Ads popping up everywhere

Started by KylaB97, March 21, 2015, 11:44:58 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

KylaB97

March 21, 2015, 11:44:58 PM
Hi,

This is my boyfriends laptop that he had me bring home about a month ago so my mom, Donna, could look at it, but she doesn't have time at the moment. We could not get anything to run at first so she had me transfer MBAM from a USB and ran that on 2-25-15 which removed a lot of junk. I'll try to post the log but it is very long. Having a hard time posting this because of ads by earnsale and who know what all. She said she would help run whatever programs you want me to run since I am not very good at this. Everytime I try to do anything another tab opens up or a small box open telling me to contact some certified support thing. Then the browser freezes and I can't type.


Here are the other logs needed'

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631
Run by LATTY at 18:19:40 on 2015-03-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5606.3370 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Mobogenie3\MobogenieService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\BubbleSound\3D BubbleSound.exe
C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Mobogenie3\MoboGenieHelper.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\McAfee\MSC\mcsvrcnt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = www.google.com
mStart Page = www.google.com
mSearch Page = www.google.com
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
uProxyServer = hxxp=127.0.0.1:47574
uProxyOverride = <-loopback>
uSearchAssistant = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: RoyalShopapEorApp: {1470aa43-3d1d-4ca4-b673-cfd805405a84} - C:\Program Files (x86)\RoyalShopapEorApp\ShKrHb7yKzP9sV.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: faStoSSalleor: {1f1aefb2-c68d-4586-9e5f-d320d67c882e} - C:\Program Files (x86)\faStoSSalleor\PAyqWs98Tp5lUf.dll
BHO: cHEaup4all: {3165cb3b-b913-4030-8e3e-844f497ef8cf} - C:\Program Files (x86)\cHEaup4all\N3oJi9AYUvsHFz.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20140210001533.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: dollaResaverr: {925d0930-77f7-48dc-9284-46dc40be7dc4} - C:\Program Files (x86)\dollaResaverr\5TAoaycCoQhHuj.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: fareeeDelIveruy: {b54374be-6890-4fad-ba1d-095df623d844} - C:\Program Files (x86)\fareeeDelIveruy\WD32yHF6cD3vIu.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: qouicKshop: {d74ee689-44b9-4cab-a8a4-f0bf6cb09288} - C:\Program Files (x86)\qouicKshop\vaPKT6JezMoZby.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
uRun: [Super Optimizer] C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
uRun: [GenieFloater] C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 99.196.99.99 99.197.99.99
TCP: Interfaces\{C90153EF-052D-4911-9C18-1DDCB6CDDD70} : DHCPNameServer = 99.196.99.99 99.197.99.99
TCP: Interfaces\{C90153EF-052D-4911-9C18-1DDCB6CDDD70}\2656C6B696E6E2234323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C90153EF-052D-4911-9C18-1DDCB6CDDD70}\84F4D454D203339313 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C90153EF-052D-4911-9C18-1DDCB6CDDD70}\D496649643632303C45402A45647071636B6024433931302355636572756 : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= 
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = www.google.com
x64-mSearch Page = www.google.com
x64-mDefault_Page_URL = www.google.com
x64-mDefault_Search_URL = www.google.com
x64-BHO: RoyalShopapEorApp: {1470aa43-3d1d-4ca4-b673-cfd805405a84} - C:\Program Files (x86)\RoyalShopapEorApp\ShKrHb7yKzP9sV.x64.dll
x64-BHO: faStoSSalleor: {1f1aefb2-c68d-4586-9e5f-d320d67c882e} - C:\Program Files (x86)\faStoSSalleor\PAyqWs98Tp5lUf.x64.dll
x64-BHO: cHEaup4all: {3165cb3b-b913-4030-8e3e-844f497ef8cf} - C:\Program Files (x86)\cHEaup4all\N3oJi9AYUvsHFz.x64.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20140210001533.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: dollaResaverr: {925d0930-77f7-48dc-9284-46dc40be7dc4} - C:\Program Files (x86)\dollaResaverr\5TAoaycCoQhHuj.x64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: fareeeDelIveruy: {b54374be-6890-4fad-ba1d-095df623d844} - C:\Program Files (x86)\fareeeDelIveruy\WD32yHF6cD3vIu.x64.dll
x64-BHO: qouicKshop: {d74ee689-44b9-4cab-a8a4-f0bf6cb09288} - C:\Program Files (x86)\qouicKshop\vaPKT6JezMoZby.x64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [3D BubbleSound] "C:\Program Files\BubbleSound\3D BubbleSound.exe"
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2014-2-5 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2014-2-5 40064]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 289664]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-2-19 50976]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-3-13 75936]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2014-2-5 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2014-2-5 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2014-2-5 62776]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-2-5 114704]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-4-12 51240]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-1-13 85544]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 65264]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 487296]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 100912]
.
=============== Created Last 30 ================
.
2015-03-21 23:12:58   --------   d-----w-   C:\Program Files (x86)\SumatraPDF
2015-03-21 23:09:50   --------   d-----w-   C:\Program Files (x86)\PhotoScape
2015-03-17 00:41:05   29696   ----a-w-   C:\Windows\System32\powertracker.dll
2015-03-17 00:41:04   950272   ----a-w-   C:\Windows\System32\perftrack.dll
2015-03-17 00:41:03   91136   ----a-w-   C:\Windows\System32\wdi.dll
2015-03-17 00:41:03   76800   ----a-w-   C:\Windows\SysWow64\wdi.dll
2015-03-01 18:04:38   --------   d-----w-   C:\Users\LATTY\AppData\Roaming\Mobogenie
2015-03-01 00:56:41   --------   d-----w-   C:\AdwCleaner
2015-02-27 00:26:57   --------   d-----w-   C:\Program Files (x86)\EExutrAShooppeer
2015-02-27 00:26:38   --------   d-----w-   C:\Program Files (x86)\RoyyAlCoUpon
2015-02-27 00:26:20   --------   d-----w-   C:\Program Files (x86)\Bookmark Search
2015-02-27 00:25:14   --------   d-----w-   C:\Program Files (x86)\BetterPuricceCHec
2015-02-26 04:34:11   --------   d-----w-   C:\Users\LATTY\AppData\Local\{34CDDEB9-581A-46D7-A684-10413D370E02}
2015-02-26 04:34:11   --------   d-----w-   C:\Users\LATTY\AppData\Local\{269EFDEC-FF8F-49A4-8650-C6DF61BCA69D}
2015-02-26 04:33:54   --------   d-----w-   C:\Users\LATTY\Tracing
2015-02-26 03:30:41   129752   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-26 03:30:07   93400   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2015-02-26 03:30:06   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2015-02-26 03:30:05   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2015-02-26 03:30:04   --------   d-----w-   C:\ProgramData\Malwarebytes
2015-02-26 03:30:04   --------   d-----w-   C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-26 03:06:12   --------   d-----w-   C:\Program Files (x86)\BharatMatrimony
2015-02-26 03:05:20   --------   d-----w-   C:\Program Files (x86)\RoyalShopapEorApp
2015-02-26 03:05:07   --------   d-----w-   C:\Program Files (x86)\PrineCeCouponi
2015-02-26 03:05:00   --------   d-----w-   C:\Program Files (x86)\CCLIckForSalie
2015-02-24 03:34:42   --------   d-----w-   C:\Users\LATTY\AppData\Roaming\Unity
2015-02-24 02:58:11   --------   d-----w-   C:\Users\LATTY\AppData\Local\Unity
2015-02-20 03:05:24   --------   d-----w-   C:\Program Files (x86)\aa020abd-6d5d-4146-8e02-e622308251dc
2015-02-20 03:04:54   --------   d-----w-   C:\Program Files (x86)\appsAve
2015-02-20 03:04:17   --------   d-----w-   C:\Program Files (x86)\WasteNoTime
2015-02-20 03:03:55   --------   d-----w-   C:\Program Files\BubbleSound
2015-02-20 03:03:50   --------   d-----w-   C:\Users\LATTY\AppData\Local\Installer
2015-02-20 03:03:45   --------   d-----w-   C:\Users\LATTY\AppData\Local\CrashRpt
2015-02-20 03:03:27   --------   d-----w-   C:\Program Files (x86)\oaffeeRapp
2015-02-20 03:00:06   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2015-02-20 03:00:05   4300800   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2015-02-20 03:00:04   6041600   ----a-w-   C:\Windows\System32\jscript9.dll
2015-02-20 03:00:03   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
.
==================== Find3M  ====================
.
2015-03-21 23:07:55   20   ----a-w-   C:\Users\LATTY\AppData\Roaming\appdataFr3.bin
2015-01-15 08:14:17   155072   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57   28160   ----a-w-   C:\Windows\System32\secur32.dll
2015-01-15 08:09:51   1461760   ----a-w-   C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15   31232   ----a-w-   C:\Windows\System32\lsass.exe
2015-01-15 08:08:59   64000   ----a-w-   C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22   60416   ----a-w-   C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11   146432   ----a-w-   C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23   686080   ----a-w-   C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05   50176   ----a-w-   C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53   60416   ----a-w-   C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36   146432   ----a-w-   C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55   686080   ----a-w-   C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18   458824   ----a-w-   C:\Windows\System32\drivers\cng.sys
2015-01-14 06:09:27   5554112   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2015-01-14 06:05:30   503808   ----a-w-   C:\Windows\System32\srcore.dll
2015-01-14 06:05:30   50176   ----a-w-   C:\Windows\System32\srclient.dll
2015-01-14 06:04:56   296960   ----a-w-   C:\Windows\System32\rstrui.exe
2015-01-14 05:44:59   3972544   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44:58   3917760   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41:09   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2015-01-13 03:10:22   1424384   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2015-01-13 02:49:19   1230336   ----a-w-   C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:05:32   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52   584192   ----a-w-   C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:25:28   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09   503296   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:46:29   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00   2125824   ----a-w-   C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27:32   2358272   ----a-w-   C:\Windows\System32\wininet.dll
2015-01-12 01:23:09   2052608   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17   1888256   ----a-w-   C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17   341504   ----a-w-   C:\Windows\System32\schannel.dll
2015-01-10 06:48:13   309760   ----a-w-   C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12   314880   ----a-w-   C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10   728064   ----a-w-   C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05   22016   ----a-w-   C:\Windows\System32\credssp.dll
2015-01-10 06:27:54   172032   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47   248832   ----a-w-   C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44   221184   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39   550912   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32   17408   ----a-w-   C:\Windows\SysWow64\credssp.dll
2015-01-09 02:03:01   3201536   ----a-w-   C:\Windows\System32\win32k.sys
2015-01-03 21:33:28   50976   ----a-w-   C:\Windows\System32\drivers\avgtpx64.sys
.
============= FINISH: 18:22:33.18 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/4/2014 11:41:26 PM
System Uptime: 3/21/2015 6:00:52 PM (0 hours ago)
.
Motherboard: Acer |  | Aspire 5560
Processor: AMD A6-3420M APU with Radeon(tm) HD Graphics | Socket FS1 | 1500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 282 GiB total, 225.611 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP78: 12/16/2014 1:47:28 PM - Windows Update
RP79: 12/25/2014 1:34:00 AM - Windows Update
RP80: 1/3/2015 3:35:44 PM - Windows Update
RP81: 2/8/2015 10:31:28 AM - Windows Update
RP82: 2/10/2015 10:28:42 PM - Windows Update
RP83: 2/18/2015 7:38:25 PM - Windows Update
RP84: 2/19/2015 6:32:46 AM - Windows Update
RP85: 2/19/2015 10:54:33 PM - Windows Update
RP86: 2/20/2015 11:32:28 PM - Windows Update
RP87: 2/21/2015 4:56:58 PM - Configured clear.fi
RP88: 2/23/2015 8:32:36 PM - Removed League of Legends
RP89: 2/23/2015 8:33:50 PM - Removed Microsoft SQL Server 2005 Compact Edition [ENU]
RP90: 2/25/2015 6:13:13 PM - Windows Update
RP91: 3/16/2015 9:38:32 PM - Windows Update
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Reader X (10.1.0) MUI
Adobe Shockwave Player 12.0
Agatha Christie - Death on the Nile
AMD APP SDK Runtime
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Backup Manager V3
Bejeweled 2 Deluxe
BetterPuricceCHec
Bing Bar
Bonjour
Bonjour Print Services
Bookmark Search
Broadcom Card Reader Driver Installer
Broadcom Gigabit NetLink Controller
BubbleSound
Build-a-lot 4 - Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chronicles of Albian
Chuzzle Deluxe
clear.fi Client
Cradle of Rome 2
D3DX10
Dolby Advanced Audio v2
Dora's World Adventure
Evernote v. 4.5.1
FATE: The Cursed King
Final Drive: Nitro
FindingDiscount
Galerie de photos Windows Live
Genie Cleaner
Genie Wifi
GeniusBox 2.0
Google Chrome
Google Update Helper
Governor of Poker 2 Premium Edition
Identity Card
IGS
Itibiti RTC
iTunes
Java 7 Update 51
Java Auto Updater
Jewel Match 3
Junk Mail filter update
KMPlayer
KNCTR
Launch Manager
Malwarebytes Anti-Malware version 2.0.4.1028
McAfee Internet Security Suite
McAfee SiteAdvisor
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mobile Mouse Server
Mobogenie3
MSVCRT
MSVCRT_amd64
Muvic Smartbar
Muvic Smartbar Engine
Mystery of Mortlake Mansion
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
newsXpresso
NOOK for PC
Norton Online Backup
NTI Media Maker 9
Pando Media Booster
PC Fix Speed 2.2.0.103
PC Tech Hotline
Penguins!
PhotoScape
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Quiknowledge
Realtek High Definition Audio Driver
Rocket
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Sendori
shoppilation
Shredder
Skype™ 6.13
SumatraPDF
Super Optimizer v3.2
swMSM
Torchlight
Unity Web Player
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers
VLC media player 2.1.2
Welcome Center
WildTangent Games App (Acer Games)
WinCheck
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
3/21/2015 6:04:15 PM, Error: Service Control Manager [7022]  - The MobogenieService service hung on starting.
3/21/2015 6:02:13 PM, Error: Service Control Manager [7000]  - The RuntimeManager service failed to start due to the following error:  The system cannot find the file specified.
3/16/2015 8:14:59 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
.
==== End Of File ===========================


Results of screen317's Security Check version 0.99.99 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
McAfee Anti-Virus and Anti-Spyware   
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
McAfee SiteAdvisor   
Genie Cleaner   
Java 7 Update 51 
Java version 32-bit out of Date!
Adobe Reader 10.1.0 Adobe Reader out of Date! 
Google Chrome (40.0.2214.115)
Google Chrome (41.0.2272.89)
Google Chrome (GoogleUpdate.dll..)
````````Process Check: objlist.exe by Laurent````````[/u] 
Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]

KylaB97

#1
March 21, 2015, 11:50:36 PM
Here is the MBAM log that we ran 3 weeks ago and no other scans have been ran since.



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/25/2015
Scan Time: 9:32:27 PM
Logfile: mbam1.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.26.01
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: LATTY

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 423570
Time Elapsed: 52 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 15
PUP.Optional.Quiknowledge.A, C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe, 2576, Delete-on-Reboot, [763331f1474354e2d4c7e8a4ca374cb4]
PUP.Optional.Goobzo, C:\Program Files\Common Files\ShopperPro\spbiu.exe, 2704, Delete-on-Reboot, [3e6be939fc8e7abc1cb8bfe34fb609f7]
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam_64.exe, 3264, Delete-on-Reboot, [9712ff23e8a2989e3c218ae2d42cd52b]
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam_64.exe, 7268, Delete-on-Reboot, [9712ff23e8a2989e3c218ae2d42cd52b]
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\wajam.exe, 7252, Delete-on-Reboot, [f6b3899991f99e98530a412b5ca48d73]
PUP.Optional.PayByAds.A, C:\Users\LATTY\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe, 7884, Delete-on-Reboot, [cedb081a17736acc9cd4f86aab5522de]
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe, 2780, Delete-on-Reboot, [6d3c6db50783013519d8c3fbe41fcf31]
PUP.Optional.MegaBrowse.A, C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe, 1096, Delete-on-Reboot, [8b1eb86a7119ff37803826b75ba8758b]
PUP.Optional.DealKeeper.A, C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe, 3132, Delete-on-Reboot, [92170919dab0e0566989813d857e33cd]
PUP.Optional.WeatherAlerts, C:\Users\LATTY\AppData\Local\WeatherAlerts\WeatherAlerts.exe, 7952, Delete-on-Reboot, [b8f18a982b5fbb7b56a50f5113f0fc04]
PUP.Optional.FreeSoftToday.A, C:\Users\LATTY\AppData\Local\fst_us_169\upfst_us_169.exe, 7520, Delete-on-Reboot, [06a323ff17732f07b67050275ca7dd23]
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe, 8112, Delete-on-Reboot, [dfca6db5602a6ec8d873e39d38cb8080]
PUP.Optional.ConvertAd.A, C:\Users\LATTY\AppData\Local\ConvertAd\CASrv.exe, 2648, Delete-on-Reboot, [51582ef4f397f83e8ca4dcacdd26cd33]
PUP.Optional.FindingDiscount.A, C:\Program Files (x86)\Windows Discount\FindingDiscount\findingdiscount.exe, 1888, Delete-on-Reboot, [e8c1c55d286241f541a2bed2d033e41c]
PUP.Optional.RuntimeManager.A, C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe, 2616, Delete-on-Reboot, [773263bf89018ea89c4d94fc748fb24e]

Modules: 3
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\dlls\owclfdreugex.dll, Delete-on-Reboot, [515847db3951152168a29b6e7a8c44bc],
PUP.Optional.Wajam.A, C:\Program Files\WajaWebEnhancer\dlls\owclfdreugex.dll, Delete-on-Reboot, [515847db3951152168a29b6e7a8c44bc],
PUP.Optional.ShopperPro, C:\Program Files\Common Files\ShopperPro\spbici32.dll, Delete-on-Reboot, [05a46ab8bfcb85b15eef8df34fb46e92],

Registry Keys: 467
PUP.Optional.Quiknowledge.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\qksvc, Quarantined, [763331f1474354e2d4c7e8a4ca374cb4],
PUP.Optional.Goobzo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPBIUpd, Quarantined, [3e6be939fc8e7abc1cb8bfe34fb609f7],
PUP.Optional.Wajam.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wajam Web Enhancer, Quarantined, [9712ff23e8a2989e3c218ae2d42cd52b],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511421148}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511421148}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544424448}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555425548}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566426648}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555425548}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566426648}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544424448}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054248.BHO.1, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511421148}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511421148}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054248.BHO, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054248.BHO, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054248.BHO.1, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511421148}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511421148}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522422248}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054248.Sandbox.1, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054248.Sandbox, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054248.Sandbox, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054248.Sandbox.1, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522422248}, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Feven.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511421148}\INPROCSERVER32, Quarantined, [36733be79befa09648712e67758c07f9],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\cosstminn.cosstminn, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\cosstminn.cosstminn.2.0, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\cosstminn.cosstminn, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\cosstminn.cosstminn.2.0, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{025204CE-0CB7-C938-692A-1DCA908E56E4}, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.Preload, HKLM\SOFTWARE\CLASSES\CLSID\{025204CE-0CB7-C938-692A-1DCA908E56E4}\INPROCSERVER32, Quarantined, [b0f91b07aae050e60311e3da23deaa56],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511831162}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511831162}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544834462}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555835562}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566836662}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555835562}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566836662}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544834462}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0058362.BHO.1, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511831162}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511831162}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0058362.BHO, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0058362.BHO, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0058362.BHO.1, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511831162}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511831162}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511831162}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522832262}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0058362.Sandbox.1, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0058362.Sandbox, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0058362.Sandbox, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0058362.Sandbox.1, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522832262}, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511831162}\INPROCSERVER32, Quarantined, [fcadb76b7e0ccf677a6d6d4dd8291ce4],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\CLASSES\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F213853A-D221-4C97-8A4B-7E0AC63F31A1}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CE4B58AF-E4FD-4C27-8627-AE9324C11F3F}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CE4B58AF-E4FD-4C27-8627-AE9324C11F3F}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F213853A-D221-4C97-8A4B-7E0AC63F31A1}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.Quiknowledge.A, HKLM\SOFTWARE\CLASSES\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}\INPROCSERVER32, Quarantined, [7930889a7c0e8caa5b403f4df20f45bb],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [0f9ae042c8c2999de9ed4ffbd72cf010],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}, Quarantined, [0f9ae042c8c2999de9ed4ffbd72cf010],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\IESmartBar.BHO, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IESmartBar.BHO, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.QuickShare.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarantined, [3277df43d5b5ff37ef6b60ea47bc7f81],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [8326c55d3a5072c486652f1b43c0cc34],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [8326c55d3a5072c486652f1b43c0cc34],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1ec8187a-6435-44e3-bbe4-6ce6d3c69254}, Quarantined, [e5c40d156426fb3b627052be48bbd828],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{BA0AB49B-34A1-4C36-BB3B-E6F458974507}, Quarantined, [e5c40d156426fb3b627052be48bbd828],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3D62014A-A3A3-45C4-AAD8-754A3B854048}, Quarantined, [e5c40d156426fb3b627052be48bbd828],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3D62014A-A3A3-45C4-AAD8-754A3B854048}, Quarantined, [e5c40d156426fb3b627052be48bbd828],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{BA0AB49B-34A1-4C36-BB3B-E6F458974507}, Quarantined, [e5c40d156426fb3b627052be48bbd828],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1EC8187A-6435-44E3-BBE4-6CE6D3C69254}, Quarantined, [e5c40d156426fb3b627052be48bbd828],
PUP.Optional.DealKeeper.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1EC8187A-6435-44E3-BBE4-6CE6D3C69254}, Quarantined, [e5c40d156426fb3b627052be48bbd828],
PUP.Optional.DealKeeper.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1EC8187A-6435-44E3-BBE4-6CE6D3C69254}, Quarantined, [e5c40d156426fb3b627052be48bbd828],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [aaffc75b9af0ba7c7a1285c547bc57a9],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd.1, Quarantined, [aaffc75b9af0ba7c7a1285c547bc57a9],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialdskBnd, Quarantined, [aaffc75b9af0ba7c7a1285c547bc57a9],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialdskBnd, Quarantined, [aaffc75b9af0ba7c7a1285c547bc57a9],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialdskBnd.1, Quarantined, [aaffc75b9af0ba7c7a1285c547bc57a9],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [aaffc75b9af0ba7c7a1285c547bc57a9],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [aaffc75b9af0ba7c7a1285c547bc57a9],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Quarantined, [aaffc75b9af0ba7c7a1285c547bc57a9],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.SupTab.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.SupTab.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.SupTab.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [892070b23654ca6ca53d05100003a25e],
PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4e6cd411-ce62-4584-97ff-6afbcf6900af}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{15F672EC-1269-428F-BDB7-DB781E772B77}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{158C1B4D-859D-4886-BCA4-4C671693EAA0}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{158C1B4D-859D-4886-BCA4-4C671693EAA0}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{15F672EC-1269-428F-BDB7-DB781E772B77}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.MegaBrowse.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.MegaBrowse.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.MegaBrowse.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}, Quarantined, [60498f93d2b8023446dc71a46a9910f0],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, Quarantined, [a00947dbdfab56e098bd83cb09fa8b75],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, Quarantined, [a00947dbdfab56e098bd83cb09fa8b75],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [a00947dbdfab56e098bd83cb09fa8b75],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [a00947dbdfab56e098bd83cb09fa8b75],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, Quarantined, [a00947dbdfab56e098bd83cb09fa8b75],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, Quarantined, [3673f230addd0a2c2fa8bc8e6b9850b0],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [3673f230addd0a2c2fa8bc8e6b9850b0],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [3673f230addd0a2c2fa8bc8e6b9850b0],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [3673f230addd0a2c2fa8bc8e6b9850b0],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [3673f230addd0a2c2fa8bc8e6b9850b0],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [3673f230addd0a2c2fa8bc8e6b9850b0],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [3673f230addd0a2c2fa8bc8e6b9850b0],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr.1, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\mysearchdial.mysearchdialHlpr, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialHlpr, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\mysearchdial.mysearchdialHlpr.1, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Quarantined, [b5f439e9d1b995a1701b3f0b08fb2bd5],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarantined, [dccdb171a1e9043275c7eb6047bce719],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [d7d265bd701ad95d3c16c08e1ae98878],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarantined, [d7d265bd701ad95d3c16c08e1ae98878],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [d6d365bd622873c32668a869e81bce32],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [d6d365bd622873c32668a869e81bce32],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [e6c363bfb7d3270f404fc54c4ab959a7],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [e6c363bfb7d3270f404fc54c4ab959a7],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}, Quarantined, [17920d15d2b867cf3d508fbb7f8419e7],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CE681A67-9477-CBE6-EB9D-FE534875F98D}, Quarantined, [baef938f2466d85ea48d31e06a99c33d],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{19f10a29-1212-4aad-b301-96193927dfce}, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{19F10A29-1212-4AAD-B301-96193927DFCE}, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{19F10A29-1212-4AAD-B301-96193927DFCE}, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P19f10a29_1212_4aad_b301_96193927dfce_.P19f10a29_1212_4aad_b301_96193927dfce_, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P19f10a29_1212_4aad_b301_96193927dfce_.P19f10a29_1212_4aad_b301_96193927dfce_.9, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P19f10a29_1212_4aad_b301_96193927dfce_.P19f10a29_1212_4aad_b301_96193927dfce_, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P19f10a29_1212_4aad_b301_96193927dfce_.P19f10a29_1212_4aad_b301_96193927dfce_.9, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{19F10A29-1212-4AAD-B301-96193927DFCE}, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{19F10A29-1212-4AAD-B301-96193927DFCE}\INPROCSERVER32, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{19F10A29-1212-4AAD-B301-96193927DFCE}, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{19F10A29-1212-4AAD-B301-96193927DFCE}, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{19F10A29-1212-4AAD-B301-96193927DFCE}, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{19F10A29-1212-4AAD-B301-96193927DFCE}, Quarantined, [cadf8c96c6c435014e16c0fd09fc1ce4],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{be600ded-537f-4ea0-97cf-f98501a058a5}, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BE600DED-537F-4EA0-97CF-F98501A058A5}, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{BE600DED-537F-4EA0-97CF-F98501A058A5}, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Pbe600ded_537f_4ea0_97cf_f98501a058a5_.Pbe600ded_537f_4ea0_97cf_f98501a058a5_, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\Pbe600ded_537f_4ea0_97cf_f98501a058a5_.Pbe600ded_537f_4ea0_97cf_f98501a058a5_.10, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pbe600ded_537f_4ea0_97cf_f98501a058a5_.Pbe600ded_537f_4ea0_97cf_f98501a058a5_, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pbe600ded_537f_4ea0_97cf_f98501a058a5_.Pbe600ded_537f_4ea0_97cf_f98501a058a5_.10, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{BE600DED-537F-4EA0-97CF-F98501A058A5}, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{BE600DED-537F-4EA0-97CF-F98501A058A5}\INPROCSERVER32, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BE600DED-537F-4EA0-97CF-F98501A058A5}, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BE600DED-537F-4EA0-97CF-F98501A058A5}, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BE600DED-537F-4EA0-97CF-F98501A058A5}, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BE600DED-537F-4EA0-97CF-F98501A058A5}, Quarantined, [94150220a2e8a78f4f152b928c7902fe],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F8ED2666-3D38-8820-ECF6-296D74B8C9D1}, Quarantined, [852461c179113006d1638282bd460bf5],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{226c3c5a-804c-4799-b324-987eafe810df}, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{226C3C5A-804C-4799-B324-987EAFE810DF}, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{226C3C5A-804C-4799-B324-987EAFE810DF}, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P226c3c5a_804c_4799_b324_987eafe810df_.P226c3c5a_804c_4799_b324_987eafe810df_, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P226c3c5a_804c_4799_b324_987eafe810df_.P226c3c5a_804c_4799_b324_987eafe810df_.9, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P226c3c5a_804c_4799_b324_987eafe810df_.P226c3c5a_804c_4799_b324_987eafe810df_, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P226c3c5a_804c_4799_b324_987eafe810df_.P226c3c5a_804c_4799_b324_987eafe810df_.9, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{226C3C5A-804C-4799-B324-987EAFE810DF}, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{226C3C5A-804C-4799-B324-987EAFE810DF}\INPROCSERVER32, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{226C3C5A-804C-4799-B324-987EAFE810DF}, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{226C3C5A-804C-4799-B324-987EAFE810DF}, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{226C3C5A-804C-4799-B324-987EAFE810DF}, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{226C3C5A-804C-4799-B324-987EAFE810DF}, Quarantined, [d6d3b66c107a69cd23412c91c93cfd03],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C60D3D4E-3B20-5AB3-7F2C-9C946AD4080F}, Quarantined, [2d7c44dec0ca73c3e64e4fb5b84be11f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{21a75d9e-a384-4029-9c7d-d6dca912bc52}, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{21A75D9E-A384-4029-9C7D-D6DCA912BC52}, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{21A75D9E-A384-4029-9C7D-D6DCA912BC52}, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P21a75d9e_a384_4029_9c7d_d6dca912bc52_.P21a75d9e_a384_4029_9c7d_d6dca912bc52_, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P21a75d9e_a384_4029_9c7d_d6dca912bc52_.P21a75d9e_a384_4029_9c7d_d6dca912bc52_.9, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P21a75d9e_a384_4029_9c7d_d6dca912bc52_.P21a75d9e_a384_4029_9c7d_d6dca912bc52_, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P21a75d9e_a384_4029_9c7d_d6dca912bc52_.P21a75d9e_a384_4029_9c7d_d6dca912bc52_.9, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{21A75D9E-A384-4029-9C7D-D6DCA912BC52}, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{21A75D9E-A384-4029-9C7D-D6DCA912BC52}\INPROCSERVER32, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{21A75D9E-A384-4029-9C7D-D6DCA912BC52}, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{21A75D9E-A384-4029-9C7D-D6DCA912BC52}, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{21A75D9E-A384-4029-9C7D-D6DCA912BC52}, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{21A75D9E-A384-4029-9C7D-D6DCA912BC52}, Quarantined, [feab2cf6f2988aac70f4299456af2dd3],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}, Quarantined, [7e2b3fe3e5a5f244b48042c256ad19e7],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsMangerProtect, Quarantined, [3f6aa1811872f83e33cfcce7f30ec23e],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{572edd85-0c22-4258-8eae-b01295bf229d}, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{572EDD85-0C22-4258-8EAE-B01295BF229D}, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{572EDD85-0C22-4258-8EAE-B01295BF229D}, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P572edd85_0c22_4258_8eae_b01295bf229d_.P572edd85_0c22_4258_8eae_b01295bf229d_, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\P572edd85_0c22_4258_8eae_b01295bf229d_.P572edd85_0c22_4258_8eae_b01295bf229d_.10, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P572edd85_0c22_4258_8eae_b01295bf229d_.P572edd85_0c22_4258_8eae_b01295bf229d_, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P572edd85_0c22_4258_8eae_b01295bf229d_.P572edd85_0c22_4258_8eae_b01295bf229d_.10, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{572EDD85-0C22-4258-8EAE-B01295BF229D}, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{572EDD85-0C22-4258-8EAE-B01295BF229D}\INPROCSERVER32, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{572EDD85-0C22-4258-8EAE-B01295BF229D}, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{572EDD85-0C22-4258-8EAE-B01295BF229D}, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{572EDD85-0C22-4258-8EAE-B01295BF229D}, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{572EDD85-0C22-4258-8EAE-B01295BF229D}, Quarantined, [9316e9393b4fd75fd58f8d300104cf31],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BC799F5F-37C9-ACBB-BE51-805992C10610}, Quarantined, [1198d84ae4a6c6700b293dc7030041bf],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1E38F0E0-5499-CDAF-F946-BA3D053AABC2}, Quarantined, [8524dd457911ea4ca0942cd84bb8629e],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{40DC4B27-4588-C56F-7737-D03A0ACE4383}, Quarantined, [acfd2ff3cac0bc7a8aaa1be98d76fe02],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}, Quarantined, [1099170b4b3fdb5b40f4ea1a5ea5aa56],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6C9B756D-B313-0B9A-29C4-0D41CFAFE000}, Quarantined, [53569c863456aa8cc86c758fb94a8779],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3119AFD3-545C-0955-573A-494F62E61990}, Quarantined, [9514150dacdea2942212996b877ca65a],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7E7FAE3D-3358-D280-8DBF-E8E2D94326D1}, Quarantined, [1c8db36f58327abccf658282a26160a0],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{532970A2-464B-73CB-BBC4-F209EAD3EEBE}, Quarantined, [5257f82a2a60fa3c5cd89d67857e8779],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BA5D43C9-D633-D0EC-CFEA-2ABA974B333D}, Quarantined, [aaff6ab8dcae0e2859db3fc5a65d0cf4],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{11111111-1111-1111-1111-110511421146}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544424446}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555425546}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566426646}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550555425546}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660566426646}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440544424446}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054246.BHO.1, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511421146}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110511421146}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054246.BHO, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054246.BHO, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054246.BHO.1, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110511421146}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110511421146}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511421146}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-21-2798846467-2303819236-3135644434-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110511421146}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{22222222-2222-2222-2222-220522422246}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054246.Sandbox.1, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0054246.Sandbox, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054246.Sandbox, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0054246.Sandbox.1, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\CLASSES\CLSID\{22222222-2222-2222-2222-220522422246}, Quarantined, [64459092206a3ff7d4880194f40da65a],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{144AC25F-D7A7-B233-BFB8-433771ECB92D}, Quarantined, [6148c35fb9d1e94d0f25dc289f64da26],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6E3B2E00-8ADC-98BD-428C-13CEC2925F29}, Quarantined, [9c0d25fd5f2bd95d4ce8ee16f310db25],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7BCAC0EB-3993-2416-0531-848C39DF8B65}, Quarantined, [753443df6b1fc37346eee22255ae4bb5],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{46DF3CE6-BACF-B984-6099-DC25E7054C21}, Quarantined, [edbc859d78122d095fd500040af96f91],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BDA14B0B-4672-3ABF-B189-A5958FE3A42F}, Quarantined, [773246dca8e2be78b77dc53f7f847b85],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{5C28578D-D0F1-699F-01B0-CC0653A28C11}, Quarantined, [5e4b0b173753d85e0331e42054afd729],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2D471A31-4FA7-95BA-1880-D441113ED736}, Quarantined, [e4c5a77baae0fe38d064877dd330ff01],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D86C82B0-1F02-816A-5F3D-6466F6A67566}, Quarantined, [41685fc3e5a5de582212a163887b49b7],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D9EFCE2A-396E-AAA0-9D20-896DE2ECF595}, Quarantined, [812832f0078373c3c272739132d154ac],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D8A764DD-3FBA-FBBD-FFC8-90B4AE9B19B8}, Quarantined, [416857cbbad083b34fe503014db6ba46],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{439763FF-59EC-FF1D-B0B5-CB9E213A7A5C}, Quarantined, [9415938fd3b71125d75d12f2dc2704fc],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6AEC2288-82D5-C6CE-CC6F-213FE715E4E5}, Quarantined, [28817ca6cfbb6fc7a98b2dd74cb7f30d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4E5FE462-1A84-47B4-3411-C72434AAD86C}, Quarantined, [5d4cae7466241f173afa33d17b889a66],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}, Quarantined, [b5f4081a890138fe30042dd76f94bb45],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{074887BF-06BC-9065-9562-3C1A861F7111}, Quarantined, [8821a87a860475c1ec48669e679c3ec2],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{6C998B44-82D8-CC7E-D847-4CD73036412A}, Quarantined, [02a741e10189e94d44f0d331897aff01],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{26453017-2C54-574B-7597-9EA6652686A6}, Quarantined, [c9e0bc661b6fb77f5ada5aaa28db867a],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{0B750649-0E5A-78CB-A6AE-E2D6E2AD8882}, Quarantined, [1c8dc65c99f1d264ab898f75ba49c53b],
PUP.Optional.OptimizerMonitor.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\igsc, Quarantined, [6a3f82a07d0d88ae0052dbc3da2926da],
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyPC Backup, Quarantined, [f0b9d2506a2072c4c826317a03007888],
PUP.Optional.ShopperPro, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ShopperPro, Quarantined, [69404dd597f344f2c6f02e8d7b883fc1],
PUP.Optional.ShopperPro, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPDRIVER_1507.0.0.0, Quarantined, [69404dd597f344f2c6f02e8d7b883fc1],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64, Quarantined, [ffaa34eeddadf73fdcc61f9ee023f50b],
PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RegClean Pro_is1, Quarantined, [5f4ae93983070630ca3255a51be950b0],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64, Quarantined, [e7c267bb6525f046c215ec2fc540f010],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{30389f51-b968-4243-8e7c-c69cde75ce4d}w64, Quarantined, [a801e1418ffb053193444ccf30d51fe1],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{55dce8ba-9dec-4013-937e-adbf9317d990}w64, Quarantined, [98117fa31476f244d304cd4eb3528d73],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{7c18b119-d64a-4b8f-90db-d1c5b5ad5acf}w64, Quarantined, [c2e762c08efc25119641849711f48080],
PUP.Optional.OpenSoftwareUpdater.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OpenSoftwareUpdater, Quarantined, [03a6170b0486d75f24809e82947158a8],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\Wajam Web Enhancer, Quarantined, [f4b53ee43e4c7db9ae415d4da063b947],
PUP.Optional.Astromenda.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [cfdac55d9ceea98d5de7ce53a75e867a],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\19979, Quarantined, [7e2b12109feb6fc73e1c7664f1127e82],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [2d7cef332a608ea8f06a4496a360b64a],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21836, Quarantined, [9d0c28fa672374c2a5b5ffdbbe45ae52],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [baef24fecfbb94a26b780bfcb451ad53],
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, Quarantined, [9c0dc75bc7c3e1558919d4ce29dab34d],
PUP.Optional.DealKeeper.A, HKLM\SOFTWARE\WOW6432NODE\Deal Keeper, Quarantined, [0f9ac062800ac175c42baf0f50b311ef],
Adware.EoRezo, HKLM\SOFTWARE\WOW6432NODE\FREESOFTTODAY, Quarantined, [d7d268ba5337ba7ca79caf53fb0acd33],
PUP.Optional.Feven.A, HKLM\SOFTWARE\WOW6432NODE\Freeven pro, Quarantined, [3376958da7e3ce688ec78059ca39ca36],
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\GAMESDESKTOP, Quarantined, [a900f82a62289a9c3e19584eb2511fe1],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\Ge-Force, Quarantined, [c8e10919820861d517f768b5bf46ec14],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\Ge-Force-nv, Quarantined, [8d1c74ae1377db5b9e816fba8382ac54],
PUP.Optional.GeForce.A, HKLM\SOFTWARE\WOW6432NODE\Ge-Force-nv-ie, Quarantined, [a1087fa32763b77ff32caf7a0afb09f7],
PUP.Optional.IStart123.A, HKLM\SOFTWARE\WOW6432NODE\istart123Software, Quarantined, [75347da51872e94dab6e6f4abc47d22e],
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\MediaPlayerplus, Quarantined, [b1f8ba6890fa79bda5d002d72cd7a060],
PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\WOW6432NODE\Mega Browse, Quarantined, [21882cf63b4f0d29c9ee3aa3c1427c84],
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\P-HD-V1.4, Quarantined, [bdec7fa32466a88ea82d7749a45f9f61],
PUP.Optional.PCFixSpeed, HKLM\SOFTWARE\WOW6432NODE\PCFixSpeed, Quarantined, [6a3fc062e0aa2f07c72e847a48bcb54b],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Quarantined, [57523ee42466a88e54c5a676a95ceb15],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, Quarantined, [2980b36f81098ea8c80606b16e95bf41],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\Wajam Web Enhancer, Quarantined, [1a8f5fc365250d29648bedbde61dc33d],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [e4c554ce5337280e238c576820e39967],
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, Quarantined, [b4f56eb4dfab270fe3112eac4bb8649c],
PUP.Optional.Astromenda.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [5950d15153371d1931136fb28f768b75],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\mysearchdial, Quarantined, [1495f32f9bef22140badec0fa064c739],
PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE Rocket, Quarantined, [7a2f70b2177395a1ca11bbf4d72c6997],
PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Astromenda, Quarantined, [7138c45e800a88ae0ecd941b659e9868],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\19979, Quarantined, [575232f0b7d36dc9ca9087533cc7f50b],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [44650a1805858bab91c9ab2fb44f8878],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\21836, Quarantined, [d9d02ff3abdf61d51644d307c83b23dd],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [e8c1dd459eec6dc9cd160ef9e520857b],
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, Quarantined, [f6b3fa28a2e84cea6e34aff327dc39c7],
PUP.Optional.FreeSoftToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\fst_us_169_is1, Quarantined, [decbf32f6a2003333e9de1dfb84b47b9],
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\gmsd_us_186_is1, Quarantined, [aaff2ff3840693a3fdcc475f9172c937],
PUP.Optional.SmartMediaConverter.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SmartMediaConverter, Quarantined, [a009e73bd2b870c6e79bebca6f9401ff],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Wajam Web Enhancer, Quarantined, [4f5ade44e5a596a0608e5159b44f867a],
PUP.Optional.Linkury.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}, Quarantined, [dacfd74bbfcb1a1cc4fc6568

KylaB97

#2
March 22, 2015, 12:05:17 AM
Looks like the whole log did not post. I'll see if I can attach it below.

Corrine

#3
March 22, 2015, 12:45:32 AM
Hi, Kayla.  Welcome to LandzDown Forum.  I was wondering when you were going to have time to dig into your boyfriend's computer. 

You were certainly right about the MBAM log.  It is long and I see by the top of the log that it took almost an hour to scan (Time Elapsed: 52 min, 45 sec)!  Fortunately, the remainder of the log was more PUPs (Potentially Unwanted Programs) but no malicious items detected.  So that is good news.

Since you can barely navigate on the computer and the browsers have been taken over, let's see what can be done to give you immediate relief.  Then we'll take a look at a fresh log to see where things stand.

1.  Please start by uninstalling shoppilation.

2.  I see that AdwCleaner has been used in the computer in the past.  If you don't know where AdwCleaner.exe is located, please download a new copy from here: Adware Cleaner.    Please save it to your desktop!  (Note:  if you know where the earlier downloaded file is located, be sure it updates before running.  If it is not version 4.112, just download a fresh copy.)

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator[/*]
  • The tool will start to update the database, please wait a bit.[/*]
  • Click on the Scan button.[/*]
  • AdwCleaner will begin...be patient as the scan may take some time to complete.[/*]
  • After the scan has finished, click on the Clean button.[/*]
  • Press OK when asked to close all programs and follow the onscreen prompts.[/*]
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.[/*]
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).[/*]
  • Copy and paste the contents of that logfile in your next reply.[/*]
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.[/*]
3.  Next, Please download Junkware Removal Tool to your desktop.

  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it.  If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
4.  After a restart, let's see what a new DDS log looks like. 

  • Double-click dds.scr to run.
  • After the scan is complete, copy/paSTe only the DDS.txt log.
Note:  I am expecting the AdwCleaner log to be quite long.  To save yourself some grief, don't hesitate to post that log after the first restart and then create yet another new topic for the JRT log.  If it is also really long, create yet a third topic for the new DDS.txt log. 



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

KylaB97

#4
March 22, 2015, 01:32:54 AM
Hi Corrine, Thank you for helping me. We went into the extensions and found a earnsale thing and disabled it. That helped a little bit, I uninstalled shoppilation and I did forget that mom had me download and run Adw Cleaner. I have that first log if you would like to see it. I did uninstall the old version and downloaded the new version. Both logs you ask for are below:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Home Premium x64
Ran by LATTY on Sat 03/21/2015 at 20:17:08.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\driver support
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2798846467-2303819236-3135644434-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update mega browse
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util mega browse



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"
Successfully deleted: [Folder] "C:\Users\LATTY\appdata\local\pc_drivers_headquarters"
Successfully deleted: [Folder] "C:\Program Files (x86)\browse~2"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\LATTY\appdata\local\{269EFDEC-FF8F-49A4-8650-C6DF61BCA69D}
Successfully deleted: [Empty Folder] C:\Users\LATTY\appdata\local\{34CDDEB9-581A-46D7-A684-10413D370E02}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/21/2015 at 20:23:23.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



# AdwCleaner v4.112 - Logfile created 21/03/2015 at 20:10:17
# Updated 09/03/2015 by Xplode
# Database : 2015-03-21.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : LATTY - LATTY-PC
# Running from : C:\Users\LATTY\Desktop\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : YahooAUService
  • Service Deleted : RuntimeManager
    Service Deleted : MobogenieService

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Yahoo! Companion
    Folder Deleted : C:\ProgramData\shoppilation
    Folder Deleted : C:\ProgramData\dealoster
    Folder Deleted : C:\ProgramData\looWuprices
    Folder Deleted : C:\ProgramData\offerdoeeaala
    Folder Deleted : C:\ProgramData\7502d0d17d33c51a
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
    Folder Deleted : C:\Program Files (x86)\Super Optimizer
    Folder Deleted : C:\Program Files (x86)\Mobogenie3
    Folder Deleted : C:\Program Files (x86)\appsAve
    Folder Deleted : C:\Program Files (x86)\BetteerPRiceChEc
    Folder Deleted : C:\Program Files (x86)\BetterPuricceCHec
    Folder Deleted : C:\Program Files (x86)\CCLIckForSalie
    Folder Deleted : C:\Program Files (x86)\DDailyPrizE
    Folder Deleted : C:\Program Files (x86)\ddOllarsaver
    Folder Deleted : C:\Program Files (x86)\dollaResaverr
    Folder Deleted : C:\Program Files (x86)\EExutrAShooppeer
    Folder Deleted : C:\Program Files (x86)\ExtraSihoppEr
    Folder Deleted : C:\Program Files (x86)\fareeeDelIveruy
    Folder Deleted : C:\Program Files (x86)\faStoSSalleor
    Folder Deleted : C:\Program Files (x86)\free2yaou
    Folder Deleted : C:\Program Files (x86)\LuckkyyCouppoon
    Folder Deleted : C:\Program Files (x86)\priaZecoupon
    Folder Deleted : C:\Program Files (x86)\PriiceDoewnloader
    Folder Deleted : C:\Program Files (x86)\PrinceeCooupponu
    Folder Deleted : C:\Program Files (x86)\PrineCeCouponi
    Folder Deleted : C:\Program Files (x86)\prizecOuupon
    Folder Deleted : C:\Program Files (x86)\prrizaecoupeoN
    Folder Deleted : C:\Program Files (x86)\qouicKshop
    Folder Deleted : C:\Program Files (x86)\quIckkshop
    Folder Deleted : C:\Program Files (x86)\RoyalCooupOOn
    Folder Deleted : C:\Program Files (x86)\RoyalShopapEorApp
    Folder Deleted : C:\Program Files (x86)\RoyyAlCoUpon
    Folder Deleted : C:\Program Files (x86)\saleoFfer
    Folder Deleted : C:\Program Files (x86)\SaluesMagnet
    Folder Deleted : C:\Program Files (x86)\shhoupnndrop
    Folder Deleted : C:\Users\LATTY\AppData\Local\Temp\Deal Keeper
    Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\PC Tech Hotline
    Folder Deleted : C:\Program Files\BubbleSound
    Folder Deleted : C:\Users\LATTY\AppData\Local\wincheck
    Folder Deleted : C:\Users\LATTY\AppData\LocalLow\Yahoo! Companion
    Folder Deleted : C:\Users\LATTY\AppData\Roaming\Mobogenie
    Folder Deleted : C:\Users\LATTY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BubbleSound 1.0
    Folder Deleted : C:\Users\LATTY\Documents\Mobogenie
    Folder Deleted : C:\Users\LATTY\Documents\Super Optimizer
    Folder Deleted : C:\ProgramData\nhoomajijappicjijhpjfhdipigjonad
    Folder Deleted : C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgnekbaiabbkmiciakdebgmhfifiofei
    Folder Deleted : C:\Users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgnekbaiabbkmiciakdebgmhfifiofei
    Folder Deleted : C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpfblpommjlgjpgacngohjlikijbaen
    Folder Deleted : C:\Users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpfblpommjlgjpgacngohjlikijbaen
    Folder Deleted : C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbjneejbdmjepefpajjhibofpmlnbhc
    Folder Deleted : C:\Users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbjneejbdmjepefpajjhibofpmlnbhc
    Folder Deleted : C:\Users\LATTY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
    Folder Deleted : C:\Users\LATTY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
    File Deleted : C:\Users\LATTY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
    File Deleted : C:\Users\LATTY\Desktop\3D BubbleSound.lnk
    File Deleted : C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage
    File Deleted : C:\Users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage
    File Deleted : C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal

    ***** [ Scheduled tasks ] *****

    Task Deleted : Yahoo! Search Updater
    Task Deleted : Super Optimizer Schedule
    Task Deleted : PastaQuotes
    Task Deleted : Validate Installation
    Task Deleted : Check Updates
    Task Deleted : GeniusBox

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Classes\keepmysearch
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Super Optimizer]
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe
    Key Deleted : HKLM\SOFTWARE\Classes\P1470aa43_3d1d_4ca4_b673_cfd805405a84_.P1470aa43_3d1d_4ca4_b673_cfd805405a84_
    Key Deleted : HKLM\SOFTWARE\Classes\P1470aa43_3d1d_4ca4_b673_cfd805405a84_.P1470aa43_3d1d_4ca4_b673_cfd805405a84_.9
    Key Deleted : HKLM\SOFTWARE\Classes\P1f1aefb2_c68d_4586_9e5f_d320d67c882e_.P1f1aefb2_c68d_4586_9e5f_d320d67c882e_
    Key Deleted : HKLM\SOFTWARE\Classes\P1f1aefb2_c68d_4586_9e5f_d320d67c882e_.P1f1aefb2_c68d_4586_9e5f_d320d67c882e_.9
    Key Deleted : HKLM\SOFTWARE\Classes\P925d0930_77f7_48dc_9284_46dc40be7dc4_.P925d0930_77f7_48dc_9284_46dc40be7dc4_
    Key Deleted : HKLM\SOFTWARE\Classes\P925d0930_77f7_48dc_9284_46dc40be7dc4_.P925d0930_77f7_48dc_9284_46dc40be7dc4_.9
    Key Deleted : HKLM\SOFTWARE\Classes\Pb54374be_6890_4fad_ba1d_095df623d844_.Pb54374be_6890_4fad_ba1d_095df623d844_
    Key Deleted : HKLM\SOFTWARE\Classes\Pb54374be_6890_4fad_ba1d_095df623d844_.Pb54374be_6890_4fad_ba1d_095df623d844_.9
    Key Deleted : HKLM\SOFTWARE\Classes\Pd74ee689_44b9_4cab_a8a4_f0bf6cb09288_.Pd74ee689_44b9_4cab_a8a4_f0bf6cb09288_
    Key Deleted : HKLM\SOFTWARE\Classes\Pd74ee689_44b9_4cab_a8a4_f0bf6cb09288_.Pd74ee689_44b9_4cab_a8a4_f0bf6cb09288_.9
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1470aa43-3d1d-4ca4-b673-cfd805405a84}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1f1aefb2-c68d-4586-9e5f-d320d67c882e}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{925d0930-77f7-48dc-9284-46dc40be7dc4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b54374be-6890-4fad-ba1d-095df623d844}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{d74ee689-44b9-4cab-a8a4-f0bf6cb09288}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1470aa43-3d1d-4ca4-b673-cfd805405a84}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f1aefb2-c68d-4586-9e5f-d320d67c882e}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{925d0930-77f7-48dc-9284-46dc40be7dc4}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b54374be-6890-4fad-ba1d-095df623d844}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d74ee689-44b9-4cab-a8a4-f0bf6cb09288}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1470aa43-3d1d-4ca4-b673-cfd805405a84}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1f1aefb2-c68d-4586-9e5f-d320d67c882e}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{925d0930-77f7-48dc-9284-46dc40be7dc4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b54374be-6890-4fad-ba1d-095df623d844}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d74ee689-44b9-4cab-a8a4-f0bf6cb09288}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1470aa43-3d1d-4ca4-b673-cfd805405a84}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1f1aefb2-c68d-4586-9e5f-d320d67c882e}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{925d0930-77f7-48dc-9284-46dc40be7dc4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{b54374be-6890-4fad-ba1d-095df623d844}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d74ee689-44b9-4cab-a8a4-f0bf6cb09288}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1470aa43-3d1d-4ca4-b673-cfd805405a84}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f1aefb2-c68d-4586-9e5f-d320d67c882e}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{925d0930-77f7-48dc-9284-46dc40be7dc4}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b54374be-6890-4fad-ba1d-095df623d844}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{d74ee689-44b9-4cab-a8a4-f0bf6cb09288}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1470aa43-3d1d-4ca4-b673-cfd805405a84}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1f1aefb2-c68d-4586-9e5f-d320d67c882e}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{925d0930-77f7-48dc-9284-46dc40be7dc4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{b54374be-6890-4fad-ba1d-095df623d844}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{d74ee689-44b9-4cab-a8a4-f0bf6cb09288}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1470aa43-3d1d-4ca4-b673-cfd805405a84}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f1aefb2-c68d-4586-9e5f-d320d67c882e}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{925d0930-77f7-48dc-9284-46dc40be7dc4}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b54374be-6890-4fad-ba1d-095df623d844}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d74ee689-44b9-4cab-a8a4-f0bf6cb09288}
    Key Deleted : HKCU\Software\Mobogenie
    Key Deleted : HKCU\Software\Super Optimizer
    Key Deleted : HKCU\Software\Mobogenie3
    Key Deleted : HKCU\Software\PCTechHotline
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKLM\SOFTWARE\Taronja
    Key Deleted : HKLM\SOFTWARE\IGS
    Key Deleted : HKLM\SOFTWARE\GeniusBox
    Key Deleted : HKLM\SOFTWARE\Mobogenie3
    Key Deleted : HKLM\SOFTWARE\PCTechHotline
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Super Optimizer_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Quiknowledge
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IGS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GeniusBox
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie3
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0B0DA25-DD15-4739-92A3-62D3424F043A}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4E5FE462-1A84-47B4-3411-C72434AAD86C}
    Key Deleted : [x64] HKLM\SOFTWARE\BubbleSound
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BubbleSound
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:47574
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17631


    -\\ Google Chrome v41.0.2272.101

    [C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    -\\ Comodo Dragon v

    [C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    -\\ Chrome Canary v

    [C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [40831 bytes] - [28/02/2015 19:56:46]
    AdwCleaner[R1].txt - [14428 bytes] - [21/03/2015 20:04:10]
    AdwCleaner[S0].txt - [39766 bytes] - [28/02/2015 19:58:35]
    AdwCleaner[S1].txt - [14895 bytes] - [21/03/2015 20:10:17]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [14955  bytes] ##########

KylaB97

#5
March 22, 2015, 01:38:03 AM
Here are the other two logs:


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631
Run by LATTY at 20:33:29 on 2015-03-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5606.4448 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\The Phone Support Dock\TPSDock.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe
C:\Program Files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
uSearch Page = www.google.com
mStart Page = www.google.com
mSearch Page = www.google.com
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
uSearchAssistant = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: cHEaup4all: {3165cb3b-b913-4030-8e3e-844f497ef8cf} - C:\Program Files (x86)\cHEaup4all\N3oJi9AYUvsHFz.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20140210001533.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [GenieFloater] C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 99.196.99.99 99.197.99.99
TCP: Interfaces\{C90153EF-052D-4911-9C18-1DDCB6CDDD70} : DHCPNameServer = 99.196.99.99 99.197.99.99
TCP: Interfaces\{C90153EF-052D-4911-9C18-1DDCB6CDDD70}\2656C6B696E6E2234323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C90153EF-052D-4911-9C18-1DDCB6CDDD70}\84F4D454D203339313 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C90153EF-052D-4911-9C18-1DDCB6CDDD70}\D496649643632303C45402A45647071636B6024433931302355636572756 : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= 
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = www.google.com
x64-mSearch Page = www.google.com
x64-mDefault_Page_URL = www.google.com
x64-mDefault_Search_URL = www.google.com
x64-BHO: cHEaup4all: {3165cb3b-b913-4030-8e3e-844f497ef8cf} - C:\Program Files (x86)\cHEaup4all\N3oJi9AYUvsHFz.x64.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20140210001533.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [3D BubbleSound] "C:\Program Files\BubbleSound\3D BubbleSound.exe"
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2014-2-5 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2014-2-5 40064]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 647208]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 289664]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-2-19 50976]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-3-13 75936]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2014-2-5 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2014-2-5 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2014-2-5 62776]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-2-5 204288]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2014-2-5 352336]
R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2014-2-5 872552]
R2 GenieCleanService;GenieCleanService;C:\Program Files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe [2015-2-5 53400]
R2 GenieWifiService;GenieWifiService;C:\Program Files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe [2015-3-5 51352]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-11-2 199304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-11-2 210616]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-11-2 162224]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-2-5 114704]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-4-12 51240]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-1-13 85544]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 65264]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 229528]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 487296]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-2-5 53376]
S2 cae99edb;Super Optimizer;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-11-2 244624]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-1-27 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-18 114688]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-11-2 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 100912]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2013-3-18 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-7 1255736]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-03-21 23:12:58   --------   d-----w-   C:\Program Files (x86)\SumatraPDF
2015-03-21 23:09:50   --------   d-----w-   C:\Program Files (x86)\PhotoScape
2015-03-17 00:41:05   29696   ----a-w-   C:\Windows\System32\powertracker.dll
2015-03-17 00:41:04   950272   ----a-w-   C:\Windows\System32\perftrack.dll
2015-03-17 00:41:03   91136   ----a-w-   C:\Windows\System32\wdi.dll
2015-03-17 00:41:03   76800   ----a-w-   C:\Windows\SysWow64\wdi.dll
2015-03-01 00:56:41   --------   d-----w-   C:\AdwCleaner
2015-02-27 00:26:20   --------   d-----w-   C:\Program Files (x86)\Bookmark Search
2015-02-26 04:33:54   --------   d-----w-   C:\Users\LATTY\Tracing
2015-02-26 03:30:41   129752   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-26 03:30:07   93400   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2015-02-26 03:30:06   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2015-02-26 03:30:05   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2015-02-26 03:30:04   --------   d-----w-   C:\ProgramData\Malwarebytes
2015-02-26 03:30:04   --------   d-----w-   C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-26 03:06:12   --------   d-----w-   C:\Program Files (x86)\BharatMatrimony
2015-02-24 03:34:42   --------   d-----w-   C:\Users\LATTY\AppData\Roaming\Unity
2015-02-24 02:58:11   --------   d-----w-   C:\Users\LATTY\AppData\Local\Unity
2015-02-20 03:05:24   --------   d-----w-   C:\Program Files (x86)\aa020abd-6d5d-4146-8e02-e622308251dc
2015-02-20 03:04:17   --------   d-----w-   C:\Program Files (x86)\WasteNoTime
2015-02-20 03:03:50   --------   d-----w-   C:\Users\LATTY\AppData\Local\Installer
2015-02-20 03:03:45   --------   d-----w-   C:\Users\LATTY\AppData\Local\CrashRpt
2015-02-20 03:03:27   --------   d-----w-   C:\Program Files (x86)\oaffeeRapp
2015-02-20 03:00:06   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2015-02-20 03:00:05   4300800   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2015-02-20 03:00:04   6041600   ----a-w-   C:\Windows\System32\jscript9.dll
2015-02-20 03:00:03   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
.
==================== Find3M  ====================
.
2015-03-21 23:07:55   20   ----a-w-   C:\Users\LATTY\AppData\Roaming\appdataFr3.bin
2015-01-15 08:14:17   155072   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57   28160   ----a-w-   C:\Windows\System32\secur32.dll
2015-01-15 08:09:51   1461760   ----a-w-   C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15   31232   ----a-w-   C:\Windows\System32\lsass.exe
2015-01-15 08:08:59   64000   ----a-w-   C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22   60416   ----a-w-   C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11   146432   ----a-w-   C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23   686080   ----a-w-   C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05   50176   ----a-w-   C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53   60416   ----a-w-   C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36   146432   ----a-w-   C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55   686080   ----a-w-   C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18   458824   ----a-w-   C:\Windows\System32\drivers\cng.sys
2015-01-14 06:09:27   5554112   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2015-01-14 06:05:30   503808   ----a-w-   C:\Windows\System32\srcore.dll
2015-01-14 06:05:30   50176   ----a-w-   C:\Windows\System32\srclient.dll
2015-01-14 06:04:56   296960   ----a-w-   C:\Windows\System32\rstrui.exe
2015-01-14 05:44:59   3972544   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-14 05:44:58   3917760   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2015-01-14 05:41:09   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2015-01-13 03:10:22   1424384   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2015-01-13 02:49:19   1230336   ----a-w-   C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-12 03:05:32   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52   584192   ----a-w-   C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:25:28   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:13:27   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-01-12 02:08:09   503296   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:46:29   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00   2125824   ----a-w-   C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27:32   2358272   ----a-w-   C:\Windows\System32\wininet.dll
2015-01-12 01:23:09   2052608   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17   1888256   ----a-w-   C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22   210944   ----a-w-   C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19   86528   ----a-w-   C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17   341504   ----a-w-   C:\Windows\System32\schannel.dll
2015-01-10 06:48:13   309760   ----a-w-   C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12   314880   ----a-w-   C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10   728064   ----a-w-   C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05   22016   ----a-w-   C:\Windows\System32\credssp.dll
2015-01-10 06:27:54   172032   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47   248832   ----a-w-   C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44   221184   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39   550912   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32   17408   ----a-w-   C:\Windows\SysWow64\credssp.dll
2015-01-09 02:03:01   3201536   ----a-w-   C:\Windows\System32\win32k.sys
2015-01-03 21:33:28   50976   ----a-w-   C:\Windows\System32\drivers\avgtpx64.sys
.
============= FINISH: 20:34:47.11 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/4/2014 11:41:26 PM
System Uptime: 3/21/2015 8:12:00 PM (0 hours ago)
.
Motherboard: Acer |  | Aspire 5560
Processor: AMD A6-3420M APU with Radeon(tm) HD Graphics | Socket FS1 | 1500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 282 GiB total, 224.304 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP78: 12/16/2014 1:47:28 PM - Windows Update
RP79: 12/25/2014 1:34:00 AM - Windows Update
RP80: 1/3/2015 3:35:44 PM - Windows Update
RP81: 2/8/2015 10:31:28 AM - Windows Update
RP82: 2/10/2015 10:28:42 PM - Windows Update
RP83: 2/18/2015 7:38:25 PM - Windows Update
RP84: 2/19/2015 6:32:46 AM - Windows Update
RP85: 2/19/2015 10:54:33 PM - Windows Update
RP86: 2/20/2015 11:32:28 PM - Windows Update
RP87: 2/21/2015 4:56:58 PM - Configured clear.fi
RP88: 2/23/2015 8:32:36 PM - Removed League of Legends
RP89: 2/23/2015 8:33:50 PM - Removed Microsoft SQL Server 2005 Compact Edition [ENU]
RP90: 2/25/2015 6:13:13 PM - Windows Update
RP91: 3/16/2015 9:38:32 PM - Windows Update
.
==== Installed Programs ======================
.
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Adobe AIR
Adobe Flash Player 12 ActiveX
Adobe Reader X (10.1.0) MUI
Adobe Shockwave Player 12.0
Agatha Christie - Death on the Nile
AMD APP SDK Runtime
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Backup Manager V3
Bejeweled 2 Deluxe
Bing Bar
Bonjour
Bonjour Print Services
Bookmark Search
Broadcom Card Reader Driver Installer
Broadcom Gigabit NetLink Controller
Build-a-lot 4 - Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chronicles of Albian
Chuzzle Deluxe
clear.fi Client
Cradle of Rome 2
D3DX10
Dolby Advanced Audio v2
Dora's World Adventure
Evernote v. 4.5.1
FATE: The Cursed King
Final Drive: Nitro
FindingDiscount
Galerie de photos Windows Live
Genie Cleaner
Genie Wifi
Google Chrome
Google Update Helper
Governor of Poker 2 Premium Edition
Identity Card
Itibiti RTC
iTunes
Java 7 Update 51
Java Auto Updater
Jewel Match 3
Junk Mail filter update
KMPlayer
KNCTR
Launch Manager
Malwarebytes Anti-Malware version 2.0.4.1028
McAfee Internet Security Suite
McAfee SiteAdvisor
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mobile Mouse Server
MSVCRT
MSVCRT_amd64
Muvic Smartbar
Muvic Smartbar Engine
Mystery of Mortlake Mansion
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
newsXpresso
NOOK for PC
Norton Online Backup
NTI Media Maker 9
Pando Media Booster
Penguins!
PhotoScape
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Rocket
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Sendori
Shredder
Skype™ 6.13
SumatraPDF
swMSM
Torchlight
Unity Web Player
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers
VLC media player 2.1.2
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Zuma's Revenge
.
==== End Of File ===========================

Corrine

#6
March 22, 2015, 01:52:31 PM
Hi, Kyla. 

Although AdwCleaner and JRT helped, there's still unwanted files not shown in installed programs. 

Please follow these instructions carefully.  Download ComboFix from the following location:  Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

    Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

  • If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts. 
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

KylaB97

#7
March 22, 2015, 07:46:50 PM
Hi Corrine,

I was unable to get combofix to download in normal mode so my mom helped me try to transfer the file from a USB. That didn't work either so she showed me how to boot to safe mode with networking and combofix downloaded and ran. I hope that was ok. I'll post the log and see what happens when I try to boot to normally.

Here's the log.

ComboFix 15-03-14.03 - LATTY 03/22/2015  14:26:32.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5606.4656 [GMT -5:00]
Running from: c:\users\LATTY\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\cHEaup4all
c:\program files (x86)\cHEaup4all\N3oJi9AYUvsHFz.dat
c:\program files (x86)\cHEaup4all\N3oJi9AYUvsHFz.dll
c:\program files (x86)\cHEaup4all\N3oJi9AYUvsHFz.tlb
c:\program files (x86)\cHEaup4all\N3oJi9AYUvsHFz.x64.dll
c:\programdata\375
c:\programdata\375\{61F4C367-2B69-4F3F-A6F9-18513A805938}.swf
c:\programdata\8431531050558276890
c:\programdata\8431531050558276890\0a841754dc724909d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\10633df73fa969aed08d978f0d03e13d.ini
c:\programdata\8431531050558276890\13244b89af2842d8d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\18cac87c0e7341e1d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\2eabe7acfd356887d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\31854f12bb35fc08d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\3e9fed18edcd2298d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\4430f3845d722216d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\66336b36e48227b5d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\7b3be20988a787c3d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\7e02c61044b54d13d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\87d2021421fb5495d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\8abebf6d28d732bcd08d978f0d03e13d.ini
c:\programdata\8431531050558276890\a481fd1995644291d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\a880393fdeca7f37d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\ba83c608eed070c3d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\bff61ad840018d67d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\c4f2ef27cf0c9408d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\c5372c855d0988f5d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\dadb5aa3883fd623d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\db0c1a17a6d07810d08d978f0d03e13d.ini
c:\programdata\8431531050558276890\def2f33442641eccd08d978f0d03e13d.ini
c:\programdata\8431531050558276890\e81628aa6979291ed08d978f0d03e13d.ini
c:\programdata\8431531050558276890\fbb19bc0e1378aa7d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL
c:\programdata\8431531050558276890UL\093e84014faeb6d2d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\1878c1afe37a6843d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\198cdfe22d13c1abd08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\242c2fd4536773fad08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\2dd11d7d55568f75d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\3ed03cfb56800283d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\5175a0130ed5b449d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\659310361e8c6f3cd08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\8465c1fdfb127aa3d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\88ca0666a8bc42bcd08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\949eb5250aa63df0d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\9bec11cdd23aeb05d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\a45e8d31264287a5d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\b895ebcf88104095d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\bd7ce6740d045ceed08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\bd95dd966694472dd08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\be23f4a8c4053d7ad08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\c295e559d046ad1ed08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\c90970dadaa8483bd08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\dd4a2c5f72b1804bd08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\e2657abe6104cd00d08d978f0d03e13d.ini
c:\programdata\8431531050558276890UL\e7a261f5c12d8405d08d978f0d03e13d.ini
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\kpDtsFuA3.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\kpDtsFuA3.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\background.html
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\content.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\lsdb.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\tV2i.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\background.html
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\content.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\JnVZYYlPW.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\lsdb.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\background.html
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\content.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\lsdb.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\QyiXNWtP.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\background.html
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\content.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\lsdb.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\qN5.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\background.html
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\content.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\JzY.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\lsdb.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\background.html
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\content.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\lsdb.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\ZZiv1NLBRg.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\background.html
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\content.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\lsdb.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\vAvm3.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\background.html
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\content.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\lsdb.js
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\manifest.json
c:\users\Guest.LATTY-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\pQr.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\kpDtsFuA3.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\kpDtsFuA3.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\kpDtsFuA3.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\manifest.json
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\background.html
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\content.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\kpDtsFuA3.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\lsdb.js
c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\manifest.json
c:\users\LATTY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom
c:\users\LATTY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\background.html
c:\users\LATTY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\content.js
c:\users\LATTY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\kpDtsFuA3.js
c:\users\LATTY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\lsdb.js
c:\users\LATTY\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom
c:\users\LATTY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\background.html
c:\users\LATTY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\content.js
c:\users\LATTY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\kpDtsFuA3.js
c:\users\LATTY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dcpihhggfkonocnlemilofkbcgdgnhom\2.0\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibbkdilejnhmpilleppebbkmcnknfli\215\tV2i.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\JnVZYYlPW.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbboilcojikdnfpponljmiohnhdjcaj\105\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij\128\QyiXNWtP.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hadgncflclgppldajdlmglcbodpfhpon
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hadgncflclgppldajdlmglcbodpfhpon\162\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hadgncflclgppldajdlmglcbodpfhpon\162\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hadgncflclgppldajdlmglcbodpfhpon\162\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hadgncflclgppldajdlmglcbodpfhpon\162\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hadgncflclgppldajdlmglcbodpfhpon\162\wJbC.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif\205\qN5.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\JzY.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdoblggemelaimffjccmdbmodlppofd\193\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\ineenlmapbpbomkoapfbekknhnflcink\157\ZZiv1NLBRg.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgjgbepielhcjdamofdopfmfcdcfiin\208\vAvm3.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\joigbmldbihpmlncppcbegliiniaaime\128\pQr.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpjogfhobhpdcmcblieglnoooccfcmm
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpjogfhobhpdcmcblieglnoooccfcmm\162\background.html
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpjogfhobhpdcmcblieglnoooccfcmm\162\content.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpjogfhobhpdcmcblieglnoooccfcmm\162\lsdb.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpjogfhobhpdcmcblieglnoooccfcmm\162\manifest.json
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Extensions\plpjogfhobhpdcmcblieglnoooccfcmm\162\yFM8Z66v.js
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bibbkdilejnhmpilleppebbkmcnknfli
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bibbkdilejnhmpilleppebbkmcnknfli\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bibbkdilejnhmpilleppebbkmcnknfli\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bibbkdilejnhmpilleppebbkmcnknfli\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bibbkdilejnhmpilleppebbkmcnknfli\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bibbkdilejnhmpilleppebbkmcnknfli\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlggapfljcnbmajohkhhapaoajopbncm
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlggapfljcnbmajohkhhapaoajopbncm\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlggapfljcnbmajohkhhapaoajopbncm\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlggapfljcnbmajohkhhapaoajopbncm\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlggapfljcnbmajohkhhapaoajopbncm\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlggapfljcnbmajohkhhapaoajopbncm\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dpbboilcojikdnfpponljmiohnhdjcaj
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dpbboilcojikdnfpponljmiohnhdjcaj\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dpbboilcojikdnfpponljmiohnhdjcaj\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dpbboilcojikdnfpponljmiohnhdjcaj\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dpbboilcojikdnfpponljmiohnhdjcaj\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dpbboilcojikdnfpponljmiohnhdjcaj\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep\000005.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep\LOG.old
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep\MANIFEST-000004
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkakfimgbmogkpmjokgnbbanmmemcdij
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkakfimgbmogkpmjokgnbbanmmemcdij\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkakfimgbmogkpmjokgnbbanmmemcdij\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkakfimgbmogkpmjokgnbbanmmemcdij\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkakfimgbmogkpmjokgnbbanmmemcdij\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkakfimgbmogkpmjokgnbbanmmemcdij\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hadgncflclgppldajdlmglcbodpfhpon
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hadgncflclgppldajdlmglcbodpfhpon\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hadgncflclgppldajdlmglcbodpfhpon\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hadgncflclgppldajdlmglcbodpfhpon\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hadgncflclgppldajdlmglcbodpfhpon\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hadgncflclgppldajdlmglcbodpfhpon\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcghfieafojgpngcjbkbbjfecjbahhif
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcghfieafojgpngcjbkbbjfecjbahhif\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcghfieafojgpngcjbkbbjfecjbahhif\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcghfieafojgpngcjbkbbjfecjbahhif\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcghfieafojgpngcjbkbbjfecjbahhif\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcghfieafojgpngcjbkbbjfecjbahhif\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\000005.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\LOG.old
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\MANIFEST-000004
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijdoblggemelaimffjccmdbmodlppofd
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijdoblggemelaimffjccmdbmodlppofd\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijdoblggemelaimffjccmdbmodlppofd\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijdoblggemelaimffjccmdbmodlppofd\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijdoblggemelaimffjccmdbmodlppofd\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijdoblggemelaimffjccmdbmodlppofd\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ineenlmapbpbomkoapfbekknhnflcink
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ineenlmapbpbomkoapfbekknhnflcink\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ineenlmapbpbomkoapfbekknhnflcink\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ineenlmapbpbomkoapfbekknhnflcink\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ineenlmapbpbomkoapfbekknhnflcink\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ineenlmapbpbomkoapfbekknhnflcink\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhgjgbepielhcjdamofdopfmfcdcfiin
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhgjgbepielhcjdamofdopfmfcdcfiin\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhgjgbepielhcjdamofdopfmfcdcfiin\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhgjgbepielhcjdamofdopfmfcdcfiin\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhgjgbepielhcjdamofdopfmfcdcfiin\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jhgjgbepielhcjdamofdopfmfcdcfiin\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joigbmldbihpmlncppcbegliiniaaime
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joigbmldbihpmlncppcbegliiniaaime\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joigbmldbihpmlncppcbegliiniaaime\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joigbmldbihpmlncppcbegliiniaaime\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joigbmldbihpmlncppcbegliiniaaime\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\joigbmldbihpmlncppcbegliiniaaime\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl\000005.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl\LOG.old
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl\MANIFEST-000004
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plpjogfhobhpdcmcblieglnoooccfcmm
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plpjogfhobhpdcmcblieglnoooccfcmm\000003.log
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plpjogfhobhpdcmcblieglnoooccfcmm\CURRENT
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plpjogfhobhpdcmcblieglnoooccfcmm\LOCK
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plpjogfhobhpdcmcblieglnoooccfcmm\LOG
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\plpjogfhobhpdcmcblieglnoooccfcmm\MANIFEST-000002
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_afokpbkkgdkpbbmnbgamokfoopodamjd_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bibbkdilejnhmpilleppebbkmcnknfli_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bibbkdilejnhmpilleppebbkmcnknfli_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ddiblodcpaaieoopolanaoecbhicgjfo_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ddiblodcpaaieoopolanaoecbhicgjfo_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlggapfljcnbmajohkhhapaoajopbncm_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlggapfljcnbmajohkhhapaoajopbncm_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dpbboilcojikdnfpponljmiohnhdjcaj_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dpbboilcojikdnfpponljmiohnhdjcaj_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehloibeiaffhibffchiobihgcainmcep_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehloibeiaffhibffchiobihgcainmcep_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkakfimgbmogkpmjokgnbbanmmemcdij_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkakfimgbmogkpmjokgnbbanmmemcdij_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hadgncflclgppldajdlmglcbodpfhpon_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hadgncflclgppldajdlmglcbodpfhpon_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcghfieafojgpngcjbkbbjfecjbahhif_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hcghfieafojgpngcjbkbbjfecjbahhif_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibgbdgngjflpkahkoabmiijlaggkinaj_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibgbdgngjflpkahkoabmiijlaggkinaj_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ijdoblggemelaimffjccmdbmodlppofd_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ijdoblggemelaimffjccmdbmodlppofd_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ineenlmapbpbomkoapfbekknhnflcink_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ineenlmapbpbomkoapfbekknhnflcink_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jhgjgbepielhcjdamofdopfmfcdcfiin_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jhgjgbepielhcjdamofdopfmfcdcfiin_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_joigbmldbihpmlncppcbegliiniaaime_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_joigbmldbihpmlncppcbegliiniaaime_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_plpjogfhobhpdcmcblieglnoooccfcmm_0.localstorage-journal
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_plpjogfhobhpdcmcblieglnoooccfcmm_0.localstorage
c:\users\LATTY\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\LATTY\AppData\Local\Microsoft\Windows\Temporary Internet Files\8a15ac3d-c284-44c8-945a-1fb41f2d5b3c.jpg
c:\users\LATTY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Deal Keeper_iels
c:\users\LATTY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Mega Browse_iels
c:\users\LATTY\AppData\Local\nsj3094.tmp
c:\users\LATTY\AppData\Local\Temp\nsbDCC9.tmp\System.dll
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-22 to 2015-03-22  )))))))))))))))))))))))))))))))
.
.
2015-03-22 19:37 . 2015-03-22 19:37   --------   d-----w-   c:\users\Default\AppData\Local\temp
2015-03-22 19:37 . 2015-03-22 19:37   --------   d-----w-   c:\users\Guest.LATTY-PC\AppData\Local\temp
2015-03-21 23:44 . 2015-02-20 03:29   372224   ----a-w-   c:\windows\system32\atmfd.dll
2015-03-21 23:44 . 2015-02-20 03:09   299008   ----a-w-   c:\windows\SysWow64\atmfd.dll
2015-03-21 23:44 . 2015-02-20 04:41   41984   ----a-w-   c:\windows\system32\lpk.dll
2015-03-21 23:44 . 2015-02-20 04:40   46080   ----a-w-   c:\windows\system32\atmlib.dll
2015-03-21 23:44 . 2015-02-20 04:13   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2015-03-21 23:44 . 2015-02-20 04:40   14336   ----a-w-   c:\windows\system32\dciman32.dll
2015-03-21 23:44 . 2015-02-20 04:13   10240   ----a-w-   c:\windows\SysWow64\dciman32.dll
2015-03-21 23:44 . 2015-02-20 04:40   100864   ----a-w-   c:\windows\system32\fontsub.dll
2015-03-21 23:44 . 2015-02-20 04:13   70656   ----a-w-   c:\windows\SysWow64\fontsub.dll
2015-03-21 23:44 . 2015-02-20 04:12   25600   ----a-w-   c:\windows\SysWow64\lpk.dll
2015-03-21 23:42 . 2015-02-03 03:16   3917760   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2015-03-21 23:41 . 2014-10-31 22:24   619056   ----a-w-   c:\windows\system32\winload.exe
2015-03-21 23:40 . 2015-02-03 03:31   37376   ----a-w-   c:\windows\system32\pcadm.dll
2015-03-21 23:40 . 2015-02-03 03:30   440832   ----a-w-   c:\windows\system32\AudioEng.dll
2015-03-21 23:40 . 2015-02-03 03:12   374784   ----a-w-   c:\windows\SysWow64\AudioEng.dll
2015-03-21 23:40 . 2015-02-03 03:30   55808   ----a-w-   c:\windows\system32\rrinstaller.exe
2015-03-21 23:40 . 2015-02-03 03:11   50176   ----a-w-   c:\windows\SysWow64\rrinstaller.exe
2015-03-21 23:40 . 2015-02-03 03:30   146944   ----a-w-   c:\windows\system32\appidpolicyconverter.exe
2015-03-21 23:40 . 2015-02-03 03:12   442880   ----a-w-   c:\windows\SysWow64\AUDIOKSE.dll
2015-03-21 23:40 . 2015-02-03 03:30   112640   ----a-w-   c:\windows\system32\smss.exe
2015-03-21 23:40 . 2015-02-03 03:31   206848   ----a-w-   c:\windows\system32\mfps.dll
2015-03-21 23:40 . 2015-02-03 03:12   103424   ----a-w-   c:\windows\SysWow64\mfps.dll
2015-03-21 23:40 . 2015-02-03 03:12   50688   ----a-w-   c:\windows\SysWow64\appidapi.dll
2015-03-21 23:40 . 2015-02-03 03:31   11264   ----a-w-   c:\windows\system32\msmmsp.dll
2015-03-21 23:40 . 2015-02-03 03:30   58880   ----a-w-   c:\windows\system32\appidapi.dll
2015-03-21 23:38 . 2015-02-03 03:30   12625920   ----a-w-   c:\windows\system32\wmploc.DLL
2015-03-21 23:38 . 2015-02-03 03:11   12625408   ----a-w-   c:\windows\SysWow64\wmploc.DLL
2015-03-21 23:38 . 2015-02-03 03:09   2048   ----a-w-   c:\windows\SysWow64\mferror.dll
2015-03-21 23:38 . 2015-02-03 03:28   2048   ----a-w-   c:\windows\system32\mferror.dll
2015-03-21 23:33 . 2015-03-06 05:42   210944   ----a-w-   c:\windows\system32\wdigest.dll
2015-03-21 23:32 . 2015-01-17 02:48   1067520   ----a-w-   c:\windows\system32\msctf.dll
2015-03-21 23:32 . 2015-01-17 02:30   828928   ----a-w-   c:\windows\SysWow64\msctf.dll
2015-03-21 23:32 . 2015-02-03 03:31   1424896   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2015-03-21 23:32 . 2015-02-03 03:12   1230848   ----a-w-   c:\windows\SysWow64\WindowsCodecs.dll
2015-03-21 23:32 . 2015-02-26 03:25   3204096   ----a-w-   c:\windows\system32\win32k.sys
2015-03-21 23:32 . 2015-02-20 02:08   47616   ----a-w-   c:\windows\SysWow64\ieetwproxystub.dll
2015-03-21 23:30 . 2015-02-20 02:48   2886144   ----a-w-   c:\windows\system32\iertutil.dll
2015-03-21 23:29 . 2015-02-04 03:16   465920   ----a-w-   c:\windows\system32\WMPhoto.dll
2015-03-21 23:29 . 2015-02-04 02:54   417792   ----a-w-   c:\windows\SysWow64\WMPhoto.dll
2015-03-21 23:12 . 2015-03-21 23:13   --------   d-----w-   c:\program files (x86)\SumatraPDF
2015-03-21 23:09 . 2015-03-21 23:11   --------   d-----w-   c:\program files (x86)\PhotoScape
2015-03-17 00:41 . 2015-01-09 03:14   29696   ----a-w-   c:\windows\system32\powertracker.dll
2015-03-17 00:41 . 2015-01-09 03:14   950272   ----a-w-   c:\windows\system32\perftrack.dll
2015-03-17 00:41 . 2015-01-09 03:14   91136   ----a-w-   c:\windows\system32\wdi.dll
2015-03-17 00:41 . 2015-01-09 02:48   76800   ----a-w-   c:\windows\SysWow64\wdi.dll
2015-03-01 00:56 . 2015-03-22 01:11   --------   d-----w-   C:\AdwCleaner
2015-02-27 00:26 . 2015-02-27 00:26   --------   d-----w-   c:\program files (x86)\Bookmark Search
2015-02-26 04:33 . 2015-02-26 04:33   --------   d-----w-   c:\users\LATTY\Tracing
2015-02-26 03:30 . 2015-02-26 03:32   129752   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-26 03:30 . 2014-11-21 12:14   93400   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2015-02-26 03:30 . 2014-11-21 12:14   63704   ----a-w-   c:\windows\system32\drivers\mwac.sys
2015-02-26 03:30 . 2014-11-21 12:14   25816   ----a-w-   c:\windows\system32\drivers\mbam.sys
2015-02-26 03:30 . 2015-02-26 03:30   --------   d-----w-   c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-26 03:30 . 2015-02-26 03:30   --------   d-----w-   c:\programdata\Malwarebytes
2015-02-26 03:06 . 2015-02-26 04:31   --------   d-----w-   c:\program files (x86)\BharatMatrimony
2015-02-24 03:34 . 2015-02-24 03:34   --------   d-----w-   c:\users\LATTY\AppData\Roaming\Unity
2015-02-24 02:58 . 2015-02-24 02:58   --------   d-----w-   c:\users\LATTY\AppData\Local\Unity
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-21 23:07 . 2015-02-08 05:41   20   ----a-w-   c:\users\LATTY\AppData\Roaming\appdataFr3.bin
2015-01-03 21:33 . 2014-02-19 06:02   50976   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2014-12-25 07:40 . 2014-02-07 07:15   112710672   ----a-w-   c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GenieFloater"="c:\program files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe" [2015-02-06 1850520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys

  • R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys

  • R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys

  • R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe

  • R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

  • R2 cae99edb;Super Optimizer;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe

  • R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

  • R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe

  • R2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe

  • R2 GenieCleanService;GenieCleanService;c:\program files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe;c:\program files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe

  • R2 GenieWifiService;GenieWifiService;c:\program files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe;c:\program files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe

  • R2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe

  • R2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe

  • R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe

  • R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE

  • R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

  • R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe

  • R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys

  • R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE

  • R3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys

  • R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys

  • R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

  • R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

  • R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe

  • R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe

  • R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe

  • R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys

  • R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

  • R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys

  • R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys

  • R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

  • R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe

  • R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe

  • S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys

  • S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys

  • S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys

  • S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys

  • S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys

  • S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe

  • S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe

  • S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe

  • S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys

  • S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys

  • S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys

  • S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys

  • S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys

  • S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys

  • .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-03-21 23:57   1061704   ----a-w-   c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-11-08 c:\windows\Tasks\1114tbUpdateInfo.job
    - c:\programdata\Avg_Update_1114tb\1114tb_{336B872A-FBE6-4198-A500-21A034FCB091}.exe [2014-11-08 06:49]
    .
    2015-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-08 05:48]
    .
    2015-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-08 05:48]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
    "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
    "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mDefault_Search_URL = www.google.com
    mDefault_Page_URL = www.google.com
    mStart Page = www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page = www.google.com
    uSearchAssistant = www.google.com
    TCP: DhcpNameServer = 99.196.99.99 99.197.99.99
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{3165cb3b-b913-4030-8e3e-844f497ef8cf} - c:\program files (x86)\cHEaup4all\N3oJi9AYUvsHFz.dll
    Toolbar-Locked - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    BHO-{3165cb3b-b913-4030-8e3e-844f497ef8cf} - c:\program files (x86)\cHEaup4all\N3oJi9AYUvsHFz.x64.dll
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-3D BubbleSound - c:\program files\BubbleSound\3D BubbleSound.exe
    AddRemove-Sendori - c:\program files (x86)\Sendori\Uninstall.exe
    AddRemove-Rocket - c:\users\LATTY\AppData\Local\Rocket\Application\31.0.1650.23\Installer\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-03-22  14:40:39
    ComboFix-quarantined-files.txt  2015-03-22 19:40
    .
    Pre-Run: 241,889,792,000 bytes free
    Post-Run: 241,658,986,496 bytes free
    .
    - - End Of File - - 5F37E4CA17ABA01B042F76D3901AA542
    A36C5E4F47E84449FF07ED3517B43A31

Corrine

#8
March 22, 2015, 10:37:51 PM
Hi, Kyla. 

Let's take care of the outdated, vulnerable software on the computer next.

1.  Because I'm seeing a lot of games on your boyfriend's computer, it appears that he needs to keep Oracle Java installed.  However, the version is seriously outdated.  Since updating to Java 8 will likely end leaving the old Java 7 version behind, please do the following:

  • Uninstall Java 7Update 51
  • Go to http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html and download jre-8u40-windows-i586.exeNote:Please pay attention to each screen when installing because Oracle has long included unnecessary pre-checked options with the updates.
  • After the installation is complete, I suggest you make the following change via the Java Control Panel to suppress the offers for the pre-checked unwanted extras.
1.    Launch the Windows Start menu
2.    Click on Programs
3.    Find the Java program listing
4.    Click Configure Java to launch the Java Control Panel
5.    Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
6.    Check the box by the "Suppress sponsor offers when installing or updating Java" option and click OK.

2.   Adobe Reader 10.1.0 is out of date.  The current version, released in December, is 11.0.10.  However, I note that SumatraPDF is also installed on the computer.  Long ago, I uninstalled Adobe Reader and switched to SumatraPDF.  Please check with your boyfriend and if he agrees, I suggest you uninstall Adobe Reder.  However, if he wants to keep it, the update for Windows is available here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=WindowsNote: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

3.  Now that we have the outdated software out of the way, let's move on and take care of a leftover from AVG and one other file identified by several A/V programs as a PUP. 

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:

Code Select

Folder::
C:\Program Files (x86)\The Phone Support Dock

Driver::
avgtpx64.sys


  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.





  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please let me know how the computer is running now.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

KylaB97

#9
March 23, 2015, 12:41:49 AM
Hi Corrine,

I think my mom and I may have messed up. I'll post the log and you can tell me if we did or not. Mom said you should be able to tell by looking at the log.

Also, McAfee says it is not activated when I go in to turn it off. I also get a pop up that says it needs to be renewed. Mom said it would be best if we just uninstalled it and installed Avast or whatever else would be a good AV for him.


ComboFix 15-03-23.01 - LATTY 03/22/2015  19:18:33.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5606.4075 [GMT -5:00]
Running from: c:\users\LATTY\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-23 to 2015-03-23  )))))))))))))))))))))))))))))))
.
.
2015-03-21 23:44 . 2015-02-20 03:29   372224   ----a-w-   c:\windows\system32\atmfd.dll
2015-03-21 23:44 . 2015-02-20 03:09   299008   ----a-w-   c:\windows\SysWow64\atmfd.dll
2015-03-21 23:44 . 2015-02-20 04:41   41984   ----a-w-   c:\windows\system32\lpk.dll
2015-03-21 23:44 . 2015-02-20 04:40   46080   ----a-w-   c:\windows\system32\atmlib.dll
2015-03-21 23:44 . 2015-02-20 04:13   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2015-03-21 23:44 . 2015-02-20 04:40   14336   ----a-w-   c:\windows\system32\dciman32.dll
2015-03-21 23:44 . 2015-02-20 04:13   10240   ----a-w-   c:\windows\SysWow64\dciman32.dll
2015-03-21 23:44 . 2015-02-20 04:40   100864   ----a-w-   c:\windows\system32\fontsub.dll
2015-03-21 23:44 . 2015-02-20 04:13   70656   ----a-w-   c:\windows\SysWow64\fontsub.dll
2015-03-21 23:44 . 2015-02-20 04:12   25600   ----a-w-   c:\windows\SysWow64\lpk.dll
2015-03-21 23:42 . 2015-02-03 03:16   3917760   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2015-03-21 23:41 . 2014-10-31 22:24   619056   ----a-w-   c:\windows\system32\winload.exe
2015-03-21 23:40 . 2015-02-03 03:31   37376   ----a-w-   c:\windows\system32\pcadm.dll
2015-03-21 23:40 . 2015-02-03 03:30   440832   ----a-w-   c:\windows\system32\AudioEng.dll
2015-03-21 23:40 . 2015-02-03 03:12   374784   ----a-w-   c:\windows\SysWow64\AudioEng.dll
2015-03-21 23:40 . 2015-02-03 03:30   55808   ----a-w-   c:\windows\system32\rrinstaller.exe
2015-03-21 23:40 . 2015-02-03 03:11   50176   ----a-w-   c:\windows\SysWow64\rrinstaller.exe
2015-03-21 23:40 . 2015-02-03 03:30   146944   ----a-w-   c:\windows\system32\appidpolicyconverter.exe
2015-03-21 23:40 . 2015-02-03 03:12   442880   ----a-w-   c:\windows\SysWow64\AUDIOKSE.dll
2015-03-21 23:40 . 2015-02-03 03:30   112640   ----a-w-   c:\windows\system32\smss.exe
2015-03-21 23:40 . 2015-02-03 03:31   206848   ----a-w-   c:\windows\system32\mfps.dll
2015-03-21 23:40 . 2015-02-03 03:12   103424   ----a-w-   c:\windows\SysWow64\mfps.dll
2015-03-21 23:40 . 2015-02-03 03:12   50688   ----a-w-   c:\windows\SysWow64\appidapi.dll
2015-03-21 23:40 . 2015-02-03 03:31   11264   ----a-w-   c:\windows\system32\msmmsp.dll
2015-03-21 23:40 . 2015-02-03 03:30   58880   ----a-w-   c:\windows\system32\appidapi.dll
2015-03-21 23:38 . 2015-02-03 03:30   12625920   ----a-w-   c:\windows\system32\wmploc.DLL
2015-03-21 23:38 . 2015-02-03 03:11   12625408   ----a-w-   c:\windows\SysWow64\wmploc.DLL
2015-03-21 23:38 . 2015-02-03 03:09   2048   ----a-w-   c:\windows\SysWow64\mferror.dll
2015-03-21 23:38 . 2015-02-03 03:28   2048   ----a-w-   c:\windows\system32\mferror.dll
2015-03-21 23:33 . 2015-03-06 05:42   210944   ----a-w-   c:\windows\system32\wdigest.dll
2015-03-21 23:32 . 2015-01-17 02:48   1067520   ----a-w-   c:\windows\system32\msctf.dll
2015-03-21 23:32 . 2015-01-17 02:30   828928   ----a-w-   c:\windows\SysWow64\msctf.dll
2015-03-21 23:32 . 2015-02-03 03:31   1424896   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2015-03-21 23:32 . 2015-02-03 03:12   1230848   ----a-w-   c:\windows\SysWow64\WindowsCodecs.dll
2015-03-21 23:32 . 2015-02-26 03:25   3204096   ----a-w-   c:\windows\system32\win32k.sys
2015-03-21 23:32 . 2015-02-20 02:08   47616   ----a-w-   c:\windows\SysWow64\ieetwproxystub.dll
2015-03-21 23:30 . 2015-02-20 02:48   2886144   ----a-w-   c:\windows\system32\iertutil.dll
2015-03-21 23:29 . 2015-02-04 03:16   465920   ----a-w-   c:\windows\system32\WMPhoto.dll
2015-03-21 23:29 . 2015-02-04 02:54   417792   ----a-w-   c:\windows\SysWow64\WMPhoto.dll
2015-03-21 23:12 . 2015-03-21 23:13   --------   d-----w-   c:\program files (x86)\SumatraPDF
2015-03-21 23:09 . 2015-03-21 23:11   --------   d-----w-   c:\program files (x86)\PhotoScape
2015-03-17 00:41 . 2015-01-09 03:14   29696   ----a-w-   c:\windows\system32\powertracker.dll
2015-03-17 00:41 . 2015-01-09 03:14   950272   ----a-w-   c:\windows\system32\perftrack.dll
2015-03-17 00:41 . 2015-01-09 03:14   91136   ----a-w-   c:\windows\system32\wdi.dll
2015-03-17 00:41 . 2015-01-09 02:48   76800   ----a-w-   c:\windows\SysWow64\wdi.dll
2015-03-01 00:56 . 2015-03-22 23:17   --------   d-----w-   C:\AdwCleaner
2015-02-27 00:26 . 2015-02-27 00:26   --------   d-----w-   c:\program files (x86)\Bookmark Search
2015-02-26 04:33 . 2015-02-26 04:33   --------   d-----w-   c:\users\LATTY\Tracing
2015-02-26 03:30 . 2015-02-26 03:32   129752   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-26 03:30 . 2014-11-21 12:14   93400   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2015-02-26 03:30 . 2014-11-21 12:14   63704   ----a-w-   c:\windows\system32\drivers\mwac.sys
2015-02-26 03:30 . 2014-11-21 12:14   25816   ----a-w-   c:\windows\system32\drivers\mbam.sys
2015-02-26 03:30 . 2015-02-26 03:30   --------   d-----w-   c:\program files (x86)\Malwarebytes Anti-Malware
2015-02-26 03:30 . 2015-02-26 03:30   --------   d-----w-   c:\programdata\Malwarebytes
2015-02-26 03:06 . 2015-02-26 04:31   --------   d-----w-   c:\program files (x86)\BharatMatrimony
2015-02-24 03:34 . 2015-02-24 03:34   --------   d-----w-   c:\users\LATTY\AppData\Roaming\Unity
2015-02-24 02:58 . 2015-02-24 02:58   --------   d-----w-   c:\users\LATTY\AppData\Local\Unity
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-21 23:07 . 2015-02-08 05:41   20   ----a-w-   c:\users\LATTY\AppData\Roaming\appdataFr3.bin
2015-01-03 21:33 . 2014-02-19 06:02   50976   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2014-12-25 07:40 . 2014-02-07 07:15   112710672   ----a-w-   c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3165cb3b-b913-4030-8e3e-844f497ef8cf}]
c:\program files (x86)\cHEaup4all\N3oJi9AYUvsHFz.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GenieFloater"="c:\program files (x86)\Genie Soft\Genie Cleaner\GenieFloater.exe" [2015-02-06 1850520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-03-07 335232]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 cae99edb;Super Optimizer;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe

  • R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

  • R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe

  • R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE

  • R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

  • R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

  • R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe

  • R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe

  • R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe

  • R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys

  • R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

  • R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys

  • R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys

  • R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

  • R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe

  • R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe

  • S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys

  • S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys

  • S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys

  • S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys

  • S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys

  • S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys

  • S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys

  • S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys

  • S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe

  • S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

  • S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

  • S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

  • S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe

  • S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe

  • S2 GenieCleanService;GenieCleanService;c:\program files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe;c:\program files (x86)\Genie Soft\Genie Cleaner\GenieCleanService.exe

  • S2 GenieWifiService;GenieWifiService;c:\program files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe;c:\program files (x86)\Genie Soft\Genie Wifi\GenieWifiService.exe

  • S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe

  • S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe

  • S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe

  • S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe

  • S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe

  • S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe

  • S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE

  • S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

  • S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys

  • S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys

  • S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys

  • S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys

  • S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys

  • S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys

  • S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys

  • S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys

  • S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys

  • .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-03-21 23:57   1061704   ----a-w-   c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-11-08 c:\windows\Tasks\1114tbUpdateInfo.job
    - c:\programdata\Avg_Update_1114tb\1114tb_{336B872A-FBE6-4198-A500-21A034FCB091}.exe [2014-11-08 06:49]
    .
    2015-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-08 05:48]
    .
    2015-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-08 05:48]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
    "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
    "3D BubbleSound"="c:\program files\BubbleSound\3D BubbleSound.exe" [BU]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Search_URL = www.google.com
    mDefault_Page_URL = www.google.com
    mStart Page = www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page = www.google.com
    uSearchAssistant = www.google.com
    TCP: DhcpNameServer = 99.196.99.99 99.197.99.99
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    AddRemove-Sendori - c:\program files (x86)\Sendori\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-03-22  19:27:11
    ComboFix-quarantined-files.txt  2015-03-23 00:27
    ComboFix2.txt  2015-03-22 23:38
    ComboFix3.txt  2015-03-22 19:40
    .
    Pre-Run: 242,330,816,512 bytes free
    Post-Run: 242,250,567,680 bytes free
    .
    - - End Of File - - 178428D9F9DB1B748918CA64E0241D95
    A36C5E4F47E84449FF07ED3517B43A31

Corrine

#10
March 23, 2015, 02:15:13 PM
Yes, something is off because the old AVG driver is still showing in the log.  Let's see what the previous run shows:

Hold down the Windows Key and the "R" key.  A run box will appear.  Copy and paste the following:
C:\Qoobox\ComboFix2.txt then click OK
Notepad will open with a log.  Post the contents of that log in your next reply.

If McAfee isn't going to be renewed, yes, let's make sure a working A/V is installed.  Since your Mom has already mentioned Avast, I suspect that is her recommendation.  In that case, please do the following:
  • First download Avast from here  https://www.avast.com/index but do not install it yet.
  • Also download the McAfee Removal tool from this direct download link:  http://us.mcafee.com/apps/supporttools/mcpr/mcpr.asp
  • Next, go to Programs and Features on the computer and uninstall McAfee Internet Security Suite.  You may want to leave McAfee SiteAdvisor installed (read about it at http://www.siteadvisor.com/final/index.html)
  • You should be prompted to restart the computer after the uninstall is complete.  If not, restart now.
  • To remove any left-over bits of McAfee, run the McAfee Removal Tool previously downloaded now.
  • Install the new A/V software you downloaded previously and check for updates.
If you have any questions about the above procedure, please let me know.  McAfee instructions are also available here:  How to uninstall or re-install supported McAfee products using the Consumer Products Removal tool.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

KylaB97

#11
March 24, 2015, 12:53:12 AM
Hi Corrine,
My boyfriend was in to much of a hurry and wanted his computer back so I gave it back to him today.

Thanks for all your help
KylaB

Corrine

#12
March 24, 2015, 02:33:48 AM
Hi, Kyla.

Guys can be like that.  :)  At least the computer is in better shape after you ran those tools.  As long as it is essentially working ok, I'm suspect he'll want the mess of tools and logs cleaned up.  So, it would be a good idea to have him to the following which will also get rid of any infected system restore points.

Please download Delfix from here.

Ensure the following boxes are checked:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore

  • Click Run
If you didn't have a chance to do something about the antivirus software, please pass along the information I provided if he decides to replace McAfee.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages1
User actions