Hi,
This is my boyfriends laptop that he had me bring home about a month ago so my mom, Donna, could look at it, but she doesn't have time at the moment. We could not get anything to run at first so she had me transfer MBAM from a USB and ran that on 2-25-15 which removed a lot of junk. I'll try to post the log but it is very long. Having a hard time posting this because of ads by earnsale and who know what all. She said she would help run whatever programs you want me to run since I am not very good at this. Everytime I try to do anything another tab opens up or a small box open telling me to contact some certified support thing. Then the browser freezes and I can't type.
Here are the other logs needed'
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631
Run by LATTY at 18:19:40 on 2015-03-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5606.3370 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Mobogenie3\MobogenieService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\BubbleSound\3D BubbleSound.exe
C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Mobogenie3\MoboGenieHelper.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\McAfee\MSC\mcsvrcnt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = www.google.com
mStart Page = www.google.com
mSearch Page = www.google.com
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
uProxyServer = hxxp=127.0.0.1:47574
uProxyOverride = <-loopback>
uSearchAssistant = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: RoyalShopapEorApp: {1470aa43-3d1d-4ca4-b673-cfd805405a84} - C:\Program Files (x86)\RoyalShopapEorApp\ShKrHb7yKzP9sV.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: faStoSSalleor: {1f1aefb2-c68d-4586-9e5f-d320d67c882e} - C:\Program Files (x86)\faStoSSalleor\PAyqWs98Tp5lUf.dll
BHO: cHEaup4all: {3165cb3b-b913-4030-8e3e-844f497ef8cf} - C:\Program Files (x86)\cHEaup4all\N3oJi9AYUvsHFz.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20140210001533.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: dollaResaverr: {925d0930-77f7-48dc-9284-46dc40be7dc4} - C:\Program Files (x86)\dollaResaverr\5TAoaycCoQhHuj.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: fareeeDelIveruy: {b54374be-6890-4fad-ba1d-095df623d844} - C:\Program Files (x86)\fareeeDelIveruy\WD32yHF6cD3vIu.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: qouicKshop: {d74ee689-44b9-4cab-a8a4-f0bf6cb09288} - C:\Program Files (x86)\qouicKshop\vaPKT6JezMoZby.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
uRun: [Super Optimizer] C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
uRun: [GenieFloater] C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 99.196.99.99 99.197.99.99
TCP: Interfaces\{C90153EF-052D-4911-9C18-1DDCB6CDDD70} : DHCPNameServer = 99.196.99.99 99.197.99.99
TCP: Interfaces\{C90153EF-052D-4911-9C18-1DDCB6CDDD70}\2656C6B696E6E2234323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C90153EF-052D-4911-9C18-1DDCB6CDDD70}\84F4D454D203339313 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C90153EF-052D-4911-9C18-1DDCB6CDDD70}\D496649643632303C45402A45647071636B6024433931302355636572756 : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = www.google.com
x64-mSearch Page = www.google.com
x64-mDefault_Page_URL = www.google.com
x64-mDefault_Search_URL = www.google.com
x64-BHO: RoyalShopapEorApp: {1470aa43-3d1d-4ca4-b673-cfd805405a84} - C:\Program Files (x86)\RoyalShopapEorApp\ShKrHb7yKzP9sV.x64.dll
x64-BHO: faStoSSalleor: {1f1aefb2-c68d-4586-9e5f-d320d67c882e} - C:\Program Files (x86)\faStoSSalleor\PAyqWs98Tp5lUf.x64.dll
x64-BHO: cHEaup4all: {3165cb3b-b913-4030-8e3e-844f497ef8cf} - C:\Program Files (x86)\cHEaup4all\N3oJi9AYUvsHFz.x64.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20140210001533.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: dollaResaverr: {925d0930-77f7-48dc-9284-46dc40be7dc4} - C:\Program Files (x86)\dollaResaverr\5TAoaycCoQhHuj.x64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: fareeeDelIveruy: {b54374be-6890-4fad-ba1d-095df623d844} - C:\Program Files (x86)\fareeeDelIveruy\WD32yHF6cD3vIu.x64.dll
x64-BHO: qouicKshop: {d74ee689-44b9-4cab-a8a4-f0bf6cb09288} - C:\Program Files (x86)\qouicKshop\vaPKT6JezMoZby.x64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [3D BubbleSound] "C:\Program Files\BubbleSound\3D BubbleSound.exe"
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2014-2-5 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2014-2-5 40064]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 289664]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-2-19 50976]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-3-13 75936]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2014-2-5 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2014-2-5 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2014-2-5 62776]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-2-5 114704]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-4-12 51240]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-1-13 85544]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 65264]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 487296]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 100912]
.
=============== Created Last 30 ================
.
2015-03-21 23:12:58 -------- d-----w- C:\Program Files (x86)\SumatraPDF
2015-03-21 23:09:50 -------- d-----w- C:\Program Files (x86)\PhotoScape
2015-03-17 00:41:05 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-03-17 00:41:04 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-03-17 00:41:03 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-03-17 00:41:03 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
2015-03-01 18:04:38 -------- d-----w- C:\Users\LATTY\AppData\Roaming\Mobogenie
2015-03-01 00:56:41 -------- d-----w- C:\AdwCleaner
2015-02-27 00:26:57 -------- d-----w- C:\Program Files (x86)\EExutrAShooppeer
2015-02-27 00:26:38 -------- d-----w- C:\Program Files (x86)\RoyyAlCoUpon
2015-02-27 00:26:20 -------- d-----w- C:\Program Files (x86)\Bookmark Search
2015-02-27 00:25:14 -------- d-----w- C:\Program Files (x86)\BetterPuricceCHec
2015-02-26 04:34:11 -------- d-----w- C:\Users\LATTY\AppData\Local\{34CDDEB9-581A-46D7-A684-10413D370E02}
2015-02-26 04:34:11 -------- d-----w- C:\Users\LATTY\AppData\Local\{269EFDEC-FF8F-49A4-8650-C6DF61BCA69D}
2015-02-26 04:33:54 -------- d-----w- C:\Users\LATTY\Tracing
2015-02-26 03:30:41 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-26 03:30:07 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-02-26 03:30:06 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-02-26 03:30:05 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-02-26 03:30:04 -------- d-----w- C:\ProgramData\Malwarebytes
2015-02-26 03:30:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-26 03:06:12 -------- d-----w- C:\Program Files (x86)\BharatMatrimony
2015-02-26 03:05:20 -------- d-----w- C:\Program Files (x86)\RoyalShopapEorApp
2015-02-26 03:05:07 -------- d-----w- C:\Program Files (x86)\PrineCeCouponi
2015-02-26 03:05:00 -------- d-----w- C:\Program Files (x86)\CCLIckForSalie
2015-02-24 03:34:42 -------- d-----w- C:\Users\LATTY\AppData\Roaming\Unity
2015-02-24 02:58:11 -------- d-----w- C:\Users\LATTY\AppData\Local\Unity
2015-02-20 03:05:24 -------- d-----w- C:\Program Files (x86)\aa020abd-6d5d-4146-8e02-e622308251dc
2015-02-20 03:04:54 -------- d-----w- C:\Program Files (x86)\appsAve
2015-02-20 03:04:17 -------- d-----w- C:\Program Files (x86)\WasteNoTime
2015-02-20 03:03:55 -------- d-----w- C:\Program Files\BubbleSound
2015-02-20 03:03:50 -------- d-----w- C:\Users\LATTY\AppData\Local\Installer
2015-02-20 03:03:45 -------- d-----w- C:\Users\LATTY\AppData\Local\CrashRpt
2015-02-20 03:03:27 -------- d-----w- C:\Program Files (x86)\oaffeeRapp
2015-02-20 03:00:06 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-20 03:00:05 4300800 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-20 03:00:04 6041600 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-20 03:00:03 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
.
==================== Find3M ====================
.
2015-03-21 23:07:55 20 ----a-w- C:\Users\LATTY\AppData\Roaming\appdataFr3.bin
2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-14 06:09:27 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 06:05:30 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-01-14 06:05:30 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-01-14 06:04:56 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-01-14 05:44:59 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44:58 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41:09 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-01-13 03:10:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-01-13 02:49:19 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:05:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:46:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27:32 2358272 ----a-w- C:\Windows\System32\wininet.dll
2015-01-12 01:23:09 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-01-10 06:48:13 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-01-10 06:27:54 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-01-09 02:03:01 3201536 ----a-w- C:\Windows\System32\win32k.sys
2015-01-03 21:33:28 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
.
============= FINISH: 18:22:33.18 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/4/2014 11:41:26 PM
System Uptime: 3/21/2015 6:00:52 PM (0 hours ago)
.
Motherboard: Acer | | Aspire 5560
Processor: AMD A6-3420M APU with Radeon(tm) HD Graphics | Socket FS1 | 1500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 282 GiB total, 225.611 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP78: 12/16/2014 1:47:28 PM - Windows Update
RP79: 12/25/2014 1:34:00 AM - Windows Update
RP80: 1/3/2015 3:35:44 PM - Windows Update
RP81: 2/8/2015 10:31:28 AM - Windows Update
RP82: 2/10/2015 10:28:42 PM - Windows Update
RP83: 2/18/2015 7:38:25 PM - Windows Update
RP84: 2/19/2015 6:32:46 AM - Windows Update
RP85: 2/19/2015 10:54:33 PM - Windows Update
RP86: 2/20/2015 11:32:28 PM - Windows Update
RP87: 2/21/2015 4:56:58 PM - Configured clear.fi
RP88: 2/23/2015 8:32:36 PM - Removed League of Legends
RP89: 2/23/2015 8:33:50 PM - Removed Microsoft SQL Server 2005 Compact Edition [ENU]
RP90: 2/25/2015 6:13:13 PM - Windows Update
RP91: 3/16/2015 9:38:32 PM - Windows Update
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Reader X (10.1.0) MUI
Adobe Shockwave Player 12.0
Agatha Christie - Death on the Nile
AMD APP SDK Runtime
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Backup Manager V3
Bejeweled 2 Deluxe
BetterPuricceCHec
Bing Bar
Bonjour
Bonjour Print Services
Bookmark Search
Broadcom Card Reader Driver Installer
Broadcom Gigabit NetLink Controller
BubbleSound
Build-a-lot 4 - Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chronicles of Albian
Chuzzle Deluxe
clear.fi Client
Cradle of Rome 2
D3DX10
Dolby Advanced Audio v2
Dora's World Adventure
Evernote v. 4.5.1
FATE: The Cursed King
Final Drive: Nitro
FindingDiscount
Galerie de photos Windows Live
Genie Cleaner
Genie Wifi
GeniusBox 2.0
Google Chrome
Google Update Helper
Governor of Poker 2 Premium Edition
Identity Card
IGS
Itibiti RTC
iTunes
Java 7 Update 51
Java Auto Updater
Jewel Match 3
Junk Mail filter update
KMPlayer
KNCTR
Launch Manager
Malwarebytes Anti-Malware version 2.0.4.1028
McAfee Internet Security Suite
McAfee SiteAdvisor
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mobile Mouse Server
Mobogenie3
MSVCRT
MSVCRT_amd64
Muvic Smartbar
Muvic Smartbar Engine
Mystery of Mortlake Mansion
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
newsXpresso
NOOK for PC
Norton Online Backup
NTI Media Maker 9
Pando Media Booster
PC Fix Speed 2.2.0.103
PC Tech Hotline
Penguins!
PhotoScape
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Quiknowledge
Realtek High Definition Audio Driver
Rocket
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Sendori
shoppilation
Shredder
Skype™ 6.13
SumatraPDF
Super Optimizer v3.2
swMSM
Torchlight
Unity Web Player
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers
VLC media player 2.1.2
Welcome Center
WildTangent Games App (Acer Games)
WinCheck
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
3/21/2015 6:04:15 PM, Error: Service Control Manager [7022] - The MobogenieService service hung on starting.
3/21/2015 6:02:13 PM, Error: Service Control Manager [7000] - The RuntimeManager service failed to start due to the following error: The system cannot find the file specified.
3/16/2015 8:14:59 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
.
==== End Of File ===========================
Results of screen317's Security Check version 0.99.99
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
McAfee SiteAdvisor
Genie Cleaner
Java 7 Update 51
Java version 32-bit out of Date!
Adobe Reader 10.1.0 Adobe Reader out of Date!
Google Chrome (40.0.2214.115)
Google Chrome (41.0.2272.89)
Google Chrome (GoogleUpdate.dll..)
````````Process Check: objlist.exe by Laurent````````[/u]
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]
Here is the MBAM log that we ran 3 weeks ago and no other scans have been ran since.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 2/25/2015
Scan Time: 9:32:27 PM
Logfile: mbam1.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.02.26.01
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: LATTY
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 423570
Time Elapsed: 52 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 15
PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe, 2576, Delete-on-Reboot, [763331f1474354e2d4c7e8a4ca374cb4]
PUP.Optional.Goobzo, C:\Program Files\Common Files\ShopperPro\spbiu.exe, 2704, Delete-on-Reboot, [3e6be939fc8e7abc1cb8bfe34fb609f7]
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam_64.exe, 3264, Delete-on-Reboot, [9712ff23e8a2989e3c218ae2d42cd52b]
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam_64.exe, 7268, Delete-on-Reboot, [9712ff23e8a2989e3c218ae2d42cd52b]
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam.exe, 7252, Delete-on-Reboot, [f6b3899991f99e98530a412b5ca48d73]
PUP.Optional.PayByAds.A, C:\Users\LATTY\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe, 7884, Delete-on-Reboot, [cedb081a17736acc9cd4f86aab5522de]
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe, 2780, Delete-on-Reboot, [6d3c6db50783013519d8c3fbe41fcf31]
PUP.Optional.MegaBrowse.A, C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe, 1096, Delete-on-Reboot, [8b1eb86a7119ff37803826b75ba8758b]
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe, 3132, Delete-on-Reboot, [92170919dab0e0566989813d857e33cd]
PUP.Optional.WeatherAlerts, C:\Users\LATTY\AppData\Local\WeatherAlerts\WeatherAlerts.exe, 7952, Delete-on-Reboot, [b8f18a982b5fbb7b56a50f5113f0fc04]
PUP.Optional.FreeSoftToday.A, C:\Users\LATTY\AppData\Local\fst_us_169\upfst_us_169.exe, 7520, Delete-on-Reboot, [06a323ff17732f07b67050275ca7dd23]
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe, 8112, Delete-on-Reboot, [dfca6db5602a6ec8d873e39d38cb8080]
PUP.Optional.ConvertAd.A, C:\Users\LATTY\AppData\Local\ConvertAd\CASrv.exe, 2648, Delete-on-Reboot, [51582ef4f397f83e8ca4dcacdd26cd33]
PUP.Optional.FindingDiscount.A, C:\Program Files (x86)\Windows Discount\FindingDiscount\findingdiscount.exe, 1888, Delete-on-Reboot, [e8c1c55d286241f541a2bed2d033e41c]
PUP.Optional.RuntimeManager.A, C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe, 2616, Delete-on-Reboot, [773263bf89018ea89c4d94fc748fb24e]
Modules: 3
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\dlls\owclfdreugex.dll, Delete-on-Reboot, [515847db3951152168a29b6e7a8c44bc],
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\dlls\owclfdreugex.dll, Delete-on-Reboot, [515847db3951152168a29b6e7a8c44bc],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbici32.dll, Delete-on-Reboot, [05a46ab8bfcb85b15eef8df34fb46e92],
Registry Keys: 467
PUP.Optional.Quiknowledge.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qksvc, Quarantined, [763331f1474354e2d4c7e8a4ca374cb4],
PUP.Optional.Goobzo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPBIUpd, Quarantined, [3e6be939fc8e7abc1cb8bfe34fb609f7],
PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wajam Web Enhancer, Quarantined, [9712ff23e8a2989e3c218ae2d42cd52b],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511421148}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511421148}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544424448}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555425548}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566426648}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555425548}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566426648}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544424448}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054248.BHO.1, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511421148}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511421148}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054248.BHO, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054248.BHO, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054248.BHO.1, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511421148}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511421148}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522422248}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054248.Sandbox.1, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054248.Sandbox, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054248.Sandbox, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054248.Sandbox.1, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522422248}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511421148}\INPROCSERVER32, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\cosstminn.cosstminn, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\cosstminn.cosstminn.2.0, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\cosstminn.cosstminn, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\cosstminn.cosstminn.2.0, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{025204CE-0CB7-C938-692A-1DCA908E56E4}\INPROCSERVER32, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511831162}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511831162}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544834462}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555835562}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566836662}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555835562}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566836662}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544834462}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0058362.BHO.1, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511831162}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511831162}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0058362.BHO, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0058362.BHO, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0058362.BHO.1, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511831162}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511831162}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511831162}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522832262}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0058362.Sandbox.1, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0058362.Sandbox, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0058362.Sandbox, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0058362.Sandbox.1, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522832262}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511831162}\INPROCSERVER32, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\CLASSES\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F213853A-D221-4C97-8A4B-7E0AC63F31A1}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CE4B58AF-E4FD-4C27-8627-AE9324C11F3F}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CE4B58AF-E4FD-4C27-8627-AE9324C11F3F}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F213853A-D221-4C97-8A4B-7E0AC63F31A1}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\CLASSES\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}\INPROCSERVER32, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [0f9ae042c8c2999de9ed4ffbd72cf010],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [0f9ae042c8c2999de9ed4ffbd72cf010],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\IESmartBar.BHO, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IESmartBar.BHO, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [8326c55d3a5072c486652f1b43c0cc34],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [8326c55d3a5072c486652f1b43c0cc34],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254}, Quarantined, [e5c40d156426fb3b627052be48bbd828],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{BA0AB49B-34A1-4C36-BB3B-E6F458974507}, Quarantined, [e5c40d156426fb3b627052be48bbd828],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3D62014A-A3A3-45C4-AAD8-754A3B854048}, Quarantined, [e5c40d156426fb3b627052be48bbd828],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3D62014A-A3A3-45C4-AAD8-754A3B854048}, Quarantined, [e5c40d156426fb3b627052be48bbd828],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{BA0AB49B-34A1-4C36-BB3B-E6F458974507}, Quarantined, [e5c40d156426fb3b627052be48bbd828],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1EC8187A-6435-44E3-BBE4-6CE6D3C69254}, Quarantined, [e5c40d156426fb3b627052be48bbd828],
PUP.Optional.DealKeeper.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1EC8187A-6435-44E3-BBE4-6CE6D3C69254}, Quarantined, [e5c40d156426fb3b627052be48bbd828],
PUP.Optional.DealKeeper.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1EC8187A-6435-44E3-BBE4-6CE6D3C69254}, Quarantined, [e5c40d156426fb3b627052be48bbd828],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [aaffc75b9af0ba7c7a1285c547bc57a9],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd.1, Quarantined, [aaffc75b9af0ba7c7a1285c547bc57a9],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd, Quarantined, [aaffc75b9af0ba7c7a1285c547bc57a9],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialdskBnd, Quarantined, [aaffc75b9af0ba7c7a1285c547bc57a9],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialdskBnd.1, Quarantined, [aaffc75b9af0ba7c7a1285c547bc57a9],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [aaffc75b9af0ba7c7a1285c547bc57a9],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [aaffc75b9af0ba7c7a1285c547bc57a9],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [aaffc75b9af0ba7c7a1285c547bc57a9],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.SupTab.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.SupTab.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.SupTab.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4e6cd411-ce62-4584-97ff-6afbcf6900af}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{15F672EC-1269-428F-BDB7-DB781E772B77}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{158C1B4D-859D-4886-BCA4-4C671693EAA0}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{158C1B4D-859D-4886-BCA4-4C671693EAA0}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{15F672EC-1269-428F-BDB7-DB781E772B77}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.MegaBrowse.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.MegaBrowse.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.MegaBrowse.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, Quarantined, [a00947dbdfab56e098bd83cb09fa8b75],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, Quarantined, [a00947dbdfab56e098bd83cb09fa8b75],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [a00947dbdfab56e098bd83cb09fa8b75],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [a00947dbdfab56e098bd83cb09fa8b75],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, Quarantined, [a00947dbdfab56e098bd83cb09fa8b75],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, Quarantined, [3673f230addd0a2c2fa8bc8e6b9850b0],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [3673f230addd0a2c2fa8bc8e6b9850b0],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [3673f230addd0a2c2fa8bc8e6b9850b0],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [3673f230addd0a2c2fa8bc8e6b9850b0],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [3673f230addd0a2c2fa8bc8e6b9850b0],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [3673f230addd0a2c2fa8bc8e6b9850b0],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [3673f230addd0a2c2fa8bc8e6b9850b0],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr.1, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialHlpr, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialHlpr.1, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [d7d265bd701ad95d3c16c08e1ae98878],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarantined, [d7d265bd701ad95d3c16c08e1ae98878],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [d6d365bd622873c32668a869e81bce32],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [d6d365bd622873c32668a869e81bce32],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [e6c363bfb7d3270f404fc54c4ab959a7],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [e6c363bfb7d3270f404fc54c4ab959a7],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}, Quarantined, [17920d15d2b867cf3d508fbb7f8419e7],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CE681A67-9477-CBE6-EB9D-FE534875F98D}, Quarantined, [baef938f2466d85ea48d31e06a99c33d],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{19f10a29-1212-4aad-b301-96193927dfce}, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{19F10A29-1212-4AAD-B301-96193927DFCE}, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{19F10A29-1212-4AAD-B301-96193927DFCE}, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P19f10a29_1212_4aad_b301_96193927dfce_.P19f10a29_1212_4aad_b301_96193927dfce_, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P19f10a29_1212_4aad_b301_96193927dfce_.P19f10a29_1212_4aad_b301_96193927dfce_.9, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P19f10a29_1212_4aad_b301_96193927dfce_.P19f10a29_1212_4aad_b301_96193927dfce_, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P19f10a29_1212_4aad_b301_96193927dfce_.P19f10a29_1212_4aad_b301_96193927dfce_.9, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{19F10A29-1212-4AAD-B301-96193927DFCE}, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{19F10A29-1212-4AAD-B301-96193927DFCE}\INPROCSERVER32, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{19F10A29-1212-4AAD-B301-96193927DFCE}, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{19F10A29-1212-4AAD-B301-96193927DFCE}, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{19F10A29-1212-4AAD-B301-96193927DFCE}, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{19F10A29-1212-4AAD-B301-96193927DFCE}, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{be600ded-537f-4ea0-97cf-f98501a058a5}, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BE600DED-537F-4EA0-97CF-F98501A058A5}, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BE600DED-537F-4EA0-97CF-F98501A058A5}, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Pbe600ded_537f_4ea0_97cf_f98501a058a5_.Pbe600ded_537f_4ea0_97cf_f98501a058a5_, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Pbe600ded_537f_4ea0_97cf_f98501a058a5_.Pbe600ded_537f_4ea0_97cf_f98501a058a5_.10, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pbe600ded_537f_4ea0_97cf_f98501a058a5_.Pbe600ded_537f_4ea0_97cf_f98501a058a5_, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pbe600ded_537f_4ea0_97cf_f98501a058a5_.Pbe600ded_537f_4ea0_97cf_f98501a058a5_.10, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{BE600DED-537F-4EA0-97CF-F98501A058A5}, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{BE600DED-537F-4EA0-97CF-F98501A058A5}\INPROCSERVER32, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BE600DED-537F-4EA0-97CF-F98501A058A5}, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BE600DED-537F-4EA0-97CF-F98501A058A5}, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BE600DED-537F-4EA0-97CF-F98501A058A5}, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BE600DED-537F-4EA0-97CF-F98501A058A5}, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F8ED2666-3D38-8820-ECF6-296D74B8C9D1}, Quarantined, [852461c179113006d1638282bd460bf5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{226c3c5a-804c-4799-b324-987eafe810df}, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{226C3C5A-804C-4799-B324-987EAFE810DF}, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{226C3C5A-804C-4799-B324-987EAFE810DF}, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P226c3c5a_804c_4799_b324_987eafe810df_.P226c3c5a_804c_4799_b324_987eafe810df_, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P226c3c5a_804c_4799_b324_987eafe810df_.P226c3c5a_804c_4799_b324_987eafe810df_.9, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P226c3c5a_804c_4799_b324_987eafe810df_.P226c3c5a_804c_4799_b324_987eafe810df_, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P226c3c5a_804c_4799_b324_987eafe810df_.P226c3c5a_804c_4799_b324_987eafe810df_.9, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{226C3C5A-804C-4799-B324-987EAFE810DF}, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{226C3C5A-804C-4799-B324-987EAFE810DF}\INPROCSERVER32, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{226C3C5A-804C-4799-B324-987EAFE810DF}, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{226C3C5A-804C-4799-B324-987EAFE810DF}, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{226C3C5A-804C-4799-B324-987EAFE810DF}, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{226C3C5A-804C-4799-B324-987EAFE810DF}, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F}, Quarantined, [2d7c44dec0ca73c3e64e4fb5b84be11f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{21a75d9e-a384-4029-9c7d-d6dca912bc52}, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{21A75D9E-A384-4029-9C7D-D6DCA912BC52}, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{21A75D9E-A384-4029-9C7D-D6DCA912BC52}, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P21a75d9e_a384_4029_9c7d_d6dca912bc52_.P21a75d9e_a384_4029_9c7d_d6dca912bc52_, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P21a75d9e_a384_4029_9c7d_d6dca912bc52_.P21a75d9e_a384_4029_9c7d_d6dca912bc52_.9, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P21a75d9e_a384_4029_9c7d_d6dca912bc52_.P21a75d9e_a384_4029_9c7d_d6dca912bc52_, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P21a75d9e_a384_4029_9c7d_d6dca912bc52_.P21a75d9e_a384_4029_9c7d_d6dca912bc52_.9, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{21A75D9E-A384-4029-9C7D-D6DCA912BC52}, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{21A75D9E-A384-4029-9C7D-D6DCA912BC52}\INPROCSERVER32, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{21A75D9E-A384-4029-9C7D-D6DCA912BC52}, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{21A75D9E-A384-4029-9C7D-D6DCA912BC52}, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{21A75D9E-A384-4029-9C7D-D6DCA912BC52}, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{21A75D9E-A384-4029-9C7D-D6DCA912BC52}, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}, Quarantined, [7e2b3fe3e5a5f244b48042c256ad19e7],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsMangerProtect, Quarantined, [3f6aa1811872f83e33cfcce7f30ec23e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{572edd85-0c22-4258-8eae-b01295bf229d}, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{572EDD85-0C22-4258-8EAE-B01295BF229D}, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{572EDD85-0C22-4258-8EAE-B01295BF229D}, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P572edd85_0c22_4258_8eae_b01295bf229d_.P572edd85_0c22_4258_8eae_b01295bf229d_, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P572edd85_0c22_4258_8eae_b01295bf229d_.P572edd85_0c22_4258_8eae_b01295bf229d_.10, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P572edd85_0c22_4258_8eae_b01295bf229d_.P572edd85_0c22_4258_8eae_b01295bf229d_, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P572edd85_0c22_4258_8eae_b01295bf229d_.P572edd85_0c22_4258_8eae_b01295bf229d_.10, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{572EDD85-0C22-4258-8EAE-B01295BF229D}, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{572EDD85-0C22-4258-8EAE-B01295BF229D}\INPROCSERVER32, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{572EDD85-0C22-4258-8EAE-B01295BF229D}, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{572EDD85-0C22-4258-8EAE-B01295BF229D}, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{572EDD85-0C22-4258-8EAE-B01295BF229D}, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{572EDD85-0C22-4258-8EAE-B01295BF229D}, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BC799F5F-37C9-ACBB-BE51-805992C10610}, Quarantined, [1198d84ae4a6c6700b293dc7030041bf],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1E38F0E0-5499-CDAF-F946-BA3D053AABC2}, Quarantined, [8524dd457911ea4ca0942cd84bb8629e],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{40DC4B27-4588-C56F-7737-D03A0ACE4383}, Quarantined, [acfd2ff3cac0bc7a8aaa1be98d76fe02],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}, Quarantined, [1099170b4b3fdb5b40f4ea1a5ea5aa56],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6C9B756D-B313-0B9A-29C4-0D41CFAFE000}, Quarantined, [53569c863456aa8cc86c758fb94a8779],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3119AFD3-545C-0955-573A-494F62E61990}, Quarantined, [9514150dacdea2942212996b877ca65a],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7E7FAE3D-3358-D280-8DBF-E8E2D94326D1}, Quarantined, [1c8db36f58327abccf658282a26160a0],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{532970A2-464B-73CB-BBC4-F209EAD3EEBE}, Quarantined, [5257f82a2a60fa3c5cd89d67857e8779],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D}, Quarantined, [aaff6ab8dcae0e2859db3fc5a65d0cf4],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511421146}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544424446}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555425546}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566426646}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555425546}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566426646}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544424446}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054246.BHO.1, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511421146}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511421146}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054246.BHO, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054246.BHO, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054246.BHO.1, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511421146}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511421146}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511421146}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511421146}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522422246}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054246.Sandbox.1, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054246.Sandbox, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054246.Sandbox, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054246.Sandbox.1, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522422246}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{144AC25F-D7A7-B233-BFB8-433771ECB92D}, Quarantined, [6148c35fb9d1e94d0f25dc289f64da26],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6E3B2E00-8ADC-98BD-428C-13CEC2925F29}, Quarantined, [9c0d25fd5f2bd95d4ce8ee16f310db25],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7BCAC0EB-3993-2416-0531-848C39DF8B65}, Quarantined, [753443df6b1fc37346eee22255ae4bb5],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{46DF3CE6-BACF-B984-6099-DC25E7054C21}, Quarantined, [edbc859d78122d095fd500040af96f91],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BDA14B0B-4672-3ABF-B189-A5958FE3A42F}, Quarantined, [773246dca8e2be78b77dc53f7f847b85],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5C28578D-D0F1-699F-01B0-CC0653A28C11}, Quarantined, [5e4b0b173753d85e0331e42054afd729],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2D471A31-4FA7-95BA-1880-D441113ED736}, Quarantined, [e4c5a77baae0fe38d064877dd330ff01],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D86C82B0-1F02-816A-5F3D-6466F6A67566}, Quarantined, [41685fc3e5a5de582212a163887b49b7],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D9EFCE2A-396E-AAA0-9D20-896DE2ECF595}, Quarantined, [812832f0078373c3c272739132d154ac],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D8A764DD-3FBA-FBBD-FFC8-90B4AE9B19B8}, Quarantined, [416857cbbad083b34fe503014db6ba46],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{439763FF-59EC-FF1D-B0B5-CB9E213A7A5C}, Quarantined, [9415938fd3b71125d75d12f2dc2704fc],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6AEC2288-82D5-C6CE-CC6F-213FE715E4E5}, Quarantined, [28817ca6cfbb6fc7a98b2dd74cb7f30d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4E5FE462-1A84-47B4-3411-C72434AAD86C}, Quarantined, [5d4cae7466241f173afa33d17b889a66],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}, Quarantined, [b5f4081a890138fe30042dd76f94bb45],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{074887BF-06BC-9065-9562-3C1A861F7111}, Quarantined, [8821a87a860475c1ec48669e679c3ec2],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6C998B44-82D8-CC7E-D847-4CD73036412A}, Quarantined, [02a741e10189e94d44f0d331897aff01],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{26453017-2C54-574B-7597-9EA6652686A6}, Quarantined, [c9e0bc661b6fb77f5ada5aaa28db867a],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0B750649-0E5A-78CB-A6AE-E2D6E2AD8882}, Quarantined, [1c8dc65c99f1d264ab898f75ba49c53b],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\igsc, Quarantined, [6a3f82a07d0d88ae0052dbc3da2926da],
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyPC Backup, Quarantined, [f0b9d2506a2072c4c826317a03007888],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ShopperPro, Quarantined, [69404dd597f344f2c6f02e8d7b883fc1],
PUP.Optional.ShopperPro, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPDRIVER_1507.0.0.0, Quarantined, [69404dd597f344f2c6f02e8d7b883fc1],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64, Quarantined, [ffaa34eeddadf73fdcc61f9ee023f50b],
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegClean Pro_is1, Quarantined, [5f4ae93983070630ca3255a51be950b0],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64, Quarantined, [e7c267bb6525f046c215ec2fc540f010],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{30389f51-b968-4243-8e7c-c69cde75ce4d}w64, Quarantined, [a801e1418ffb053193444ccf30d51fe1],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{55dce8ba-9dec-4013-937e-adbf9317d990}w64, Quarantined, [98117fa31476f244d304cd4eb3528d73],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{7c18b119-d64a-4b8f-90db-d1c5b5ad5acf}w64, Quarantined, [c2e762c08efc25119641849711f48080],
PUP.Optional.OpenSoftwareUpdater.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OpenSoftwareUpdater, Quarantined, [03a6170b0486d75f24809e82947158a8],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\Wajam Web Enhancer, Quarantined, [f4b53ee43e4c7db9ae415d4da063b947],
PUP.Optional.Astromenda.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [cfdac55d9ceea98d5de7ce53a75e867a],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, Quarantined, [7e2b12109feb6fc73e1c7664f1127e82],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [2d7cef332a608ea8f06a4496a360b64a],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21836, Quarantined, [9d0c28fa672374c2a5b5ffdbbe45ae52],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [baef24fecfbb94a26b780bfcb451ad53],
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, Quarantined, [9c0dc75bc7c3e1558919d4ce29dab34d],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\Deal Keeper, Quarantined, [0f9ac062800ac175c42baf0f50b311ef],
Adware.EoRezo, HKLM\SOFTWARE\WOW6432NODE\FREESOFTTODAY, Quarantined, [d7d268ba5337ba7ca79caf53fb0acd33],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\Freeven pro, Quarantined, [3376958da7e3ce688ec78059ca39ca36],
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\GAMESDESKTOP, Quarantined, [a900f82a62289a9c3e19584eb2511fe1],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\Ge-Force, Quarantined, [c8e10919820861d517f768b5bf46ec14],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\Ge-Force-nv, Quarantined, [8d1c74ae1377db5b9e816fba8382ac54],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\Ge-Force-nv-ie, Quarantined, [a1087fa32763b77ff32caf7a0afb09f7],
PUP.Optional.IStart123.A, HKLM\SOFTWARE\WOW6432NODE\istart123Software, Quarantined, [75347da51872e94dab6e6f4abc47d22e],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\MediaPlayerplus, Quarantined, [b1f8ba6890fa79bda5d002d72cd7a060],
PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\WOW6432NODE\Mega Browse, Quarantined, [21882cf63b4f0d29c9ee3aa3c1427c84],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\P-HD-V1.4, Quarantined, [bdec7fa32466a88ea82d7749a45f9f61],
PUP.Optional.PCFixSpeed, HKLM\SOFTWARE\WOW6432NODE\PCFixSpeed, Quarantined, [6a3fc062e0aa2f07c72e847a48bcb54b],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Quarantined, [57523ee42466a88e54c5a676a95ceb15],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, Quarantined, [2980b36f81098ea8c80606b16e95bf41],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\Wajam Web Enhancer, Quarantined, [1a8f5fc365250d29648bedbde61dc33d],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [e4c554ce5337280e238c576820e39967],
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, Quarantined, [b4f56eb4dfab270fe3112eac4bb8649c],
PUP.Optional.Astromenda.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [5950d15153371d1931136fb28f768b75],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\mysearchdial, Quarantined, [1495f32f9bef22140badec0fa064c739],
PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE Rocket, Quarantined, [7a2f70b2177395a1ca11bbf4d72c6997],
PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Astromenda, Quarantined, [7138c45e800a88ae0ecd941b659e9868],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\19979, Quarantined, [575232f0b7d36dc9ca9087533cc7f50b],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [44650a1805858bab91c9ab2fb44f8878],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\21836, Quarantined, [d9d02ff3abdf61d51644d307c83b23dd],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [e8c1dd459eec6dc9cd160ef9e520857b],
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, Quarantined, [f6b3fa28a2e84cea6e34aff327dc39c7],
PUP.Optional.FreeSoftToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\fst_us_169_is1, Quarantined, [decbf32f6a2003333e9de1dfb84b47b9],
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\gmsd_us_186_is1, Quarantined, [aaff2ff3840693a3fdcc475f9172c937],
PUP.Optional.SmartMediaConverter.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SmartMediaConverter, Quarantined, [a009e73bd2b870c6e79bebca6f9401ff],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Wajam Web Enhancer, Quarantined, [4f5ade44e5a596a0608e5159b44f867a],
PUP.Optional.Linkury.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}, Quarantined, [dacfd74bbfcb1a1cc4fc6568
Looks like the whole log did not post. I'll see if I can attach it below.
Hi, Kayla. Welcome to LandzDown Forum. I was wondering when you were going to have time to dig into your boyfriend's computer.
You were certainly right about the MBAM log. It is long and I see by the top of the log that it took almost an hour to scan (Time Elapsed: 52 min, 45 sec)! Fortunately, the remainder of the log was more PUPs (Potentially Unwanted Programs) but no malicious items detected. So that is good news.
Since you can barely navigate on the computer and the browsers have been taken over, let's see what can be done to give you immediate relief. Then we'll take a look at a fresh log to see where things stand.
1. Please start by uninstalling
shoppilation.
2. I see that AdwCleaner has been used in the computer in the past. If you don't know where AdwCleaner.exe is located, please download a new copy from here: Adware Cleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner). Please save it to your
desktop! (Note: if you know where the earlier downloaded file is located, be sure it updates before running. If it is not version 4.112, just download a fresh copy.)
- Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token)[/*]
- The tool will start to update the database, please wait a bit.[/*]
- Click on the Scan button.[/*]
- AdwCleaner will begin...be patient as the scan may take some time to complete.[/*]
- After the scan has finished, click on the Clean button.[/*]
- Press OK when asked to close all programs and follow the onscreen prompts.[/*]
- Press OK again to allow AdwCleaner to restart the computer and complete the removal process.[/*]
- After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).[/*]
- Copy and paste the contents of that logfile in your next reply.[/*]
- A copy of that logfile will also be saved in the C:\AdwCleaner folder.[/*]
3. Next, Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/) to your desktop.
- Disable your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
4. After a restart, let's see what a new DDS log looks like.
- Double-click dds.scr to run.
- After the scan is complete, copy/paSTe only the DDS.txt log.
Note: I am expecting the AdwCleaner log to be quite long. To save yourself some grief, don't hesitate to post that log after the first restart and then create yet another new topic for the JRT log. If it is also really long, create yet a third topic for the new DDS.txt log.
Hi Corrine, Thank you for helping me. We went into the extensions and found a earnsale thing and disabled it. That helped a little bit, I uninstalled shoppilation and I did forget that mom had me download and run Adw Cleaner. I have that first log if you would like to see it. I did uninstall the old version and downloaded the new version. Both logs you ask for are below:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Home Premium x64
Ran by LATTY on Sat 03/21/2015 at 20:17:08.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\driver support
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2798846467-2303819236-3135644434-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update mega browse
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util mega browse
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\Users\LATTY\appdata\local\pc_drivers_headquarters"
Successfully deleted: [Folder] "C:\Program Files (x86)\browse~2"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\LATTY\appdata\local\{269EFDEC-FF8F-49A4-8650-C6DF61BCA69D}
Successfully deleted: [Empty Folder] C:\Users\LATTY\appdata\local\{34CDDEB9-581A-46D7-A684-10413D370E02}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/21/2015 at 20:23:23.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v4.112 - Logfile created 21/03/2015 at 20:10:17
# Updated 09/03/2015 by Xplode
# Database : 2015-03-21.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : LATTY - LATTY-PC
# Running from : C:\Users\LATTY\Desktop\adwcleaner_4.112.exe
# Option : Cleaning
***** [ Services ] *****
Service Deleted : YahooAUService
- Service Deleted : RuntimeManager
Service Deleted : MobogenieService
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\shoppilation
Folder Deleted : C:\ProgramData\dealoster
Folder Deleted : C:\ProgramData\looWuprices
Folder Deleted : C:\ProgramData\offerdoeeaala
Folder Deleted : C:\ProgramData\7502d0d17d33c51a
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
Folder Deleted : C:\Program Files (x86)\Super Optimizer
Folder Deleted : C:\Program Files (x86)\Mobogenie3
Folder Deleted : C:\Program Files (x86)\appsAve
Folder Deleted : C:\Program Files (x86)\BetteerPRiceChEc
Folder Deleted : C:\Program Files (x86)\BetterPuricceCHec
Folder Deleted : C:\Program Files (x86)\CCLIckForSalie
Folder Deleted : C:\Program Files (x86)\DDailyPrizE
Folder Deleted : C:\Program Files (x86)\ddOllarsaver
Folder Deleted : C:\Program Files (x86)\dollaResaverr
Folder Deleted : C:\Program Files (x86)\EExutrAShooppeer
Folder Deleted : C:\Program Files (x86)\ExtraSihoppEr
Folder Deleted : C:\Program Files (x86)\fareeeDelIveruy
Folder Deleted : C:\Program Files (x86)\faStoSSalleor
Folder Deleted : C:\Program Files (x86)\free2yaou
Folder Deleted : C:\Program Files (x86)\LuckkyyCouppoon
Folder Deleted : C:\Program Files (x86)\priaZecoupon
Folder Deleted : C:\Program Files (x86)\PriiceDoewnloader
Folder Deleted : C:\Program Files (x86)\PrinceeCooupponu
Folder Deleted : C:\Program Files (x86)\PrineCeCouponi
Folder Deleted : C:\Program Files (x86)\prizecOuupon
Folder Deleted : C:\Program Files (x86)\prrizaecoupeoN
Folder Deleted : C:\Program Files (x86)\qouicKshop
Folder Deleted : C:\Program Files (x86)\quIckkshop
Folder Deleted : C:\Program Files (x86)\RoyalCooupOOn
Folder Deleted : C:\Program Files (x86)\RoyalShopapEorApp
Folder Deleted : C:\Program Files (x86)\RoyyAlCoUpon
Folder Deleted : C:\Program Files (x86)\saleoFfer
Folder Deleted : C:\Program Files (x86)\SaluesMagnet
Folder Deleted : C:\Program Files (x86)\shhoupnndrop
Folder Deleted : C:\Users\LATTY\AppData\Local\Temp\Deal Keeper
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\PC Tech Hotline
Folder Deleted : C:\Program Files\BubbleSound
Folder Deleted : C:\Users\LATTY\AppData\Local\wincheck
Folder Deleted : C:\Users\LATTY\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\LATTY\AppData\Roaming\Mobogenie
Folder Deleted : C:\Users\LATTY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BubbleSound 1.0
Folder Deleted : C:\Users\LATTY\Documents\Mobogenie
Folder Deleted : C:\Users\LATTY\Documents\Super Optimizer
Folder Deleted : C:\ProgramData\nhoomajijappicjijhpjfhdipigjonad
Folder Deleted : C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgnekbaiabbkmiciakdebgmhfifiofei
Folder Deleted : C:\Users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgnekbaiabbkmiciakdebgmhfifiofei
Folder Deleted : C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpfblpommjlgjpgacngohjlikijbaen
Folder Deleted : C:\Users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpfblpommjlgjpgacngohjlikijbaen
Folder Deleted : C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbjneejbdmjepefpajjhibofpmlnbhc
Folder Deleted : C:\Users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbjneejbdmjepefpajjhibofpmlnbhc
Folder Deleted : C:\Users\LATTY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
Folder Deleted : C:\Users\LATTY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
File Deleted : C:\Users\LATTY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
File Deleted : C:\Users\LATTY\Desktop\3D BubbleSound.lnk
File Deleted : C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage
File Deleted : C:\Users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage
File Deleted : C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal
***** [ Scheduled tasks ] *****
Task Deleted : Yahoo! Search Updater
Task Deleted : Super Optimizer Schedule
Task Deleted : PastaQuotes
Task Deleted : Validate Installation
Task Deleted : Check Updates
Task Deleted : GeniusBox
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Classes\keepmysearch
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Super Optimizer]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe
Key Deleted : HKLM\SOFTWARE\Classes\P1470aa43_3d1d_4ca4_b673_cfd805405a84_.P1470aa43_3d1d_4ca4_b673_cfd805405a84_
Key Deleted : HKLM\SOFTWARE\Classes\P1470aa43_3d1d_4ca4_b673_cfd805405a84_.P1470aa43_3d1d_4ca4_b673_cfd805405a84_.9
Key Deleted : HKLM\SOFTWARE\Classes\P1f1aefb2_c68d_4586_9e5f_d320d67c882e_.P1f1aefb2_c68d_4586_9e5f_d320d67c882e_
Key Deleted : HKLM\SOFTWARE\Classes\P1f1aefb2_c68d_4586_9e5f_d320d67c882e_.P1f1aefb2_c68d_4586_9e5f_d320d67c882e_.9
Key Deleted : HKLM\SOFTWARE\Classes\P925d0930_77f7_48dc_9284_46dc40be7dc4_.P925d0930_77f7_48dc_9284_46dc40be7dc4_
Key Deleted : HKLM\SOFTWARE\Classes\P925d0930_77f7_48dc_9284_46dc40be7dc4_.P925d0930_77f7_48dc_9284_46dc40be7dc4_.9
Key Deleted : HKLM\SOFTWARE\Classes\Pb54374be_6890_4fad_ba1d_095df623d844_.Pb54374be_6890_4fad_ba1d_095df623d844_
Key Deleted : HKLM\SOFTWARE\Classes\Pb54374be_6890_4fad_ba1d_095df623d844_.Pb54374be_6890_4fad_ba1d_095df623d844_.9
Key Deleted : HKLM\SOFTWARE\Classes\Pd74ee689_44b9_4cab_a8a4_f0bf6cb09288_.Pd74ee689_44b9_4cab_a8a4_f0bf6cb09288_
Key Deleted : HKLM\SOFTWARE\Classes\Pd74ee689_44b9_4cab_a8a4_f0bf6cb09288_.Pd74ee689_44b9_4cab_a8a4_f0bf6cb09288_.9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1470aa43-3d1d-4ca4-b673-cfd805405a84}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1f1aefb2-c68d-4586-9e5f-d320d67c882e}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{925d0930-77f7-48dc-9284-46dc40be7dc4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b54374be-6890-4fad-ba1d-095df623d844}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{d74ee689-44b9-4cab-a8a4-f0bf6cb09288}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1470aa43-3d1d-4ca4-b673-cfd805405a84}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f1aefb2-c68d-4586-9e5f-d320d67c882e}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{925d0930-77f7-48dc-9284-46dc40be7dc4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b54374be-6890-4fad-ba1d-095df623d844}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d74ee689-44b9-4cab-a8a4-f0bf6cb09288}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1470aa43-3d1d-4ca4-b673-cfd805405a84}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f1aefb2-c68d-4586-9e5f-d320d67c882e}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{925d0930-77f7-48dc-9284-46dc40be7dc4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b54374be-6890-4fad-ba1d-095df623d844}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d74ee689-44b9-4cab-a8a4-f0bf6cb09288}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1470aa43-3d1d-4ca4-b673-cfd805405a84}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1f1aefb2-c68d-4586-9e5f-d320d67c882e}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{925d0930-77f7-48dc-9284-46dc40be7dc4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b54374be-6890-4fad-ba1d-095df623d844}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d74ee689-44b9-4cab-a8a4-f0bf6cb09288}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1470aa43-3d1d-4ca4-b673-cfd805405a84}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f1aefb2-c68d-4586-9e5f-d320d67c882e}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{925d0930-77f7-48dc-9284-46dc40be7dc4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b54374be-6890-4fad-ba1d-095df623d844}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d74ee689-44b9-4cab-a8a4-f0bf6cb09288}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1470aa43-3d1d-4ca4-b673-cfd805405a84}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1f1aefb2-c68d-4586-9e5f-d320d67c882e}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{925d0930-77f7-48dc-9284-46dc40be7dc4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{b54374be-6890-4fad-ba1d-095df623d844}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{d74ee689-44b9-4cab-a8a4-f0bf6cb09288}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1470aa43-3d1d-4ca4-b673-cfd805405a84}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f1aefb2-c68d-4586-9e5f-d320d67c882e}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{925d0930-77f7-48dc-9284-46dc40be7dc4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b54374be-6890-4fad-ba1d-095df623d844}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d74ee689-44b9-4cab-a8a4-f0bf6cb09288}
Key Deleted : HKCU\Software\Mobogenie
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\Mobogenie3
Key Deleted : HKCU\Software\PCTechHotline
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Taronja
Key Deleted : HKLM\SOFTWARE\IGS
Key Deleted : HKLM\SOFTWARE\GeniusBox
Key Deleted : HKLM\SOFTWARE\Mobogenie3
Key Deleted : HKLM\SOFTWARE\PCTechHotline
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quiknowledge
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IGS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GeniusBox
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4E5FE462-1A84-47B4-3411-C72434AAD86C}
Key Deleted : [x64] HKLM\SOFTWARE\BubbleSound
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BubbleSound
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:47574
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Google Chrome v41.0.2272.101
[C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
-\\ Comodo Dragon v
[C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
-\\ Chrome Canary v
[C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [40831 bytes] - [28/02/2015 19:56:46]
AdwCleaner[R1].txt - [14428 bytes] - [21/03/2015 20:04:10]
AdwCleaner[S0].txt - [39766 bytes] - [28/02/2015 19:58:35]
AdwCleaner[S1].txt - [14895 bytes] - [21/03/2015 20:10:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [14955 bytes] ##########
Here are the other two logs:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631
Run by LATTY at 20:33:29 on 2015-03-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5606.4448 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\The Phone Support Dock\TPSDock.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe
C:\Program Files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
uSearch Page = www.google.com
mStart Page = www.google.com
mSearch Page = www.google.com
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
uSearchAssistant = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: cHEaup4all: {3165cb3b-b913-4030-8e3e-844f497ef8cf} - C:\Program Files (x86)\cHEaup4all\N3oJi9AYUvsHFz.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20140210001533.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [GenieFloater] C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 99.196.99.99 99.197.99.99
TCP: Interfaces\{C90153EF-052D-4911-9C18-1DDCB6CDDD70} : DHCPNameServer = 99.196.99.99 99.197.99.99
TCP: Interfaces\{C90153EF-052D-4911-9C18-1DDCB6CDDD70}\2656C6B696E6E2234323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C90153EF-052D-4911-9C18-1DDCB6CDDD70}\84F4D454D203339313 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C90153EF-052D-4911-9C18-1DDCB6CDDD70}\D496649643632303C45402A45647071636B6024433931302355636572756 : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = www.google.com
x64-mSearch Page = www.google.com
x64-mDefault_Page_URL = www.google.com
x64-mDefault_Search_URL = www.google.com
x64-BHO: cHEaup4all: {3165cb3b-b913-4030-8e3e-844f497ef8cf} - C:\Program Files (x86)\cHEaup4all\N3oJi9AYUvsHFz.x64.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20140210001533.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [3D BubbleSound] "C:\Program Files\BubbleSound\3D BubbleSound.exe"
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2014-2-5 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2014-2-5 40064]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 289664]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-2-19 50976]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-3-13 75936]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2014-2-5 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2014-2-5 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2014-2-5 62776]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-2-5 204288]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2014-2-5 352336]
R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2014-2-5 872552]
R2 GenieCleanService;GenieCleanService;C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe [2015-2-5 53400]
R2 GenieWifiService;GenieWifiService;C:\Program Files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe [2015-3-5 51352]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-11-2 199304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-11-2 210616]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-11-2 162224]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-2-5 114704]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-4-12 51240]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-1-13 85544]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 65264]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 487296]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-2-5 53376]
S2 cae99edb;Super Optimizer;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-11-2 244624]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-1-27 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-18 114688]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-11-2 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 100912]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-7 1255736]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-03-21 23:12:58 -------- d-----w- C:\Program Files (x86)\SumatraPDF
2015-03-21 23:09:50 -------- d-----w- C:\Program Files (x86)\PhotoScape
2015-03-17 00:41:05 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-03-17 00:41:04 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-03-17 00:41:03 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-03-17 00:41:03 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
2015-03-01 00:56:41 -------- d-----w- C:\AdwCleaner
2015-02-27 00:26:20 -------- d-----w- C:\Program Files (x86)\Bookmark Search
2015-02-26 04:33:54 -------- d-----w- C:\Users\LATTY\Tracing
2015-02-26 03:30:41 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-26 03:30:07 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-02-26 03:30:06 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-02-26 03:30:05 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-02-26 03:30:04 -------- d-----w- C:\ProgramData\Malwarebytes
2015-02-26 03:30:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-26 03:06:12 -------- d-----w- C:\Program Files (x86)\BharatMatrimony
2015-02-24 03:34:42 -------- d-----w- C:\Users\LATTY\AppData\Roaming\Unity
2015-02-24 02:58:11 -------- d-----w- C:\Users\LATTY\AppData\Local\Unity
2015-02-20 03:05:24 -------- d-----w- C:\Program Files (x86)\aa020abd-6d5d-4146-8e02-e622308251dc
2015-02-20 03:04:17 -------- d-----w- C:\Program Files (x86)\WasteNoTime
2015-02-20 03:03:50 -------- d-----w- C:\Users\LATTY\AppData\Local\Installer
2015-02-20 03:03:45 -------- d-----w- C:\Users\LATTY\AppData\Local\CrashRpt
2015-02-20 03:03:27 -------- d-----w- C:\Program Files (x86)\oaffeeRapp
2015-02-20 03:00:06 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-20 03:00:05 4300800 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-20 03:00:04 6041600 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-20 03:00:03 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
.
==================== Find3M ====================
.
2015-03-21 23:07:55 20 ----a-w- C:\Users\LATTY\AppData\Roaming\appdataFr3.bin
2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-14 06:09:27 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-01-14 06:05:30 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-01-14 06:05:30 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-01-14 06:04:56 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-01-14 05:44:59 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44:58 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41:09 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-01-13 03:10:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-01-13 02:49:19 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:05:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:46:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27:32 2358272 ----a-w- C:\Windows\System32\wininet.dll
2015-01-12 01:23:09 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-01-10 06:48:13 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-01-10 06:27:54 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-01-09 02:03:01 3201536 ----a-w- C:\Windows\System32\win32k.sys
2015-01-03 21:33:28 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
.
============= FINISH: 20:34:47.11 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/4/2014 11:41:26 PM
System Uptime: 3/21/2015 8:12:00 PM (0 hours ago)
.
Motherboard: Acer | | Aspire 5560
Processor: AMD A6-3420M APU with Radeon(tm) HD Graphics | Socket FS1 | 1500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 282 GiB total, 224.304 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP78: 12/16/2014 1:47:28 PM - Windows Update
RP79: 12/25/2014 1:34:00 AM - Windows Update
RP80: 1/3/2015 3:35:44 PM - Windows Update
RP81: 2/8/2015 10:31:28 AM - Windows Update
RP82: 2/10/2015 10:28:42 PM - Windows Update
RP83: 2/18/2015 7:38:25 PM - Windows Update
RP84: 2/19/2015 6:32:46 AM - Windows Update
RP85: 2/19/2015 10:54:33 PM - Windows Update
RP86: 2/20/2015 11:32:28 PM - Windows Update
RP87: 2/21/2015 4:56:58 PM - Configured clear.fi
RP88: 2/23/2015 8:32:36 PM - Removed League of Legends
RP89: 2/23/2015 8:33:50 PM - Removed Microsoft SQL Server 2005 Compact Edition [ENU]
RP90: 2/25/2015 6:13:13 PM - Windows Update
RP91: 3/16/2015 9:38:32 PM - Windows Update
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Reader X (10.1.0) MUI
Adobe Shockwave Player 12.0
Agatha Christie - Death on the Nile
AMD APP SDK Runtime
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Backup Manager V3
Bejeweled 2 Deluxe
Bing Bar
Bonjour
Bonjour Print Services
Bookmark Search
Broadcom Card Reader Driver Installer
Broadcom Gigabit NetLink Controller
Build-a-lot 4 - Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chronicles of Albian
Chuzzle Deluxe
clear.fi Client
Cradle of Rome 2
D3DX10
Dolby Advanced Audio v2
Dora's World Adventure
Evernote v. 4.5.1
FATE: The Cursed King
Final Drive: Nitro
FindingDiscount
Galerie de photos Windows Live
Genie Cleaner
Genie Wifi
Google Chrome
Google Update Helper
Governor of Poker 2 Premium Edition
Identity Card
Itibiti RTC
iTunes
Java 7 Update 51
Java Auto Updater
Jewel Match 3
Junk Mail filter update
KMPlayer
KNCTR
Launch Manager
Malwarebytes Anti-Malware version 2.0.4.1028
McAfee Internet Security Suite
McAfee SiteAdvisor
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mobile Mouse Server
MSVCRT
MSVCRT_amd64
Muvic Smartbar
Muvic Smartbar Engine
Mystery of Mortlake Mansion
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
newsXpresso
NOOK for PC
Norton Online Backup
NTI Media Maker 9
Pando Media Booster
Penguins!
PhotoScape
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Rocket
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Sendori
Shredder
Skype™ 6.13
SumatraPDF
swMSM
Torchlight
Unity Web Player
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers
VLC media player 2.1.2
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Zuma's Revenge
.
==== End Of File ===========================
Hi, Kyla.
Although AdwCleaner and JRT helped, there's still unwanted files not shown in installed programs.
Please follow these instructions carefully. Download ComboFix from the following location:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
!!! IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.
Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html).
- If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
- Double-click ComboFix.exe on your desktop and follow the prompts.
- Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
- When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.
Hi Corrine,
I was unable to get combofix to download in normal mode so my mom helped me try to transfer the file from a USB. That didn't work either so she showed me how to boot to safe mode with networking and combofix downloaded and ran. I hope that was ok. I'll post the log and see what happens when I try to boot to normally.
Here's the log.
ComboFix 15-03-14.03 - LATTY 03/22/2015 14:26:32.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5606.4656 [GMT -5:00]
Running from: c:\users\LATTY\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\cHEaup4all
c:\program files (x86)\cHEaup4all\N3oJi9AYUvsHFz.dat
c:\program files (x86)\cHEaup4all\N3oJi9AYUvsHFz.dll
c:\program files (x86)\cHEaup4all\N3oJi9AYUvsHFz.tlb
c:\program files (x86)\cHEaup4all\N3oJi9AYUvsHFz.x64.dll
c:\programdata\375
c:\programdata\375\{61F4C367-2B69-4F3F-A6F9-18513A805938}.swf
c:\programdata\8431531050558276890
c:\programdata\8431531050558276890\0a841754dc724909d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\10633df73fa969aed08d978f0d03e13d.ini
c:\programdata\8431531050558276890\13244b89af2842d8d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\18cac87c0e7341e1d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\2eabe7acfd356887d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\31854f12bb35fc08d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\3e9fed18edcd2298d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\4430f3845d722216d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\66336b36e48227b5d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\7b3be20988a787c3d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\7e02c61044b54d13d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\87d2021421fb5495d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\8abebf6d28d732bcd08d978f0d03e13d.ini
c:\programdata\8431531050558276890\a481fd1995644291d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\a880393fdeca7f37d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\ba83c608eed070c3d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\bff61ad840018d67d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\c4f2ef27cf0c9408d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\c5372c855d0988f5d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\dadb5aa3883fd623d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\db0c1a17a6d07810d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\def2f33442641eccd08d978f0d03e13d.ini
c:\programdata\8431531050558276890\e81628aa6979291ed08d978f0d03e13d.ini
c:\programdata\8431531050558276890\fbb19bc0e1378aa7d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL
c:\programdata\8431531050558276890UL\093e84014faeb6d2d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\1878c1afe37a6843d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\198cdfe22d13c1abd08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\242c2fd4536773fad08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\2dd11d7d55568f75d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\3ed03cfb56800283d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\5175a0130ed5b449d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\659310361e8c6f3cd08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\8465c1fdfb127aa3d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\88ca0666a8bc42bcd08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\949eb5250aa63df0d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\9bec11cdd23aeb05d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\a45e8d31264287a5d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\b895ebcf88104095d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\bd7ce6740d045ceed08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\bd95dd966694472dd08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\be23f4a8c4053d7ad08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\c295e559d046ad1ed08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\c90970dadaa8483bd08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\dd4a2c5f72b1804bd08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\e2657abe6104cd00d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\e7a261f5c12d8405d08d978f0d03e13d.ini
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\kpDtsFuA3.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\kpDtsFuA3.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\background.html
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\content.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\lsdb.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\tV2i.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\background.html
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\content.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\JnVZYYlPW.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\lsdb.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\background.html
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\content.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\lsdb.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\QyiXNWtP.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\background.html
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\content.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\lsdb.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\qN5.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\background.html
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\content.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\JzY.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\lsdb.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\background.html
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\content.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\lsdb.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\ZZiv1NLBRg.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\background.html
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\content.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\lsdb.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\vAvm3.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\background.html
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\content.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\lsdb.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\pQr.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\kpDtsFuA3.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\kpDtsFuA3.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\kpDtsFuA3.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\kpDtsFuA3.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\manifest.json
c:\users\LATTY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom
c:\users\LATTY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\background.html
c:\users\LATTY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\content.js
c:\users\LATTY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\kpDtsFuA3.js
c:\users\LATTY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\lsdb.js
c:\users\LATTY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom
c:\users\LATTY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\background.html
c:\users\LATTY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\content.js
c:\users\LATTY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\kpDtsFuA3.js
c:\users\LATTY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\tV2i.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\JnVZYYlPW.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\QyiXNWtP.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hadgncflclgppldajdlmglcbodpfhpon
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hadgncflclgppldajdlmglcbodpfhpon\162\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hadgncflclgppldajdlmglcbodpfhpon\162\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hadgncflclgppldajdlmglcbodpfhpon\162\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hadgncflclgppldajdlmglcbodpfhpon\162\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hadgncflclgppldajdlmglcbodpfhpon\162\wJbC.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\qN5.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\JzY.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\ZZiv1NLBRg.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\vAvm3.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\pQr.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpjogfhobhpdcmcblieglnoooccfcmm
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpjogfhobhpdcmcblieglnoooccfcmm\162\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpjogfhobhpdcmcblieglnoooccfcmm\162\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpjogfhobhpdcmcblieglnoooccfcmm\162\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpjogfhobhpdcmcblieglnoooccfcmm\162\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpjogfhobhpdcmcblieglnoooccfcmm\162\yFM8Z66v.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bibbkdilejnhmpilleppebbkmcnknfli
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bibbkdilejnhmpilleppebbkmcnknfli\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bibbkdilejnhmpilleppebbkmcnknfli\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bibbkdilejnhmpilleppebbkmcnknfli\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bibbkdilejnhmpilleppebbkmcnknfli\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bibbkdilejnhmpilleppebbkmcnknfli\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlggapfljcnbmajohkhhapaoajopbncm
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlggapfljcnbmajohkhhapaoajopbncm\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlggapfljcnbmajohkhhapaoajopbncm\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlggapfljcnbmajohkhhapaoajopbncm\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlggapfljcnbmajohkhhapaoajopbncm\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlggapfljcnbmajohkhhapaoajopbncm\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dpbboilcojikdnfpponljmiohnhdjcaj
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dpbboilcojikdnfpponljmiohnhdjcaj\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dpbboilcojikdnfpponljmiohnhdjcaj\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dpbboilcojikdnfpponljmiohnhdjcaj\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dpbboilcojikdnfpponljmiohnhdjcaj\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dpbboilcojikdnfpponljmiohnhdjcaj\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep\000005.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep\LOG.old
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep\MANIFEST-000004
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkakfimgbmogkpmjokgnbbanmmemcdij
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkakfimgbmogkpmjokgnbbanmmemcdij\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkakfimgbmogkpmjokgnbbanmmemcdij\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkakfimgbmogkpmjokgnbbanmmemcdij\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkakfimgbmogkpmjokgnbbanmmemcdij\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkakfimgbmogkpmjokgnbbanmmemcdij\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hadgncflclgppldajdlmglcbodpfhpon
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hadgncflclgppldajdlmglcbodpfhpon\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hadgncflclgppldajdlmglcbodpfhpon\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hadgncflclgppldajdlmglcbodpfhpon\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hadgncflclgppldajdlmglcbodpfhpon\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hadgncflclgppldajdlmglcbodpfhpon\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcghfieafojgpngcjbkbbjfecjbahhif
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcghfieafojgpngcjbkbbjfecjbahhif\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcghfieafojgpngcjbkbbjfecjbahhif\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcghfieafojgpngcjbkbbjfecjbahhif\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcghfieafojgpngcjbkbbjfecjbahhif\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcghfieafojgpngcjbkbbjfecjbahhif\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\000005.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\LOG.old
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\MANIFEST-000004
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijdoblggemelaimffjccmdbmodlppofd
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijdoblggemelaimffjccmdbmodlppofd\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijdoblggemelaimffjccmdbmodlppofd\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijdoblggemelaimffjccmdbmodlppofd\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijdoblggemelaimffjccmdbmodlppofd\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijdoblggemelaimffjccmdbmodlppofd\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ineenlmapbpbomkoapfbekknhnflcink
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ineenlmapbpbomkoapfbekknhnflcink\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ineenlmapbpbomkoapfbekknhnflcink\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ineenlmapbpbomkoapfbekknhnflcink\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ineenlmapbpbomkoapfbekknhnflcink\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ineenlmapbpbomkoapfbekknhnflcink\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhgjgbepielhcjdamofdopfmfcdcfiin
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhgjgbepielhcjdamofdopfmfcdcfiin\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhgjgbepielhcjdamofdopfmfcdcfiin\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhgjgbepielhcjdamofdopfmfcdcfiin\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhgjgbepielhcjdamofdopfmfcdcfiin\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhgjgbepielhcjdamofdopfmfcdcfiin\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joigbmldbihpmlncppcbegliiniaaime
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joigbmldbihpmlncppcbegliiniaaime\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joigbmldbihpmlncppcbegliiniaaime\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joigbmldbihpmlncppcbegliiniaaime\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joigbmldbihpmlncppcbegliiniaaime\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joigbmldbihpmlncppcbegliiniaaime\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl\000005.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl\LOG.old
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl\MANIFEST-000004
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plpjogfhobhpdcmcblieglnoooccfcmm
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plpjogfhobhpdcmcblieglnoooccfcmm\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plpjogfhobhpdcmcblieglnoooccfcmm\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plpjogfhobhpdcmcblieglnoooccfcmm\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plpjogfhobhpdcmcblieglnoooccfcmm\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plpjogfhobhpdcmcblieglnoooccfcmm\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_afokpbkkgdkpbbmnbgamokfoopodamjd_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bibbkdilejnhmpilleppebbkmcnknfli_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bibbkdilejnhmpilleppebbkmcnknfli_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ddiblodcpaaieoopolanaoecbhicgjfo_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ddiblodcpaaieoopolanaoecbhicgjfo_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlggapfljcnbmajohkhhapaoajopbncm_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlggapfljcnbmajohkhhapaoajopbncm_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dpbboilcojikdnfpponljmiohnhdjcaj_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dpbboilcojikdnfpponljmiohnhdjcaj_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehloibeiaffhibffchiobihgcainmcep_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehloibeiaffhibffchiobihgcainmcep_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkakfimgbmogkpmjokgnbbanmmemcdij_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkakfimgbmogkpmjokgnbbanmmemcdij_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hadgncflclgppldajdlmglcbodpfhpon_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hadgncflclgppldajdlmglcbodpfhpon_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcghfieafojgpngcjbkbbjfecjbahhif_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcghfieafojgpngcjbkbbjfecjbahhif_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibgbdgngjflpkahkoabmiijlaggkinaj_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibgbdgngjflpkahkoabmiijlaggkinaj_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ijdoblggemelaimffjccmdbmodlppofd_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ijdoblggemelaimffjccmdbmodlppofd_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ineenlmapbpbomkoapfbekknhnflcink_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ineenlmapbpbomkoapfbekknhnflcink_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jhgjgbepielhcjdamofdopfmfcdcfiin_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jhgjgbepielhcjdamofdopfmfcdcfiin_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_joigbmldbihpmlncppcbegliiniaaime_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_joigbmldbihpmlncppcbegliiniaaime_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_plpjogfhobhpdcmcblieglnoooccfcmm_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_plpjogfhobhpdcmcblieglnoooccfcmm_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\LATTY\AppData\Local\Microsoft\Windows\Temporary Internet Files\8a15ac3d-c284-44c8-945a-1fb41f2d5b3c.jpg
c:\users\LATTY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Deal Keeper_iels
c:\users\LATTY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Mega Browse_iels
c:\users\LATTY\AppData\Local\nsj3094.tmp
c:\users\LATTY\AppData\Local\Temp\nsbDCC9.tmp\System.dll
.
.
((((((((((((((((((((((((( Files Created from 2015-02-22 to 2015-03-22 )))))))))))))))))))))))))))))))
.
.
2015-03-22 19:37 . 2015-03-22 19:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-22 19:37 . 2015-03-22 19:37 -------- d-----w- c:\users\Guest.LATTY-PC\AppData\Local\temp
2015-03-21 23:44 . 2015-02-20 03:29 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-03-21 23:44 . 2015-02-20 03:09 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-03-21 23:44 . 2015-02-20 04:41 41984 ----a-w- c:\windows\system32\lpk.dll
2015-03-21 23:44 . 2015-02-20 04:40 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-03-21 23:44 . 2015-02-20 04:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-03-21 23:44 . 2015-02-20 04:40 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-03-21 23:44 . 2015-02-20 04:13 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-03-21 23:44 . 2015-02-20 04:40 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-03-21 23:44 . 2015-02-20 04:13 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-03-21 23:44 . 2015-02-20 04:12 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-03-21 23:42 . 2015-02-03 03:16 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-03-21 23:41 . 2014-10-31 22:24 619056 ----a-w- c:\windows\system32\winload.exe
2015-03-21 23:40 . 2015-02-03 03:31 37376 ----a-w- c:\windows\system32\pcadm.dll
2015-03-21 23:40 . 2015-02-03 03:30 440832 ----a-w- c:\windows\system32\AudioEng.dll
2015-03-21 23:40 . 2015-02-03 03:12 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2015-03-21 23:40 . 2015-02-03 03:30 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-03-21 23:40 . 2015-02-03 03:11 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2015-03-21 23:40 . 2015-02-03 03:30 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-03-21 23:40 . 2015-02-03 03:12 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2015-03-21 23:40 . 2015-02-03 03:30 112640 ----a-w- c:\windows\system32\smss.exe
2015-03-21 23:40 . 2015-02-03 03:31 206848 ----a-w- c:\windows\system32\mfps.dll
2015-03-21 23:40 . 2015-02-03 03:12 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2015-03-21 23:40 . 2015-02-03 03:12 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-03-21 23:40 . 2015-02-03 03:31 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-03-21 23:40 . 2015-02-03 03:30 58880 ----a-w- c:\windows\system32\appidapi.dll
2015-03-21 23:38 . 2015-02-03 03:30 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2015-03-21 23:38 . 2015-02-03 03:11 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2015-03-21 23:38 . 2015-02-03 03:09 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2015-03-21 23:38 . 2015-02-03 03:28 2048 ----a-w- c:\windows\system32\mferror.dll
2015-03-21 23:33 . 2015-03-06 05:42 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-03-21 23:32 . 2015-01-17 02:48 1067520 ----a-w- c:\windows\system32\msctf.dll
2015-03-21 23:32 . 2015-01-17 02:30 828928 ----a-w- c:\windows\SysWow64\msctf.dll
2015-03-21 23:32 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-21 23:32 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-03-21 23:32 . 2015-02-26 03:25 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-03-21 23:32 . 2015-02-20 02:08 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-03-21 23:30 . 2015-02-20 02:48 2886144 ----a-w- c:\windows\system32\iertutil.dll
2015-03-21 23:29 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-21 23:29 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-03-21 23:12 . 2015-03-21 23:13 -------- d-----w- c:\program files (x86)\SumatraPDF
2015-03-21 23:09 . 2015-03-21 23:11 -------- d-----w- c:\program files (x86)\PhotoScape
2015-03-17 00:41 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-03-17 00:41 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-03-17 00:41 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-03-17 00:41 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-03-01 00:56 . 2015-03-22 01:11 -------- d-----w- C:\AdwCleaner
2015-02-27 00:26 . 2015-02-27 00:26 -------- d-----w- c:\program files (x86)\Bookmark Search
2015-02-26 04:33 . 2015-02-26 04:33 -------- d-----w- c:\users\LATTY\Tracing
2015-02-26 03:30 . 2015-02-26 03:32 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-26 03:30 . 2014-11-21 12:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-26 03:30 . 2014-11-21 12:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-26 03:30 . 2014-11-21 12:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-26 03:30 . 2015-02-26 03:30 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-26 03:30 . 2015-02-26 03:30 -------- d-----w- c:\programdata\Malwarebytes
2015-02-26 03:06 . 2015-02-26 04:31 -------- d-----w- c:\program files (x86)\BharatMatrimony
2015-02-24 03:34 . 2015-02-24 03:34 -------- d-----w- c:\users\LATTY\AppData\Roaming\Unity
2015-02-24 02:58 . 2015-02-24 02:58 -------- d-----w- c:\users\LATTY\AppData\Local\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-21 23:07 . 2015-02-08 05:41 20 ----a-w- c:\users\LATTY\AppData\Roaming\appdataFr3.bin
2015-01-03 21:33 . 2014-02-19 06:02 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-12-25 07:40 . 2014-02-07 07:15 112710672 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GenieFloater"="c:\program files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe" [2015-02-06 1850520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
R2 cae99edb;Super Optimizer;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe
R2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe
R2 GenieCleanService;GenieCleanService;c:\program files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe;c:\program files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe
R2 GenieWifiService;GenieWifiService;c:\program files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe;c:\program files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe
R2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe
R2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE
R3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-21 23:57 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-08 c:\windows\Tasks\1114tbUpdateInfo.job
- c:\programdata\Avg_Update_1114tb\1114tb_{336B872A-FBE6-4198-A500-21A034FCB091}.exe [2014-11-08 06:49]
.
2015-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-08 05:48]
.
2015-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-08 05:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
uSearchAssistant = www.google.com
TCP: DhcpNameServer = 99.196.99.99 99.197.99.99
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{3165cb3b-b913-4030-8e3e-844f497ef8cf} - c:\program files (x86)\cHEaup4all\N3oJi9AYUvsHFz.dll
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{3165cb3b-b913-4030-8e3e-844f497ef8cf} - c:\program files (x86)\cHEaup4all\N3oJi9AYUvsHFz.x64.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-3D BubbleSound - c:\program files\BubbleSound\3D BubbleSound.exe
AddRemove-Sendori - c:\program files (x86)\Sendori\Uninstall.exe
AddRemove-Rocket - c:\users\LATTY\AppData\Local\Rocket\Application\31.0.1650.23\Installer\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-03-22 14:40:39
ComboFix-quarantined-files.txt 2015-03-22 19:40
.
Pre-Run: 241,889,792,000 bytes free
Post-Run: 241,658,986,496 bytes free
.
- - End Of File - - 5F37E4CA17ABA01B042F76D3901AA542
A36C5E4F47E84449FF07ED3517B43A31
Hi, Kyla.
Let's take care of the outdated, vulnerable software on the computer next.
1. Because I'm seeing a lot of games on your boyfriend's computer, it appears that he needs to keep Oracle Java installed. However, the version is seriously outdated. Since updating to Java 8 will likely end leaving the old Java 7 version behind, please do the following:
- Uninstall Java 7Update 51.
- Go to http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html and download jre-8u40-windows-i586.exe. Note:Please pay attention to each screen when installing because Oracle has long included unnecessary pre-checked options with the updates.
- After the installation is complete, I suggest you make the following change via the Java Control Panel to suppress the offers for the pre-checked unwanted extras.
1. Launch the Windows Start menu
2. Click on Programs
3. Find the Java program listing
4. Click Configure Java to launch the Java Control Panel
5. Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
6. Check the box by the "Suppress sponsor offers when installing or updating Java" option and click OK.
2. Adobe Reader 10.1.0 is out of date. The current version, released in December, is 11.0.10. However, I note that SumatraPDF is also installed on the computer. Long ago, I uninstalled Adobe Reader and switched to SumatraPDF. Please check with your boyfriend and if he agrees, I suggest you uninstall Adobe Reder. However, if he wants to keep it, the update for Windows is available here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.
Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.
3. Now that we have the outdated software out of the way, let's move on and take care of a leftover from AVG and one other file identified by several A/V programs as a PUP.
Custom CFScript
Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
- Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK). Copy/Paste all of the text present inside the code box below:
Folder::
C:\Program Files (x86)\The Phone Support Dock
Driver::
avgtpx64.sys
- Save this as CFScript.txt and place it on your desktop.
- Close any open browsers.
- Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FCF_CFScript.gif&hash=19cdd291c9ded999b7ed69b7a82ebed7c9d0ab01)
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Please let me know how the computer is running now.
Hi Corrine,
I think my mom and I may have messed up. I'll post the log and you can tell me if we did or not. Mom said you should be able to tell by looking at the log.
Also, McAfee says it is not activated when I go in to turn it off. I also get a pop up that says it needs to be renewed. Mom said it would be best if we just uninstalled it and installed Avast or whatever else would be a good AV for him.
ComboFix 15-03-23.01 - LATTY 03/22/2015 19:18:33.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5606.4075 [GMT -5:00]
Running from: c:\users\LATTY\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2015-02-23 to 2015-03-23 )))))))))))))))))))))))))))))))
.
.
2015-03-21 23:44 . 2015-02-20 03:29 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-03-21 23:44 . 2015-02-20 03:09 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-03-21 23:44 . 2015-02-20 04:41 41984 ----a-w- c:\windows\system32\lpk.dll
2015-03-21 23:44 . 2015-02-20 04:40 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-03-21 23:44 . 2015-02-20 04:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-03-21 23:44 . 2015-02-20 04:40 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-03-21 23:44 . 2015-02-20 04:13 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-03-21 23:44 . 2015-02-20 04:40 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-03-21 23:44 . 2015-02-20 04:13 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-03-21 23:44 . 2015-02-20 04:12 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-03-21 23:42 . 2015-02-03 03:16 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-03-21 23:41 . 2014-10-31 22:24 619056 ----a-w- c:\windows\system32\winload.exe
2015-03-21 23:40 . 2015-02-03 03:31 37376 ----a-w- c:\windows\system32\pcadm.dll
2015-03-21 23:40 . 2015-02-03 03:30 440832 ----a-w- c:\windows\system32\AudioEng.dll
2015-03-21 23:40 . 2015-02-03 03:12 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2015-03-21 23:40 . 2015-02-03 03:30 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-03-21 23:40 . 2015-02-03 03:11 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2015-03-21 23:40 . 2015-02-03 03:30 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-03-21 23:40 . 2015-02-03 03:12 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2015-03-21 23:40 . 2015-02-03 03:30 112640 ----a-w- c:\windows\system32\smss.exe
2015-03-21 23:40 . 2015-02-03 03:31 206848 ----a-w- c:\windows\system32\mfps.dll
2015-03-21 23:40 . 2015-02-03 03:12 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2015-03-21 23:40 . 2015-02-03 03:12 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-03-21 23:40 . 2015-02-03 03:31 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-03-21 23:40 . 2015-02-03 03:30 58880 ----a-w- c:\windows\system32\appidapi.dll
2015-03-21 23:38 . 2015-02-03 03:30 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2015-03-21 23:38 . 2015-02-03 03:11 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2015-03-21 23:38 . 2015-02-03 03:09 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2015-03-21 23:38 . 2015-02-03 03:28 2048 ----a-w- c:\windows\system32\mferror.dll
2015-03-21 23:33 . 2015-03-06 05:42 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-03-21 23:32 . 2015-01-17 02:48 1067520 ----a-w- c:\windows\system32\msctf.dll
2015-03-21 23:32 . 2015-01-17 02:30 828928 ----a-w- c:\windows\SysWow64\msctf.dll
2015-03-21 23:32 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-21 23:32 . 2015-02-03 03:12 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-03-21 23:32 . 2015-02-26 03:25 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-03-21 23:32 . 2015-02-20 02:08 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-03-21 23:30 . 2015-02-20 02:48 2886144 ----a-w- c:\windows\system32\iertutil.dll
2015-03-21 23:29 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-21 23:29 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-03-21 23:12 . 2015-03-21 23:13 -------- d-----w- c:\program files (x86)\SumatraPDF
2015-03-21 23:09 . 2015-03-21 23:11 -------- d-----w- c:\program files (x86)\PhotoScape
2015-03-17 00:41 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-03-17 00:41 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-03-17 00:41 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-03-17 00:41 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-03-01 00:56 . 2015-03-22 23:17 -------- d-----w- C:\AdwCleaner
2015-02-27 00:26 . 2015-02-27 00:26 -------- d-----w- c:\program files (x86)\Bookmark Search
2015-02-26 04:33 . 2015-02-26 04:33 -------- d-----w- c:\users\LATTY\Tracing
2015-02-26 03:30 . 2015-02-26 03:32 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-26 03:30 . 2014-11-21 12:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-26 03:30 . 2014-11-21 12:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-26 03:30 . 2014-11-21 12:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-26 03:30 . 2015-02-26 03:30 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-26 03:30 . 2015-02-26 03:30 -------- d-----w- c:\programdata\Malwarebytes
2015-02-26 03:06 . 2015-02-26 04:31 -------- d-----w- c:\program files (x86)\BharatMatrimony
2015-02-24 03:34 . 2015-02-24 03:34 -------- d-----w- c:\users\LATTY\AppData\Roaming\Unity
2015-02-24 02:58 . 2015-02-24 02:58 -------- d-----w- c:\users\LATTY\AppData\Local\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-21 23:07 . 2015-02-08 05:41 20 ----a-w- c:\users\LATTY\AppData\Roaming\appdataFr3.bin
2015-01-03 21:33 . 2014-02-19 06:02 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-12-25 07:40 . 2014-02-07 07:15 112710672 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3165cb3b-b913-4030-8e3e-844f497ef8cf}]
c:\program files (x86)\cHEaup4all\N3oJi9AYUvsHFz.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GenieFloater"="c:\program files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe" [2015-02-06 1850520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-03-07 335232]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 cae99edb;Super Optimizer;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe
S2 GenieCleanService;GenieCleanService;c:\program files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe;c:\program files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe
S2 GenieWifiService;GenieWifiService;c:\program files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe;c:\program files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-21 23:57 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-08 c:\windows\Tasks\1114tbUpdateInfo.job
- c:\programdata\Avg_Update_1114tb\1114tb_{336B872A-FBE6-4198-A500-21A034FCB091}.exe [2014-11-08 06:49]
.
2015-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-08 05:48]
.
2015-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-08 05:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"3D BubbleSound"="c:\program files\BubbleSound\3D BubbleSound.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
uSearchAssistant = www.google.com
TCP: DhcpNameServer = 99.196.99.99 99.197.99.99
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Sendori - c:\program files (x86)\Sendori\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-03-22 19:27:11
ComboFix-quarantined-files.txt 2015-03-23 00:27
ComboFix2.txt 2015-03-22 23:38
ComboFix3.txt 2015-03-22 19:40
.
Pre-Run: 242,330,816,512 bytes free
Post-Run: 242,250,567,680 bytes free
.
- - End Of File - - 178428D9F9DB1B748918CA64E0241D95
A36C5E4F47E84449FF07ED3517B43A31
Yes, something is off because the old AVG driver is still showing in the log. Let's see what the previous run shows:
Hold down the Windows Key and the "R" key. A run box will appear. Copy and paste the following:
C:\Qoobox\ComboFix2.txt then click OK
Notepad will open with a log. Post the contents of that log in your next reply.
If McAfee isn't going to be renewed, yes, let's make sure a working A/V is installed. Since your Mom has already mentioned Avast, I suspect that is her recommendation. In that case, please do the following:
- First download Avast from here https://www.avast.com/index but do not install it yet.
- Also download the McAfee Removal tool from this direct download link: http://us.mcafee.com/apps/supporttools/mcpr/mcpr.asp
- Next, go to Programs and Features on the computer and uninstall McAfee Internet Security Suite. You may want to leave McAfee SiteAdvisor installed (read about it at http://www.siteadvisor.com/final/index.html)
- You should be prompted to restart the computer after the uninstall is complete. If not, restart now.
- To remove any left-over bits of McAfee, run the McAfee Removal Tool previously downloaded now.
- Install the new A/V software you downloaded previously and check for updates.
If you have any questions about the above procedure, please let me know. McAfee instructions are also available here: How to uninstall or re-install supported McAfee products using the Consumer Products Removal tool (http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS101331).
Hi Corrine,
My boyfriend was in to much of a hurry and wanted his computer back so I gave it back to him today.
Thanks for all your help
KylaB
Hi, Kyla.
Guys can be like that. :) At least the computer is in better shape after you ran those tools. As long as it is essentially working ok, I'm suspect he'll want the mess of tools and logs cleaned up. So, it would be a good idea to have him to the following which will also get rid of any infected system restore points.
Please download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix).
Ensure the following boxes are checked:
- Remove disinfection tools
- Create registry backup
- Purge system restore
(https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fwww.hdrcgb.org.uk%2Fg2g%2Fdelfix.jpg&hash=430c0d18b39654835cac5f1633ed1b23348d76f1)
- Click Run
If you didn't have a chance to do something about the antivirus software, please pass along the information I provided if he decides to replace McAfee.