugins, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\AddedAppDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\DefualtImages, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\DetectedAppDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\EngineFirstTimeDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\NewSearchProtectorDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\NewSearchProtectorDialog\images, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\images, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorDialog\Images, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\Images, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\ToolbarFirstTimeDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\ToolbarFirstTimeDialog\images, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\ToolbarUntrustedAppsApprovalDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\UninstallDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\UntrustedAddedAppDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\UntrustedAppApprovalDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\UntrustedAppPendingDialog, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\EmailNotifier, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\ExternalComponent, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Logs, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\MyStuffApps, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\plugins, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678\AppsMetaData, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678\DynamicDialogs, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarHiddenSettings, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarLogin, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarSettings, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarTranslation, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_en, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_en\ToolbarTranslation, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Rss, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\SearchInNewTab, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Program Files\uTorrentBar, Quarantined, [6aa2c832860305319f3af66f53b0dc24],

Files: 348
PUP.RiskwareTool.CK, C:\$Recycle.Bin\S-1-5-21-4178704981-3335108533-2927541611-1000\$R2F0LC9.dll, Quarantined, [4bc1f6041574cd69394e721aaf53d828],
PUP.Optional.MindSpark.A, C:\$Recycle.Bin\S-1-5-21-4178704981-3335108533-2927541611-500\$RXKWDJZ.exe, Quarantined, [24e815e598f1d85ed830a14713ee9769],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Local\Temp\YontooSetup-Silent.exe, Quarantined, [95772cce54351125bdbd22c760a1956b],
PUP.Optional.Conduit.A, C:\Users\i\AppData\Local\Temp\SP\GenericSS.zip, Quarantined, [60ace416b7d243f3be43ef5156ab8080],
PUP.Optional.Amonetize, C:\Users\Administrator\Downloads\The AubreyMaturin Collection Patrick OBrian torrent_10924_i11613061_il345.exe, Quarantined, [30dc6199c8c15ed8571d9c750bf7c53b],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com.xpi, Quarantined, [8a82f4067d0ce452c9ead7c3847fc937],
PUP.Optional.SweetTunes.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml, Quarantined, [eb2125d5d4b501351103aff108fb08f8],
PUP.Optional.ImeshWebSearch.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\searchplugins\iMeshWebSearch.xml, Quarantined, [51bb45b58504280e5a2b377a5ca72dd3],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\searchplugins\mixidj.xml, Quarantined, [de2e8d6de8a1989e5868cee3ca39af51],
PUP.Optional.ImeshWebSearch.A, C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml, Quarantined, [20ecdb1f6e1bb383de27dadfe71c0df3],
PUP.Optional.Conduit, C:\Windows\System32\Tasks\BackgroundContainer Startup Task, Quarantined, [0a0297631871c472f8484597bc48946c],
PUP.Optional.OpenCandy, C:\Users\i\AppData\Roaming\OpenCandy\2552FCA34B994CB480E50903B465C01C\Trial-14.0.1000.88_en-US_1004739_ROW-EN.exe, Quarantined, [9d6fae4ce6a33ff779b6ab925fa48d73],
PUP.Optional.OpenCandy, C:\Users\i\AppData\Roaming\OpenCandy\426CD09FAB6F48C6A50959F59AB12071\7257.ico, Quarantined, [9d6fae4ce6a33ff779b6ab925fa48d73],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\install.rdf, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\dpk.htm, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\loader.xul, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\mixidj.css, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\mixidj.xul, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\arwDwn.gif, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\closeo.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\help_16.gif, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\home.gif, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\icon_seperator.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\logo.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\privecy_16_hot.gif, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\sign.jpg, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\specialoffer.gif, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\tellafriend.gif, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\uninstall.gif, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\ae.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\bg.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\ch.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\cn.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\cz.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\de.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\eg.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\en.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\es.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\fr.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\gr.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\he.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\il.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\it.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\ja.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\jp.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\nl.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\no.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\pl.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\pt.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\ro.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\ru.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\sa.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\se.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\sv.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\tr.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\ua.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\content\imgs\flgs\us.png, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\META-INF\manifest.mf, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\META-INF\zigbert.rsa, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.MixiDJ.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\ffxtlbr@mixidj.com\META-INF\zigbert.sf, Quarantined, [a36929d181083006b4fca0a2b053be42],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com\content\overlay.js, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com\defaults\preferences\y2layers.js, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.Yontoo.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\plugin@yontoo.com\locale\en-US\y2layers.properties, Quarantined, [48c429d17514cd69aa4bd66c0ef5a35d],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome.manifest, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\install.rdf, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\version.txt, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome\utorrentbar.jar, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.js, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\ConduitAutoCompleteSearch.xpt, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\alertSettingsComponent.xml, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\appContextMenu.xml, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\fbAlert.js, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\getAppsContextMenu.xml, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\postAppsContextMenu.xml, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\toolbarContextMenu.xml, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults\unsharedAppsContextMenu.xml, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\manifest.mf, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.rsa, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF\zigbert.sf, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Chat.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\EBEncryption.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\HTTP.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Log.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\MD5.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\ObserversAndEvents.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\SearchSuggestIO.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\String.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\TEAEncryption.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Timer.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Twitter.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\URL.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\Windows.jsm, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\Plugins\np-mswmp.dll, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrenToolBar.A, C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\eu7enn3r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin\conduit.xml, Quarantined, [d03c7288cebb44f22d5484c1da290ff1],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\ldrtbuTor.dll, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\ThirdPartyComponents.xml, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\toolbar.cfg, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552502181250_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552614056250_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552723118750_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827565870150000_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827655684775000_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161798257141250_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161801077882500_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_e6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Appearance_634161804982048752_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_cc_704_cc8aceb9-fb96-4894-b4b6-78b5fb004704_Thumbnail_634503449712298469_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_drizzle_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_foggy_night_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_hazy_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_hazy_night_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_rain_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_smoke_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_smoke_night_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_night_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215829629975000_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_excel_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552376087500_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161799307581250_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634219291587531250_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634220946896281250_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634226715423943750_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634244832697856250_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_images_634818275207567291_24PX_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_SearchActivationButton-go_but01_gif-General-634220918830656250_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_commandcomps_block_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_calculator_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_93_ce3_93951332-f9a7-4af7-af02-17ec3d749ce3_Appearance_634159521796627506_24x24_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633826753881225000_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633826758646068750_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_BankImages_Facebook_Facebook_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_Images_ClientResources_mini_browser_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_eula_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215803994037500_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_MsAccess_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_msnmessenger_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_notepad_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_office_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_OutlookExpress_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_Outlook_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_paint_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_powerpoint_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_RegistryEditor_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_winword_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankimages_CommandComps_WMPlayer_gif.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\DialogsAPI.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\excanvas.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\generalDialogStyle.css, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\PIE.htc, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\RoundedCorners.css, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\RoundedCornersIE9.css, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\version.txt, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\AddedAppDialog\app-added.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\AddedAppDialog\main.html, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\DefualtImages\icon.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\DetectedAppDialog\app-2go.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\DetectedAppDialog\main.html, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\EngineFirstTimeDialog\main.html, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\EngineFirstTimeDialog\right-click.gif, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\NewSearchProtectorDialog\main.html, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\NewSearchProtectorDialog\SearchProtector.css, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\NewSearchProtectorDialog\SearchProtector.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\NewSearchProtectorDialog\images\ok-button.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\NewSearchProtectorDialog\images\separation-line.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\NewSearchProtectorDialog\images\warning.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\bubble.css, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\bubble.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\main.html, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\images\information.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorDialog\main.html, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorDialog\SearchProtector.css, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorDialog\SearchProtector.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorDialog\Images\info.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorDialog\Images\ok-on.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorDialog\Images\ok.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\main.html, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.jpg, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\ToolbarFirstTimeDialog\main.html, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css, Quarantined, [bd4fe515305981b57860273e8a7915eb],
PUP.Optional.uTorrentBar.A, C:\Users\i\AppData\LocalLow\uTorrentBar\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTime

jsa112

the browser slowdown is more than likely due to all the malware toolbars, run adwcleaner, delete what it finds and post its log


http://www.bleepingcomputer.com/download/adwcleaner/

redarmyblues

# AdwCleaner v4.108 - Report created 22/01/2015 at 20:43:27
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.3 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Administrator - I-PC
# Running from : C:\Users\Administrator\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : AVG Security Toolbar Service

***** [ Files / Folders ] *****

File Found : C:\Users\i\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Found : C:\Users\i\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Found : C:\Users\i\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\iMesh Applications
Folder Found : C:\Program Files\mixidj
Folder Found : C:\Program Files\Winamp Toolbar
Folder Found : C:\Program Files\Zynga
Folder Found : C:\ProgramData\~0
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Winamp Toolbar
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gafhhbahpojnjfhpepjjfjojbphnogmn
Folder Found : C:\Users\i\AppData\Local\AVG Security Toolbar
Folder Found : C:\Users\i\AppData\Local\iMesh
Folder Found : C:\Users\i\AppData\Local\PackageAware
Folder Found : C:\Users\i\AppData\Local\Winamp Toolbar
Folder Found : C:\Users\i\AppData\LocalLow\AVG Security Toolbar
Folder Found : C:\Users\i\AppData\LocalLow\Conduit
Folder Found : C:\Users\i\AppData\LocalLow\Zynga
Folder Found : C:\Users\i\AppData\Roaming\CRMixiDJTB
Folder Found : C:\Users\i\AppData\Roaming\OpenCandy
Folder Found : C:\Users\i\Documents\iMesh

***** [ Scheduled Tasks ] *****

Task Found : BackgroundContainer Startup Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\iMeshMediabarTb
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a4f69070-5eb1-4e89-a7da-809b992b434e}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Mindspark
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKLM\SOFTWARE\Winamp Toolbar
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v39.0.2171.95

[C:\Users\i\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN29323827421288614&ctid=CT3315041&UM=2
[C:\Users\i\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN29323827421288614&ctid=CT3315041&UM=2

-\\ Opera v26.0.1656.60


*************************

AdwCleaner[R0].txt - [11317 octets] - [22/01/2015 20:43:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11378 octets] ##########

jsa112

did you click the delete button to remove all those ?

redarmyblues

I did my and browsers are flying pages loading instantly but google searches can still be slow but it does seem to be sorted, thanks very much for spending your time on this BTW, surprised at the amount of toolbars involved many for services I have never personally used.

irishgeo

redarmyblues wrote: »

I did my and browsers are flying pages loading instantly but google searches can still be slow but it does seem to be sorted, thanks very much for spending your time on this BTW, surprised at the amount of toolbars involved many for services I have never personally used.

when installing program use the advanced option and this allow to uncheck toolbars.