WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93116 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Severly Infected and Cannot Connect

Started by mickey7 , Jul 10 2015 12:49 PM

Huge Mess of a Laptop

Please log in to reply

42 replies to this topic

#1 mickey7

Silver Member

Authentic Member
254 posts

Posted 10 July 2015 - 12:49 PM

Next problem from a former student. They dropped off this laptop because it didn't seem to be working right for them.

LAPTOP STATS:

HP Pavillion dv7-1232nr notebook

AMD 64

Windows Vista

Uses Windows Antivirus Program and had Malwarebytes previously installed.

Noticed tons of stuff on the desktop. Wide variety of "antispyware" etc type programs. Firstly tried to get online to check for updates.Could not get a successful internet connection. States connected but only locally. Cannot resolve DNS? errors to complete connection.

Ran the Malwarebytes that was on the computer. Ran until 3am. Found 14,078 items. Thought I quarantined and removed them. But after the finish button was done, it stated 0 threats successfully removed.

Installed Revo Uninstalled and removed suspicious programs. Through Control Panel removed more. Removed approximately 40+ programs that were known malware and suspicious.

Still unable to connect. Checked the adapter in device manager. Found numerous instance of 6to4 type adapters. Deleted all but one instance of each but disabled that remaining one. Still no luck with getting online. Also went into properties and tried both allowing the DNS to obtain itself and entering open DNS settings. Neither has worked.

Also tried running RogueKiller and tdsskiller. Not to successful there either. Tried re-running Malwarebytes after all these uninstalling of those programs. Still finding about 7900+ issues. Also received the same 0 threat removal after quarantine.

Posting and attaching logs for further advice. This is not the first time they have brought me their laptop. (It just doesn't seem to stick about how careful they need to be.) [I have a HJT and dds log available if needed.] Thank you for your time.

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-07-10 14:19:11
-----------------------------
14:19:11.706    OS Version: Windows x64 6.0.6002 Service Pack 2
14:19:11.706    Number of processors: 2 586 0x301
14:19:11.707    ComputerName: MITCH-PC UserName: MITCH
14:19:36.419    Initialize success
14:19:37.234    VM: initialized successfully
14:19:37.240    VM: Amd CPU BiosDisabled
14:19:57.250    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2
14:19:57.264    Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 8909 Size: 305245MB BusType: 3
14:19:57.772    Disk 0 MBR read successfully
14:19:57.780    Disk 0 MBR scan
14:19:57.788    Disk 0 unknown MBR code
14:20:08.353    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS       292028 MB offset 2048
14:20:08.388    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS        13213 MB offset 598075392
14:20:08.798    Disk 0 scanning C:\Windows\system32\drivers
14:20:50.248    Service scanning
14:22:35.988    Modules scanning
14:22:36.012    Disk 0 trace - called modules:
14:22:36.053    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:22:36.071    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003f59300]
14:22:36.098    3 CLASSPNP.SYS[fffffa6000a02c33] -> nt!IofCallDriver -> [0xfffffa8003f66950]
14:22:36.115    5 hpdskflt.sys[fffffa6001a02189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-2[0xfffffa8003f47060]
14:22:36.132    Disk 0 statistics 115665/0/0 @ 1.27 MB/s
14:22:36.148    Scan finished successfully
14:23:02.666    Disk 0 MBR has been saved successfully to "C:\Users\MITCH\Desktop\MBR.dat"
14:23:02.835    The log file has been saved successfully to "C:\Users\MITCH\Desktop\aswMBR.txt"

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01 (ATTENTION: ====> FRST version is 253 days old and could be outdated)
Ran by MITCH (administrator) on MITCH-PC on 10-07-2015 14:34:19
Running from C:\Users\MITCH\Desktop
Loaded Profile: MITCH (Available profiles: MITCH)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DiscountFrenzy) C:\Program Files (x86)\I - Cinema\e9d689fd-334c-4ca5-92be-ab72eda8d8c6-6.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(ClaraLabs) C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Rational Thought Solutions) C:\ProgramData\atpfbZ\SZSiITyB.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\System32\PresentationSettings.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [456192 2009-08-13] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-10-08] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM-x32\...\Run: [DVDAgent] => "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
HKLM-x32\...\Run: [CrashMon] => "C:\Program Files (x86)\0ca45c95134d\5596b4e010aa.exe" "UniversalUpdater" "http://log.data-url.com/crash/"
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-09-25] (CyberLink)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre1.8.0_25\bin\jusched.exe"
HKLM-x32\...\Run: [ospd_us_961] => [X]
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1684360 2015-05-26] (APN)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34eb4dd52
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34eb4dd52
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM - {934BCD49-C81A-4ED0-86DF-56EE1B6DA341} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM - {a3e1d674-04ee-4c9e-b143-442555830fb7} URL =
SearchScopes: HKLM - {C4B887F1-E634-4BCC-8BA4-6E91B16D2814} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM - {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Vosteran.com/...=1146529631&ir=
SearchScopes: HKLM-x32 - {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKLM-x32 - {934BCD49-C81A-4ED0-86DF-56EE1B6DA341} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM-x32 - {a3e1d674-04ee-4c9e-b143-442555830fb7} URL = http://search.condui...5163226023&UM=2
SearchScopes: HKLM-x32 - {C4B887F1-E634-4BCC-8BA4-6E91B16D2814} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {ef80d754-fb77-4a7f-be75-489beebb20c9} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKCU - DefaultScope {CFE23308-78C6-44BE-99F5-8A42DE00E17B} URL = http://search.yahoo....f-8&fr=chr-yie9
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKCU - {01BB66D3-9F1A-479A-AA5C-DB34B618B965} URL = http://www.search.as...rms}&psv=&pt=tb
SearchScopes: HKCU - {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKCU - {4F5E3C10-FEB0-467A-A7CD-FD0C05FDA134} URL = http://www.flickr.co...q={searchTerms}
SearchScopes: HKCU - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKCU - {CFE23308-78C6-44BE-99F5-8A42DE00E17B} URL = http://search.yahoo....f-8&fr=chr-yie9
SearchScopes: HKCU - {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Vosteran.com/...=1932793410&ir=
SearchScopes: HKCU - {EFA0BB11-5A96-43DF-A6CC-F172A691CAB1} URL = http://delicious.com...p={searchTerms}
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No File
Toolbar: HKCU - No Name - {238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9} - No File
Toolbar: HKCU - No Name - {534D542D-5637-006A-76A7-7A786E7484D7} - No File
Toolbar: HKCU - No Name - {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} - No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.0.180
Tcpip\..\Interfaces\{28A4C540-8B9E-470A-9135-F3AE6A55F184}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [NameServer] 82.163.143.150,82.163.142.152

FireFox:
========
FF ProfilePath: C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default
FF DefaultSearchEngine: Binkiland
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://search.gboxapp.com/?aff=p
FF Keyword.URL: https://search.yahoo...&type=238417&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @ei.GamingWonderland.com/Plugin -> C:\Program Files (x86)\GamingWonderlandEI\Installr\2.bin\NPgtEISB.dll No File
FF Plugin-x32: @ei.MapsGalaxy_39.com/Plugin -> C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll No File
FF Plugin-x32: @ei.RadioRage_4j.com/Plugin -> C:\Program Files (x86)\RadioRage_4jEI\Installr\1.bin\NP4jEISB.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @PackageTracer_69.com/Plugin -> C:\Program Files (x86)\PackageTracer_69\bar\1.bin\NP69Stub.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\user.js
FF SearchPlugin: C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\searchplugins\my-homepage.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\generic_search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF Extension: ArcadeWeb - C:\Users\MITCH\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com [2013-04-06]
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\Extensions\MGKN37049485@ACPSC11936960.com [2015-07-03]
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net [2013-08-07]
FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org [2013-08-13]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-14]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] - C:\Program Files (x86)\LyriXeeker\128.xpi
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\vriyjhvpjcaii@wkthnvmbgqrmsmmjo.net [Not Found]
FF Extension: No Name - vriyjhvpjcaii@wkthnvmbgqrmsmmjo.net [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-22]
CHR Extension: (Looper for YouTube) - C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg [2015-07-05]
CHR Extension: (No Name) - C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg [2015-01-06]
CHR HKCU\...\Chrome\Extension: [dpimglhojapikoeeifcifanbeinephdm] - C:\Users\MITCH\AppData\Local\CRE\dpimglhojapikoeeifcifanbeinephdm.crx []
CHR HKCU\...\Chrome\Extension: [lggjockdkhahihjfehmocmjakchihnjb] - C:\Users\MITCH\AppData\Local\CRE\lggjockdkhahihjfehmocmjakchihnjb.crx []
CHR HKLM-x32\...\Chrome\Extension: [dpimglhojapikoeeifcifanbeinephdm] - C:\Users\MITCH\AppData\Local\CRE\dpimglhojapikoeeifcifanbeinephdm.crx []
CHR HKLM-x32\...\Chrome\Extension: [lggjockdkhahihjfehmocmjakchihnjb] - C:\Users\MITCH\AppData\Local\CRE\lggjockdkhahihjfehmocmjakchihnjb.crx []

Attached Files

attach.zip 3.13KB 266 downloads

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 10 July 2015 - 01:57 PM

:welcome:

Is this a business or a school computer, do you fix computers for profit ?

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 mickey7

Silver Member

Authentic Member
254 posts

Posted 10 July 2015 - 02:55 PM

No I do not. I work at a public library and occasionally teach general computer use to the public as a library service. One of my former students approached me for help. I am doing this as a courtesy for her and her husband.

#4 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 10 July 2015 - 03:07 PM

OK, thanks

Let me see an entire FRST log. Go ahead and drag FRST to the trash and lets download and run a current version

Please download Farbar Recovery Scan Tool and save it to your DESKTOP

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

A simple way to check your system: Start --> Computer (right click) --> Properties

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Please make sure All Users is checked

Just keep the defaults as in the picture checkmarked

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#5 mickey7

Silver Member

Authentic Member
254 posts

Posted 10 July 2015 - 04:30 PM

Sorry for the delay... since I cannot connect I have to dl to a usb from my laptop and transfer stuff back and forth. But here are the new logs...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015
Ran by MITCH (administrator) on MITCH-PC on 10-07-2015 17:33:55
Running from C:\Users\MITCH\Desktop
Loaded Profiles: MITCH (Available Profiles: MITCH)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\PresentationSettings.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Farbar) C:\Users\MITCH\Desktop\FRST64(1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [456192 2009-08-13] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-10-08] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM-x32\...\Run: [DVDAgent] => "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
HKLM-x32\...\Run: [CrashMon] => "C:\Program Files (x86)\0ca45c95134d\5596b4e010aa.exe" "UniversalUpdater" "http://log.data-url.com/crash/"
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-09-25] (CyberLink)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre1.8.0_25\bin\jusched.exe"
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1684360 2015-05-26] (APN)
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-499354876-3266562091-500007027-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-499354876-3266562091-500007027-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {934BCD49-C81A-4ED0-86DF-56EE1B6DA341} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM -> {a3e1d674-04ee-4c9e-b143-442555830fb7} URL =
SearchScopes: HKLM -> {C4B887F1-E634-4BCC-8BA4-6E91B16D2814} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Vosteran.com/...=1146529631&ir=
SearchScopes: HKLM-x32 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKLM-x32 -> {934BCD49-C81A-4ED0-86DF-56EE1B6DA341} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM-x32 -> {a3e1d674-04ee-4c9e-b143-442555830fb7} URL = http://search.condui...5163226023&UM=2
SearchScopes: HKLM-x32 -> {C4B887F1-E634-4BCC-8BA4-6E91B16D2814} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {ef80d754-fb77-4a7f-be75-489beebb20c9} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> DefaultScope {CFE23308-78C6-44BE-99F5-8A42DE00E17B} URL = http://search.yahoo....f-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {01BB66D3-9F1A-479A-AA5C-DB34B618B965} URL = http://www.search.as...rms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {4F5E3C10-FEB0-467A-A7CD-FD0C05FDA134} URL = http://www.flickr.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {CFE23308-78C6-44BE-99F5-8A42DE00E17B} URL = http://search.yahoo....f-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Vosteran.com/...=1932793410&ir=
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {EFA0BB11-5A96-43DF-A6CC-F172A691CAB1} URL = http://delicious.com...p={searchTerms}
Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-05-30] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9} - No File
Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {534D542D-5637-006A-76A7-7A786E7484D7} - No File
Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} - No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.0.180
Tcpip\..\Interfaces\{28A4C540-8B9E-470A-9135-F3AE6A55F184}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{28A4C540-8B9E-470A-9135-F3AE6A55F184}: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.0.180
Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [NameServer] 82.163.143.150,82.163.142.152
Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.80.251

FireFox:
========
FF ProfilePath: C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default
FF DefaultSearchEngine: Binkiland
FF SearchEngineOrder.3: Bing
FF Keyword.URL: https://search.yahoo...&type=238417&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-25] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @ei.GamingWonderland.com/Plugin -> C:\Program Files (x86)\GamingWonderlandEI\Installr\2.bin\NPgtEISB.dll No File
FF Plugin-x32: @ei.MapsGalaxy_39.com/Plugin -> C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll No File
FF Plugin-x32: @ei.RadioRage_4j.com/Plugin -> C:\Program Files (x86)\RadioRage_4jEI\Installr\1.bin\NP4jEISB.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @PackageTracer_69.com/Plugin -> C:\Program Files (x86)\PackageTracer_69\bar\1.bin\NP69Stub.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-30] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2015-01-02] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [2011-12-01] ( )
FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @tools.google.com/Google Update;version=3 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @tools.google.com/Google Update;version=9 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF user.js: detected! => C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\user.js [2015-04-06]
FF SearchPlugin: C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\searchplugins\my-homepage.xml [2014-11-25]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\generic_search.xml [2014-11-13]
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net [2013-08-07]
FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org [2013-08-13]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-14]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Firefox\Extensions: [lyrix@lyrixeeker.co] - C:\Program Files (x86)\LyriXeeker\128.xpi
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\MGKN37049485@ACPSC11936960.com [not found]
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\vriyjhvpjcaii@wkthnvmbgqrmsmmjo.net [not found]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-25] <==== ATTENTION

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-22]
CHR Extension: (Looper for YouTube) - C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg [2015-07-05]
CHR HKLM\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
CHR HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dpimglhojapikoeeifcifanbeinephdm] - C:\Users\MITCH\AppData\Local\CRE\dpimglhojapikoeeifcifanbeinephdm.crx [Not Found]
CHR HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lggjockdkhahihjfehmocmjakchihnjb] - C:\Users\MITCH\AppData\Local\CRE\lggjockdkhahihjfehmocmjakchihnjb.crx [Not Found]
CHR HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [dpimglhojapikoeeifcifanbeinephdm] - C:\Users\MITCH\AppData\Local\CRE\dpimglhojapikoeeifcifanbeinephdm.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jmbmildjdmppofnohldicmnkojfhggmb] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lggjockdkhahihjfehmocmjakchihnjb] - C:\Users\MITCH\AppData\Local\CRE\lggjockdkhahihjfehmocmjakchihnjb.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [Äÿ] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-28] (APN LLC.)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-06-29] () [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe [240640 2009-08-13] (IDT, Inc.)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
S2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe run [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-11] ()
S3 cpuz134; \??\C:\Users\MITCH\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U4 eabfiltr; No ImagePath
S4 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 17:33 - 2015-07-10 17:35 - 00022577 _____ C:\Users\MITCH\Desktop\FRST.txt
2015-07-10 17:33 - 2015-07-10 17:30 - 02112512 _____ (Farbar) C:\Users\MITCH\Desktop\FRST64(1).exe
2015-07-10 17:30 - 2015-07-10 17:30 - 00003436 _____ C:\Windows\System32\Tasks\PresentationSettingsTurnOff_MITCH-PC_MITCH
2015-07-10 14:29 - 2015-07-10 17:34 - 00000000 ____D C:\FRST
2015-07-10 14:23 - 2015-07-10 14:23 - 00001781 _____ C:\Users\MITCH\Desktop\aswMBR.txt
2015-07-10 14:23 - 2015-07-10 14:23 - 00000512 _____ C:\Users\MITCH\Desktop\MBR.dat
2015-07-10 14:17 - 2015-07-10 14:17 - 00006717 _____ C:\Users\MITCH\Desktop\dds.zip
2015-07-10 14:17 - 2015-07-10 14:17 - 00003205 _____ C:\Users\MITCH\Desktop\attach.zip
2015-07-10 14:16 - 2015-07-10 14:16 - 00024195 _____ C:\Users\MITCH\Desktop\dds.txt
2015-07-10 14:16 - 2015-07-10 14:16 - 00011630 _____ C:\Users\MITCH\Desktop\attach.txt
2015-07-10 14:02 - 2015-07-10 14:03 - 00011433 _____ C:\Users\MITCH\Documents\hijackthis.log
2015-07-10 13:58 - 2015-07-10 13:59 - 00002519 _____ C:\Users\MITCH\Desktop\HiJackThis.lnk
2015-07-10 13:58 - 2015-07-10 13:59 - 00000000 ____D C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-07-10 13:58 - 2015-07-10 13:58 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2015-07-10 13:57 - 2014-10-31 13:30 - 00688992 ____R (Swearware) C:\Users\MITCH\Desktop\dds.com
2015-07-10 13:57 - 2014-04-12 15:05 - 01402880 _____ C:\Users\MITCH\Desktop\HijackThis.msi
2015-07-10 08:57 - 2014-10-29 21:33 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\MITCH\Desktop\mbam-setup-2.0.3.1025.exe
2015-07-09 20:27 - 2015-07-09 22:53 - 00000000 ____D C:\Users\MITCH\Desktop\mbar
2015-07-09 20:24 - 2015-07-09 15:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\MITCH\Desktop\tdsskiller.exe
2015-07-09 19:14 - 2015-07-09 15:24 - 21971528 _____ C:\Users\MITCH\Desktop\RogueKillerX64.exe
2015-07-09 19:10 - 2015-07-09 15:19 - 05200384 _____ (AVAST Software) C:\Users\MITCH\Desktop\aswMBR.exe
2015-07-07 22:24 - 2015-07-07 22:24 - 00000000 ____D C:\Program Files (x86)\predm
2015-07-07 21:05 - 2015-07-07 15:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MITCH\Desktop\revosetup.exe
2015-07-07 17:59 - 2015-07-07 17:59 - 00000000 _____ C:\Users\MITCH\AppData\Local\Temp.dat
2015-07-07 17:51 - 2015-07-07 17:51 - 00001861 _____ C:\Users\MITCH\Desktop\chrome.lnk
2015-07-07 17:47 - 2015-07-07 17:47 - 00001104 _____ C:\Users\MITCH\Desktop\Live PC Help.lnk
2015-07-07 17:42 - 2015-07-07 21:05 - 00001059 _____ C:\Users\MITCH\Desktop\Revo Uninstaller.lnk
2015-07-07 17:42 - 2015-07-07 21:05 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-07 08:31 - 2015-07-07 08:31 - 00000949 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-07-05 01:32 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-05 01:32 - 2015-04-30 11:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-05 01:18 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Gravity Highlighter
2015-07-05 01:15 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\ClIckFaorSSale
2015-07-05 01:13 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\CliCCkFFOOrSualle
2015-07-05 01:07 - 2015-04-10 19:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-07-05 01:07 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-07-05 01:02 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Looper for YouTube
2015-07-03 23:41 - 2015-07-10 11:41 - 00000000 ____D C:\ProgramData\{d59329e7-058a-cbd1-d593-329e7058a79c}
2015-07-03 23:37 - 2015-07-05 00:55 - 00000000 ____D C:\Program Files (x86)\SaverProo
2015-07-03 23:35 - 2015-07-05 00:55 - 00000000 ____D C:\Program Files (x86)\SaaveerPPrro
2015-07-03 17:58 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\apppsavue
2015-07-03 17:54 - 2015-07-03 23:35 - 00000000 ____D C:\Program Files (x86)\appsAve
2015-07-03 17:18 - 2015-07-03 17:22 - 00004097 _____ C:\Windows\system32\dummy.002
2015-06-30 18:08 - 2015-06-30 18:08 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (38).exe
2015-06-30 17:55 - 2015-07-10 12:11 - 00000340 _____ C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job
2015-06-30 17:55 - 2015-07-03 23:41 - 00003252 _____ C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6]
2015-06-30 17:55 - 2015-07-03 17:57 - 00000000 ____D C:\ProgramData\{0da777ff-38fc-fbab-0da7-777ff38fdffc}
2015-06-27 22:14 - 2015-05-08 19:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-27 22:14 - 2015-05-08 19:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-27 22:10 - 2015-05-04 18:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-27 22:10 - 2015-05-04 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-27 22:10 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-27 22:10 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-27 22:10 - 2015-05-04 18:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-27 22:10 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-27 22:10 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-27 22:10 - 2015-05-04 18:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-27 22:10 - 2015-05-04 17:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-27 22:10 - 2015-05-04 17:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-27 22:09 - 2015-05-21 10:36 - 02795520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-27 21:42 - 2015-07-03 17:55 - 00000000 ____D C:\Program Files (x86)\QueenCCoupon
2015-06-27 21:40 - 2015-07-03 17:55 - 00000000 ____D C:\Program Files (x86)\QueeNNCCouupOan
2015-06-27 21:40 - 2015-04-24 11:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-27 21:40 - 2015-04-24 11:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-27 21:39 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Redbooth for Gmail
2015-06-26 17:35 - 2015-07-03 17:55 - 00000000 ____D C:\Program Files (x86)\dowaNloaditKeepo
2015-06-26 17:31 - 2015-07-03 17:55 - 00000000 ____D C:\Program Files (x86)\downlloadItkoeepu
2015-06-25 20:51 - 2015-06-26 17:32 - 00000000 ____D C:\Program Files (x86)\ShoupperMMaster
2015-06-25 20:47 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\SahoppaeruMMasteer
2015-06-25 20:46 - 2015-06-26 17:32 - 00000000 ____D C:\Program Files (x86)\ShopperrMasoter
2015-06-24 18:46 - 2015-06-24 18:46 - 00000680 _____ C:\Users\MITCH\AppData\Local\d3d9caps.dat
2015-06-24 17:38 - 2015-06-26 17:32 - 00000000 ____D C:\Program Files (x86)\BetterePriceChec
2015-06-24 17:37 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\BettterPRiceoCoheEac
2015-06-24 17:35 - 2015-06-26 17:32 - 00000000 ____D C:\Program Files (x86)\BEttteerPriCeoCheec
2015-06-24 17:11 - 2015-06-24 17:11 - 02808824 _____ (tuneuppro.com ) C:\Users\MITCH\Downloads\setup (5).exe
2015-06-22 23:35 - 2015-06-22 23:35 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\Unconfirmed 680101.crdownload
2015-06-22 23:33 - 2015-06-26 16:40 - 00001985 _____ C:\Users\MITCH\Desktop\Google Chrome.lnk
2015-06-22 23:31 - 2015-07-09 19:17 - 00000024 _____ C:\Users\MITCH\AppData\Roaming\appdataFr25.bin
2015-06-22 23:22 - 2015-06-22 23:24 - 00000000 ____D C:\94d4568a-ad62-4a6e-a62b-238f2297a462
2015-06-22 23:20 - 2015-06-22 23:20 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (37).exe
2015-06-22 23:09 - 2015-06-22 23:09 - 00341552 _____ C:\Users\MITCH\Downloads\Setup (4).exe
2015-06-22 23:09 - 2015-06-22 23:09 - 00341552 _____ C:\Users\MITCH\Downloads\Setup (3).exe
2015-06-22 22:22 - 2015-05-30 20:48 - 02343424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-22 22:21 - 2015-05-30 20:42 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-22 22:21 - 2015-05-30 20:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-22 22:21 - 2015-05-30 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-22 22:21 - 2015-05-30 20:40 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-22 22:21 - 2015-05-30 20:40 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-22 22:21 - 2015-05-30 20:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-22 22:21 - 2015-05-30 19:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-22 22:21 - 2015-05-30 19:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-22 22:21 - 2015-05-30 19:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-22 22:21 - 2015-05-30 19:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-22 22:21 - 2015-05-30 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-22 22:21 - 2015-05-30 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-22 22:21 - 2015-05-30 19:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-22 22:21 - 2015-05-30 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-22 22:21 - 2015-05-30 19:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-22 22:20 - 2015-05-30 21:05 - 17884672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-22 22:20 - 2015-05-30 20:41 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-22 22:20 - 2015-05-30 20:40 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-22 22:20 - 2015-05-30 20:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-22 22:19 - 2015-05-30 20:41 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-22 22:19 - 2015-05-30 20:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-22 22:19 - 2015-05-30 19:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-22 22:19 - 2015-05-30 19:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-22 22:19 - 2015-05-30 19:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-22 22:18 - 2015-05-30 20:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-22 22:18 - 2015-05-30 20:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-22 22:18 - 2015-05-30 20:41 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-22 22:18 - 2015-05-30 20:41 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-22 22:18 - 2015-05-30 20:41 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-22 22:18 - 2015-05-30 20:41 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-22 22:18 - 2015-05-30 20:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-22 22:18 - 2015-05-30 19:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-22 22:18 - 2015-05-30 19:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-22 22:18 - 2015-05-30 19:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-22 22:18 - 2015-05-30 19:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-22 22:18 - 2015-05-30 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-22 22:17 - 2015-05-30 20:49 - 10935296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-22 22:17 - 2015-05-30 20:41 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-22 22:17 - 2015-05-30 20:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-22 22:17 - 2015-05-30 19:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-22 22:17 - 2015-05-30 19:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-22 22:17 - 2015-05-30 19:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-22 22:17 - 2015-05-30 19:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-22 21:51 - 2015-07-03 17:55 - 00000000 ____D C:\Program Files (x86)\surfkeeepiit
2015-06-22 21:50 - 2015-07-03 17:55 - 00000000 ____D C:\Program Files (x86)\surfkeeepit
2015-06-21 14:24 - 2015-04-19 17:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-06-21 14:24 - 2015-04-19 17:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-06-21 14:24 - 2015-04-19 17:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-06-21 14:24 - 2015-04-19 17:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-06-21 14:24 - 2015-04-19 16:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-06-21 14:24 - 2015-04-19 16:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-06-21 14:24 - 2015-04-19 16:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-06-21 14:24 - 2015-04-19 16:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-21 14:24 - 2015-04-17 20:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-06-21 14:24 - 2015-04-17 20:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-06-21 14:24 - 2015-04-17 20:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-06-21 14:24 - 2015-04-17 20:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-06-21 14:24 - 2015-04-17 19:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-21 14:24 - 2015-04-17 19:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-06-21 14:24 - 2015-04-17 19:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-06-21 14:24 - 2015-04-17 19:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-21 14:24 - 2015-04-17 19:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-20 17:43 - 2015-06-20 17:43 - 00000000 ____D C:\Program Files (x86)\Galaxy New Tab
2015-06-20 17:33 - 2015-06-20 17:34 - 00000000 ____D C:\Program Files (x86)\ShopperMastter
2015-06-20 17:29 - 2015-06-20 17:30 - 00000000 ____D C:\Program Files (x86)\ShOppeReMaster
2015-06-20 17:01 - 2015-06-20 17:01 - 00000000 ____D C:\Program Files (x86)\saVeerabbOOx
2015-06-20 16:57 - 2015-06-20 17:04 - 00000000 ____D C:\Program Files (x86)\saverabOx
2015-06-20 16:53 - 2015-06-20 17:38 - 00000000 ____D C:\Program Files (x86)\JavaScript Popup Blocker
2015-06-13 03:11 - 2015-06-13 03:42 - 00763984 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (36).exe
2015-06-13 03:10 - 2015-06-13 03:30 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (35).exe
2015-06-13 03:09 - 2015-06-13 03:20 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (33).exe
2015-06-13 03:09 - 2015-06-13 03:19 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (34).exe
2015-06-13 03:03 - 2015-06-13 03:17 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (31).exe
2015-06-13 03:03 - 2015-06-13 03:13 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (32).exe
2015-06-13 02:56 - 2015-06-13 02:56 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (30).exe
2015-06-13 02:55 - 2015-06-13 02:55 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (29).exe
2015-06-13 02:35 - 2015-06-13 02:37 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (28).exe
2015-06-13 02:33 - 2015-06-13 02:33 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (27).exe
2015-06-13 02:22 - 2015-07-07 23:29 - 00000000 ____D C:\Program Files (x86)\Coupoon

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 17:34 - 2011-08-08 22:41 - 01103237 _____ C:\Windows\WindowsUpdate.log
2015-07-10 17:33 - 2008-10-23 05:54 - 00003580 _____ C:\Windows\System32\Tasks\HP Health Check
2015-07-10 17:28 - 2015-04-13 01:28 - 00001004 _____ C:\Windows\Tasks\Wqs3RURQofhshHTo.job
2015-07-10 17:28 - 2014-11-21 21:35 - 00000414 _____ C:\Windows\Tasks\Quick PC Booster64 startups.job
2015-07-10 17:28 - 2013-12-08 15:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b.job
2015-07-10 17:28 - 2011-12-22 01:42 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-07-10 17:28 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-10 17:28 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-10 17:28 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-10 17:27 - 2015-01-06 06:00 - 00000000 ____D C:\ProgramData\atpfbZ
2015-07-10 17:27 - 2014-09-23 16:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-10 17:27 - 2013-08-11 15:29 - 04059102 _____ C:\Windows\PFRO.log
2015-07-10 17:27 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\Help
2015-07-10 14:55 - 2008-10-23 03:45 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-07-10 14:55 - 2006-11-02 11:42 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-10 14:42 - 2011-10-15 20:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-10 14:34 - 2015-04-18 12:47 - 00000000 ____D C:\Program Files (x86)\Tab Hibernation
2015-07-10 14:34 - 2015-01-06 02:55 - 00000000 ____D C:\Program Files (x86)\ce88c4aa-b86a-4c1e-bb45-d6da615fde68
2015-07-10 14:34 - 2014-11-13 00:12 - 00000000 ____D C:\Users\MITCH\AppData\Local\12009
2015-07-10 14:34 - 2014-11-11 01:11 - 00000000 ____D C:\Program Files (x86)\360a619a-0cf8-4762-bee6-45c5335152cc
2015-07-10 14:22 - 2015-04-06 00:06 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-10 14:18 - 2012-09-10 13:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-10 14:17 - 2014-11-15 20:12 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA.job
2015-07-10 11:25 - 2014-09-23 16:56 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-10 11:24 - 2014-09-23 16:54 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-10 11:24 - 2014-09-23 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-09 23:45 - 2014-11-15 20:12 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core.job
2015-07-09 22:53 - 2014-12-02 01:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-09 20:24 - 2014-12-03 08:40 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-09 19:34 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\tracing
2015-07-09 19:15 - 2014-12-03 08:40 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-09 19:13 - 2006-11-02 08:46 - 00005086 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-09 02:03 - 2012-05-04 11:50 - 00002313 _____ C:\Windows\epplauncher.mif
2015-07-08 20:15 - 2015-01-03 21:42 - 00000000 ____D C:\Users\MITCH\AppData\Roaming\DigitalSites
2015-07-08 00:26 - 2015-03-16 02:56 - 00000000 ____D C:\Program Files (x86)\AmiExt
2015-07-07 23:23 - 2015-05-05 03:18 - 00000000 ____D C:\Users\MITCH\AppData\Local\CrashDumps
2015-07-07 23:15 - 2012-10-08 16:39 - 00000000 ____D C:\Windows\Minidump
2015-07-07 23:09 - 2014-11-12 17:55 - 00000000 ____D C:\Users\MITCH\AppData\Roaming\MailUpdate
2015-07-07 22:03 - 2014-12-07 19:43 - 00000000 ____D C:\Users\MITCH\AppData\Local\Gameo
2015-07-07 17:47 - 2015-01-06 22:42 - 00000000 ____D C:\Users\MITCH\AppData\Roaming\Systweak
2015-07-07 15:01 - 2014-05-28 03:38 - 00000288 _____ C:\Windows\Tasks\FastAgain PC Booster_DEFAULT.job
2015-07-07 08:31 - 2011-09-27 01:39 - 00000934 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-07 08:30 - 2011-09-27 01:38 - 00000915 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-07-07 03:12 - 2014-01-11 07:47 - 00000000 ____D C:\Windows\pss
2015-07-06 19:59 - 2015-01-24 22:51 - 00000000 ____D C:\ProgramData\PorOSuhoepper
2015-07-06 19:48 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache
2015-07-05 02:01 - 2008-10-23 05:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-05 01:54 - 2008-10-23 05:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-05 01:20 - 2015-01-25 18:52 - 00000000 ____D C:\ProgramData\6499773942544968838
2015-07-05 01:11 - 2014-12-07 19:21 - 00116019 _____ C:\Windows\system32\ScanResults.xml
2015-07-05 01:06 - 2011-08-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-05 00:42 - 2014-11-11 21:56 - 00000188 _____ C:\Users\MITCH\AppData\Roaming\WB.CFG
2015-07-05 00:35 - 2014-12-07 19:12 - 00000464 _____ C:\Windows\system32\ScannerSettings
2015-07-03 21:08 - 2006-11-02 08:33 - 77594624 _____ C:\Windows\system32\config\software_previous
2015-07-03 21:07 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\spool
2015-07-03 21:07 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\Msdtc
2015-07-03 21:07 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\registration
2015-07-03 21:07 - 2006-11-02 08:33 - 22544384 _____ C:\Windows\system32\config\system_previous
2015-07-03 21:02 - 2006-11-02 08:33 - 66322432 _____ C:\Windows\system32\config\components_previous
2015-07-03 21:01 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-07-03 17:09 - 2011-08-09 07:14 - 00000000 ____D C:\Users\MITCH
2015-07-03 16:20 - 2006-11-02 08:33 - 00524288 _____ C:\Windows\system32\config\default_previous
2015-07-03 16:20 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-06-30 17:37 - 2015-01-04 22:29 - 00000120 _____ C:\Windows\efix.ini
2015-06-30 17:37 - 2014-11-14 19:49 - 00000165 _____ C:\Windows\Reimage.ini
2015-06-27 22:30 - 2006-11-02 11:21 - 00317688 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-27 22:09 - 2013-11-20 01:25 - 00000000 ____D C:\Windows\system32\MRT
2015-06-26 17:03 - 2014-12-26 00:40 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-25 20:21 - 2012-09-10 13:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-25 20:21 - 2012-09-10 13:33 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-25 20:21 - 2011-08-14 13:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-22 22:32 - 2015-01-25 22:36 - 00000000 ____D C:\Program Files (x86)\deal2dealiiT
2015-06-22 22:32 - 2015-01-25 22:35 - 00000000 ____D C:\Program Files (x86)\Strong Password Generator
2015-06-22 22:32 - 2015-01-25 18:52 - 00000000 ____D C:\Program Files (x86)\CeOolSaaleCoUpoN
2015-06-22 21:50 - 2015-04-18 19:15 - 00000000 ____D C:\Program Files (x86)\KIngCouupon
2015-06-22 21:50 - 2015-04-18 12:48 - 00000000 ____D C:\Program Files (x86)\QuEeanCoeupon
2015-06-22 21:50 - 2015-04-14 20:14 - 00000000 ____D C:\Program Files (x86)\quicckshOp
2015-06-22 21:50 - 2015-04-14 20:05 - 00000000 ____D C:\Program Files (x86)\rocccketssaLe
2015-06-22 21:50 - 2015-03-26 21:46 - 00000000 ____D C:\Program Files (x86)\SHHoppeRMaster
2015-06-22 21:50 - 2015-03-26 21:44 - 00000000 ____D C:\Program Files (x86)\FlashhCCOupioNu
2015-06-22 21:50 - 2015-03-05 16:31 - 00000000 ____D C:\Program Files (x86)\SSalEsChiecker
2015-06-21 00:09 - 2006-11-02 09:33 - 00000000 __RSD C:\Windows\Media
2015-06-19 23:45 - 2013-05-12 21:04 - 00000000 ____D C:\temp

==================== Files in the root of some directories =======

2015-03-05 02:54 - 2015-03-05 02:54 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-06-22 23:31 - 2015-07-09 19:17 - 0000024 _____ () C:\Users\MITCH\AppData\Roaming\appdataFr25.bin
2015-03-16 03:44 - 2015-04-27 19:29 - 0000020 _____ () C:\Users\MITCH\AppData\Roaming\appdataFr3.bin
2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\MITCH\AppData\Roaming\QV
2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\MITCH\AppData\Roaming\TFNRF
2011-09-04 18:51 - 2011-09-04 18:51 - 0029216 _____ () C:\Users\MITCH\AppData\Roaming\UserTile.png
2014-11-11 21:56 - 2015-07-05 00:42 - 0000188 _____ () C:\Users\MITCH\AppData\Roaming\WB.CFG
2015-03-31 04:14 - 2015-03-31 04:14 - 0004387 _____ () C:\Users\MITCH\AppData\Roaming\Wqs3RURQofhshHTo
2014-11-13 21:56 - 2014-11-13 21:56 - 0022528 _____ () C:\Users\MITCH\AppData\Local\1754699dsisetup17581152.exe
2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\AtStart.txt
2015-06-24 18:46 - 2015-06-24 18:46 - 0000680 _____ () C:\Users\MITCH\AppData\Local\d3d9caps.dat
2011-08-09 07:45 - 2014-01-11 18:49 - 0007680 _____ () C:\Users\MITCH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-21 18:57 - 2014-11-21 18:57 - 0022528 _____ () C:\Users\MITCH\AppData\Local\dsisetup14924302.exe
2014-12-07 21:45 - 2014-12-07 21:45 - 0022528 _____ () C:\Users\MITCH\AppData\Local\dsisetup24596202.exe
2015-02-08 17:55 - 2015-02-08 17:55 - 0022528 _____ () C:\Users\MITCH\AppData\Local\dsisetup2751072.exe
2015-01-04 23:55 - 2015-01-04 23:55 - 0022528 _____ () C:\Users\MITCH\AppData\Local\dsisetup80848292.exe
2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\DSwitch.txt
2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\QSwitch.txt
2015-07-07 17:59 - 2015-07-07 17:59 - 0000000 _____ () C:\Users\MITCH\AppData\Local\Temp.dat
2014-01-27 03:19 - 2014-01-28 16:45 - 0002763 _____ () C:\ProgramData\connector.swf
2011-08-08 23:17 - 2011-08-08 23:17 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2008-10-23 05:36 - 2008-10-23 05:37 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-08-08 23:16 - 2011-08-08 23:16 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2008-10-23 05:24 - 2008-10-23 05:27 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-08-08 23:14 - 2011-08-08 23:14 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-08-08 23:16 - 2011-08-08 23:16 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2008-10-23 05:22 - 2008-10-23 05:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2008-10-23 05:27 - 2008-10-23 05:36 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2011-08-08 23:17 - 2011-08-08 23:17 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.8428.dll

Some files in TEMP:
====================
C:\Users\MITCH\AppData\Local\Temp\2cedfc8d-10f8-498f-8e56-6c2bc70b001e.exe
C:\Users\MITCH\AppData\Local\Temp\698.exe
C:\Users\MITCH\AppData\Local\Temp\APNSetup.exe
C:\Users\MITCH\AppData\Local\Temp\ASPackage.exe
C:\Users\MITCH\AppData\Local\Temp\CloudBackup1299.exe
C:\Users\MITCH\AppData\Local\Temp\CloudBackup4488.exe
C:\Users\MITCH\AppData\Local\Temp\component_634-1C80.exe
C:\Users\MITCH\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\MITCH\AppData\Local\Temp\dllnt_dump.dll
C:\Users\MITCH\AppData\Local\Temp\eFixProPackage.exe
C:\Users\MITCH\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\MITCH\AppData\Local\Temp\ms.exe
C:\Users\MITCH\AppData\Local\Temp\ntdll_dump.dll
C:\Users\MITCH\AppData\Local\Temp\optprosetup.exe
C:\Users\MITCH\AppData\Local\Temp\Quarantine.exe
C:\Users\MITCH\AppData\Local\Temp\ReimagePackage.exe
C:\Users\MITCH\AppData\Local\Temp\ReiScanner.exe
C:\Users\MITCH\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\MITCH\AppData\Local\Temp\sdf2092.exe
C:\Users\MITCH\AppData\Local\Temp\sdf33E3.exe
C:\Users\MITCH\AppData\Local\Temp\sdf4578.exe
C:\Users\MITCH\AppData\Local\Temp\sdfF834.exe
C:\Users\MITCH\AppData\Local\Temp\setacl.exe
C:\Users\MITCH\AppData\Local\Temp\Setup0988111.exe
C:\Users\MITCH\AppData\Local\Temp\setup_489.exe
C:\Users\MITCH\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\MITCH\AppData\Local\Temp\sqlite3.exe
C:\Users\MITCH\AppData\Local\Temp\supoptsetup.exe
C:\Users\MITCH\AppData\Local\Temp\updater_uninstall.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-10 17:38

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-07-2015
Ran by MITCH at 2015-07-10 17:44:28
Running from C:\Users\MITCH\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-499354876-3266562091-500007027-500 - Administrator - Disabled)
Guest (S-1-5-21-499354876-3266562091-500007027-501 - Limited - Disabled)
MITCH (S-1-5-21-499354876-3266562091-500007027-1000 - Administrator - Enabled) => C:\Users\MITCH

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player 10 ActiveX) (Version: 10.0.2.13 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation)
AMD USB Audio Driver Filter (HKLM-x32\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{7510991E-FE80-7466-2E31-561B52059618}) (Version: 3.0.691.0 - ATI Technologies, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
BubbleSound (HKLM\...\BubbleSound) (Version: 1.0 - BubbleSound) <==== ATTENTION!
Cache utility (HKU\.DEFAULT\...\Cache utility) (Version: 1 - Cache utility)
ccc-core-static (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Display settings (HKU\.DEFAULT\...\Display settings) (Version: 1 - Display settings)
ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FileOpener (HKLM-x32\...\Tweaks FileOpener) (Version: 1.1.1 - Tweaks)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Hoyle Magic Carpet (x32 Version: 3.0.2.32 - WildTangent) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.0.0 - Hewlett-Packard Company)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2125 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}) (Version: 2.0.8 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.0926 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.9.1 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP User Guides 0129 (HKLM-x32\...\{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPTCSSetup (HKLM-x32\...\{30D3B7BC-5798-45D9-822D-05CA18F39E99}) (Version: 1.1.1955.2793 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6087.0 - IDT)
Instant Wireless USB Adapter (HKLM-x32\...\{B78823CD-488F-43B4-80D6-FAEADAE40EC4}) (Version: - )
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.17.07 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0919 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.0919 - CyberLink Corp.) Hidden
Lightspark 0.5.3-git (HKLM-x32\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)
Luxor 2 HD (x32 Version: 3.0.2.38 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Monopoly® (x32 Version: 3.0.2.32 - WildTangent) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2119 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2119 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2119 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2119 - CyberLink Corp.) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1D00}) (Version: 12.29.0.197 - APN, LLC) <==== ATTENTION
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (x32 Version: 2008.0917.337.4556 - ATI) Hidden
SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Update (HKLM-x32\...\System Update) (Version: 1 - Network Downloads)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

10-07-2015 13:58:20 Installed HiJackThis

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2014-12-02 08:34 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {011BC47C-CD3D-4075-BC44-E654FC9CB337} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-25] (Adobe Systems Incorporated)
Task: {0DD27251-64E2-4650-9D4A-C3ADF7018863} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{d59329e7-058a-cbd1-d593-329e7058a79c}\hqghumeaylnlf.exe [2014-07-03] (Super PC Tools Ltd) <==== ATTENTION
Task: {1561D7EC-89A8-4FBE-AD83-D692307716D9} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {19D08A5D-C45B-4BD5-AAE2-05952A69966C} - System32\Tasks\FastAgain PC Booster => C:\Program Files (x86)\FastAgain PC Booster\PCBooster.exe
Task: {2DFCA062-7DB7-4D08-9A3C-70D85232294B} - System32\Tasks\gameo_update => C:\Users\MITCH\AppData\Roaming\Gameo\gameo.exe <==== ATTENTION
Task: {2F92FA4C-3E2A-463E-A873-A4263673B066} - System32\Tasks\SPD\Updater\SPDUpdater => C:\Program Files (x86)\SPDUpdater\updater.exe
Task: {3534170A-F599-4C07-9A09-91E068AC4146} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5 No Task File <==== ATTENTION
Task: {358A5B96-24A7-40C9-ACA0-01E66672CC53} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-3 No Task File <==== ATTENTION
Task: {47FADA48-E1F7-4394-AC82-87D3855E38DF} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-4 No Task File <==== ATTENTION
Task: {4B4CA7A5-086F-46B7-ADFF-7B9AFA96D676} - System32\Tasks\Smart Driver Updater Schedule => C:\Program Files (x86)\Smart Driver Updater\SDUTray.exe
Task: {4F056A86-4ECC-46A0-AD5F-E0A1FCE648AB} - System32\Tasks\Norton Security Scan for MITCH => C:\PROGRA~1\NORTON~2\Engine\410~1.31\Nss.exe
Task: {51C251A7-C5BB-47A5-BD9C-C6E087DA7AD9} - System32\Tasks\User_Feed_Synchronization-{3B747F91-B0D3-4654-9E4B-A4C40BA27FB7}
Task: {54A904D6-5A97-4A13-BEE9-07810288425F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {550197BE-9449-406E-A87E-B4A5D0C5A7E9} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user No Task File <==== ATTENTION
Task: {59F71A9A-B1DE-4DE5-8933-DDD85C688A41} - System32\Tasks\FastAgain PC Booster_DEFAULT => C:\Program Files (x86)\FastAgain PC Booster\PCBooster.exe
Task: {5C33F235-D5D5-466A-98C1-ABB2D0D4AD0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {606604CF-21B5-4097-938E-59ED41B41D34} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5_user No Task File <==== ATTENTION
Task: {6D6FEC66-1079-4D1C-B170-52A2AFE4832E} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-1 No Task File <==== ATTENTION
Task: {6F7F74AF-2004-492D-B049-835AE3B78221} - System32\Tasks\FastAgain PC Booster_UPDATES => C:\Program Files (x86)\FastAgain PC Booster\PCBooster.exe
Task: {72DB8461-CBB1-4A87-B856-F19587FED056} - System32\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {74316EC4-62D8-4E24-A976-9EB79DCF5DF5} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5 No Task File <==== ATTENTION
Task: {78B9017C-6763-46A7-BE4A-27DAE3BDE864} - \LyricXeeker Update No Task File <==== ATTENTION
Task: {7A558424-DC0E-41CF-8906-0DE8B23AFE4D} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-10_user No Task File <==== ATTENTION
Task: {7F92867E-9D5D-448F-AB80-6209CE6E6134} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {86AF4274-9E1B-479E-AE76-096AC9D1ABAA} - \CIMT_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
Task: {92B3EC2B-547D-4BCA-81D8-432B3EDC48EA} - \WSE_Vosteran No Task File <==== ATTENTION
Task: {963FF965-5E0E-4CDF-A672-A2259FD12654} - \CIMT_daily_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
Task: {97104820-2037-4255-AF41-5350423981D4} - System32\Tasks\Driver Pro Schedule => C:\Program Files (x86)\Driver Pro\DPTray.exe <==== ATTENTION
Task: {9955E6D2-E9F2-4CF8-A32E-4584825313F2} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user No Task File <==== ATTENTION
Task: {9F04B29F-E2C8-463B-A4AC-E05C1D17E1D2} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-6 No Task File <==== ATTENTION
Task: {9F3A227D-0B84-4572-90B9-7493B3C9E26C} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {ADA036F4-E5E7-4468-83AB-B64A1DC2A6E0} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-11 No Task File <==== ATTENTION
Task: {C1798675-C18C-404F-90F5-7B354082CBE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {C21A7633-BFB3-40C2-860B-A58FC6F674EB} - System32\Tasks\Wqs3RURQofhshHTo => C:\Users\MITCH\AppData\Roaming\Wqs3RURQofhshHTo.exe <==== ATTENTION
Task: {C3104997-0446-4339-8E33-EDFB711CDE8B} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2 No Task File <==== ATTENTION
Task: {C4E5BC74-40CC-46DD-9B1B-C9DFF5AF7E28} - \avaxvavya No Task File <==== ATTENTION
Task: {CB2DFFB6-695A-4CA6-9C22-E23E6A0EF409} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {CB3E08E5-2739-4261-95CF-12FD75F1F6DA} - \Wse_binkiland No Task File <==== ATTENTION
Task: {CC65BF6D-42C0-4729-9A84-6E0A7647BA2B} - System32\Tasks\PresentationSettingsTurnOff_MITCH-PC_MITCH => C:\Windows\system32\PresentationSettings.exe [2009-04-11] (Microsoft Corporation)
Task: {D027A209-468A-407D-A28B-C48FC816D4F2} - \ConsumerInputUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {DB62B7FB-D370-4087-8D7E-7B9D5BC9D85F} - System32\Tasks\HPCeeScheduleForMITCH => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {DC375676-FE95-45E1-865D-18DC07723629} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-7 No Task File <==== ATTENTION
Task: {E254E739-0480-4F7D-B40D-41E2195AF220} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
Task: {F27A700D-2399-4465-8225-F76ACCEAD52F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate
Task: {F4A14272-E385-446D-84AC-898751525AEB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {FF7FD197-8DA0-4E29-9261-EF614DAB4123} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job => c:\programdata\{d59329e7-058a-cbd1-d593-329e7058a79c}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\FastAgain PC Booster_DEFAULT.job => C:\Program Files (x86)\FastAgain PC Booster\PCBooster.exe
Task: C:\Windows\Tasks\FastAgain PC Booster_UPDATES.job => C:\Program Files (x86)\FastAgain PC Booster\PCBooster.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core.job => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA.job => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMITCH.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for MITCH.job => C:\PROGRA~1\NORTON~2\Engine\410~1.31\Nss.exe
Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe
Task: C:\Windows\Tasks\Wqs3RURQofhshHTo.job => C:\Users\MITCH\AppData\Roaming\Wqs3RURQofhshHTo.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-01-08 14:12 - 2015-01-08 14:12 - 02264576 _____ () C:\Program Files\BubbleSound\BubbleSound.dll
2008-09-17 00:16 - 2008-09-17 00:16 - 00117248 _____ () C:\Windows\system32\atitmm64.dll
2008-10-23 05:48 - 2008-10-06 12:54 - 00365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe
2008-10-23 05:36 - 2008-06-29 19:10 - 00241734 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2011-08-08 22:52 - 2011-08-08 22:52 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-08-22 13:03 - 2008-08-22 13:03 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2008-10-23 05:48 - 2008-10-06 12:54 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll
2008-10-23 05:36 - 2008-06-29 19:10 - 00028672 _____ () C:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll
2008-09-25 21:42 - 2008-09-25 21:42 - 00881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\zuuqjjlq.sys:changelist
AlternateDataStreams: C:\ProgramData\Temp:D346F792

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-499354876-3266562091-500007027-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MITCH\AppData\Local\Microsoft\BingDesktop\themes\2014-02-12.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: GamingWonderlandService => 2
MSCONFIG\Services: InternetUpdater => 2
MSCONFIG\Services: PCKeeper2Service => 2
MSCONFIG\Services: PCKeeperOcfService => 2
MSCONFIG\Services: RecipeHub_2jService => 2
MSCONFIG\Services: Retrogamer_4wService => 2
MSCONFIG\Services: vToolbarUpdater17.3.0 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^crossbrowse.lnk => C:\Windows\pss\crossbrowse.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Lightning.lnk => C:\Windows\pss\Desktop Lightning.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Temperature Monitor.lnk => C:\Windows\pss\Desktop Temperature Monitor.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StormWatch.lnk => C:\Windows\pss\StormWatch.lnk.Startup
MSCONFIG\startupreg: 3D BubbleSound => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: BoBrowser => "C:\Users\MITCH\AppData\Local\BoBrowser\Application\bobrowser.exe" --no-proxy-server
MSCONFIG\startupreg: Boost => C:\Program Files (x86)\Boost\Boost.exe
MSCONFIG\startupreg: cdloader => "C:\Users\MITCH\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: Gameo => C:\Users\MITCH\AppData\Roaming\Gameo\gameo.exe "C:\Users\MITCH\AppData\Roaming\Gameo\gameo.dat" mode:minimized
MSCONFIG\startupreg: GamingWonderland Browser Plugin Loader => C:\PROGRA~1\GAMING~2\bar\2.bin\gtbrmon.exe
MSCONFIG\startupreg: GamingWonderland EPM Support => "C:\PROGRA~1\GAMING~2\bar\3.bin\gtmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: GamingWonderland Home Page Guard 64 bit => "C:\PROGRA~1\GAMING~2\bar\2.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: GamingWonderland Search Scope Monitor => "C:\PROGRA~1\GAMING~2\bar\2.bin\gtsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: GardeningEnthusiast EPM Support => "C:\PROGRA~1\GARDEN~2\bar\1.bin\7jmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: GardeningEnthusiast Home Page Guard 64 bit => "C:\PROGRA~1\GARDEN~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: GardeningEnthusiast Search Scope Monitor => "C:\PROGRA~1\GARDEN~2\bar\1.bin\7jsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: GardeningEnthusiast_7j Browser Plugin Loader => C:\PROGRA~1\GARDEN~2\bar\1.bin\7jbrmon.exe
MSCONFIG\startupreg: GenieoSystemTray => "C:\Users\MITCH\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe"
MSCONFIG\startupreg: GenieoUpdaterService => "C:\Users\MITCH\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5
MSCONFIG\startupreg: Google Update => "C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_1966301AF37C65D1ED1179E7CBD99E72 => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
MSCONFIG\startupreg: HowToSimplified EPM Support => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\8emedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: HowToSimplified Home Page Guard 64 bit => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: HowToSimplified Search Scope Monitor => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\8esrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: HowToSimplified_8e Browser Plugin Loader => C:\PROGRA~1\HOWTOS~2\bar\1.bin\8ebrmon.exe
MSCONFIG\startupreg: InboxToolbar => "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro 3.20\OptProLauncher.exe
MSCONFIG\startupreg: PackageTracer AppIntegrator 32-bit => C:\PROGRA~1\PACKAG~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: PackageTracer AppIntegrator 64-bit => C:\PROGRA~1\PACKAG~2\bar\1.bin\AppIntegrator64.exe
MSCONFIG\startupreg: PackageTracer EPM Support => "C:\PROGRA~1\PACKAG~2\bar\1.bin\69medint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: PackageTracer Search Scope Monitor => "C:\PROGRA~1\PACKAG~2\bar\1.bin\69srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: PC Cleaners => "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize
MSCONFIG\startupreg: PC Health Kit => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
MSCONFIG\startupreg: PCFixSpeed => "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup
MSCONFIG\startupreg: PCKeeper2 => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
MSCONFIG\startupreg: PCTechHotline => "C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe" /STARTUP
MSCONFIG\startupreg: Recipe Hub Home Page Guard 64 bit => "C:\PROGRA~1\RECIPE~2\bar\2.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: Recipe Hub Search Scope Monitor => "C:\PROGRA~1\RECIPE~2\bar\2.bin\2jsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: RecipeHub_2j Browser Plugin Loader => C:\PROGRA~1\RECIPE~2\bar\2.bin\2jbrmon.exe
MSCONFIG\startupreg: Retrogamer Search Scope Monitor => "C:\PROGRA~1\RETROG~2\bar\2.bin\4wsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: Retrogamer_4w Browser Plugin Loader => C:\PROGRA~1\RETROG~2\bar\2.bin\4wbrmon.exe
MSCONFIG\startupreg: Salus CrashMon => "C:\Program Files (x86)\f552dd4c52e3\a7d12b5975b4.exe" "b786bdb3c67d.exe" "http://log.data-url.com/salus/crash"
MSCONFIG\startupreg: Search Protection => "C:\Users\MITCH\AppData\Roaming\Search Protection\SP.EXE" /autostart
MSCONFIG\startupreg: SearchProtect => C:\Users\MITCH\AppData\Roaming\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SearchProtectAll => "C:\Program Files (x86)\SearchProtect\bin\cltmng.exe"
MSCONFIG\startupreg: SelectRebates => "C:\Program Files (x86)\SelectRebates\SelectRebates.exe"
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\MITCH\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\MITCH\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: shopperz => C:\Program Files\shopperz\wrex.exe
MSCONFIG\startupreg: shopperz64 => C:\Program Files\shopperz\wrex64.exe
MSCONFIG\startupreg: SpywareClearShield => "C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe"
MSCONFIG\startupreg: SpywareClearUpdater => "C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe"
MSCONFIG\startupreg: StormWatch => "C:\Program Files (x86)\StormWatch\StormWatchApp.exe"
MSCONFIG\startupreg: Super Optimizer => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
MSCONFIG\startupreg: TSMAgent => "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDIRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: WebBar => C:\Users\MITCH\AppData\Local\WebBar\2.0.5343.21616\wb.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2D720E0B-FB17-4C8A-9F86-B55938CFA8A9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{2EE9D486-776E-4A38-BC02-BD5F65BD28BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{8900904A-1EE6-4C87-96CB-7D86BA6CF64C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{E8290F9D-7197-4FCE-88B6-80063D832BC5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{C7963FE5-36CE-4FFA-8459-0F879C4A0E7B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{A107B0DE-B6D8-4607-9F2E-7665B44C7B33}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{D4905A67-ED93-4AF3-A217-99D2C0F551A0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{E66EA628-13EB-4B6B-BFFC-5A9E5C1E10F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{6FE01D9B-EB0F-4788-8DCC-EC59AF93C650}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{B19F4E26-A53A-46E2-B47B-6E93B76D4D24}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{8C2326A8-FEBD-456F-9CC0-0A8B70DDE8D7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{9D4CA0E9-1209-4B35-B8A9-CEF5A320674E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{37948C4D-AFDB-4E8B-8FDE-E113AD9A1A5F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QP.exe
FirewallRules: [{D231B7E7-FA3B-4432-BF83-D93D9F897BD9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QPService.exe
FirewallRules: [{5CD0FD8E-FC7E-4F04-850C-E6D8C86FB0F2}] => (Allow) LPort=80
FirewallRules: [{A9B3E1B3-D13A-4871-A0CE-F75D2638C6AA}] => (Allow) LPort=80
FirewallRules: [{0077EA1C-8965-4DA9-8255-7701AC4063E1}] => (Allow) LPort=80
FirewallRules: [TCP Query User{DA0631B7-7E96-4808-B2D5-9F0641460FC4}C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{00448820-4586-4DBA-B7AC-EE49FE0A898D}C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [TCP Query User{B7F8A776-007E-4C64-A28F-550E9D4602C5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{875B22E8-B606-4C64-98EB-E19F3D004A9B}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{1FFC6C13-530F-4C20-B161-D609D94DC4FC}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
FirewallRules: [{BCD33088-CBC3-4791-B171-23CA234BE409}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
FirewallRules: [{8046D6BC-6A93-4EF2-9C67-31E758EB034D}] => (Allow) C:\Users\MITCH\AppData\Local\Temp\ibtmp3f6c444\component_514
FirewallRules: [{FD29D261-A29C-409E-B37A-5AAED6162D36}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe
FirewallRules: [{2DE2CBC0-830F-4902-836A-3786D03873DE}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
FirewallRules: [{0FF8F62A-3271-4F1C-AC53-5665DFAAA8FA}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
FirewallRules: [TCP Query User{6BBFA39E-AD5C-4406-95F3-446C4716EE75}C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{977C99A4-24D8-4D66-B45C-71F685BFABFD}C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{C6117AF1-7B22-46EA-BF08-2ADE597FFE9C}C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{0540A14D-E985-4766-9D4F-E6C68B7D3461}C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [{33580EE5-CAD7-4CE9-992C-FC393CCEAC16}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{908B6D24-BD5A-42E3-B776-2551860859DB}] => (Allow) LPort=2869
FirewallRules: [{C1520C1F-25AC-459D-87AF-F696CC7BCCBD}] => (Allow) LPort=1900
FirewallRules: [{87EAD9F9-E3BB-4B21-8AAF-D7BB98002636}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{893C92B2-7F86-43D0-AE3E-6533E7347F0D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{345584AC-AFCD-43A8-BBAF-184C821686DE}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe
FirewallRules: [UDP Query User{387DBBA5-ACF8-44B3-90E8-C2579A546F02}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe
FirewallRules: [TCP Query User{B396CADD-5AFD-418A-B83C-B0056A1D7CF3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{6C81C147-C618-4E57-8EC9-A39482E6A5CE}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{03BEA1CC-4967-4248-B683-821220DC922B}C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [UDP Query User{912186A5-B513-4198-8FE6-A1A35E7809C6}C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [{0659870B-2E91-458D-9905-0CA47E7AF388}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

More help is available by typing NET HELPMSG 4201.

==================== Memory info ===========================

Processor: AMD Turion™ X2 Dual-Core Mobile RM-74
Percentage of memory in use: 38%
Total physical RAM: 3836.89 MB
Available physical RAM: 2372.27 MB
Total Virtual: 7860.3 MB
Available Virtual: 6185.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.18 GB) (Free:215.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:12.9 GB) (Free:1.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 89900F6B)
Partition 1: (Active) - (Size=285.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.9 GB) - (Type=07 NTFS)

==================== End of log ============================

#6 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 10 July 2015 - 06:22 PM

You have a lot going on, you have many infections, I know this is inconvenient but until we get the internet connection resolved you will still have to transfer stuff back and forth

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner TO YOUR DESKTOP

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.

Double click on AdwCleaner.exe to run the tool.

Click on Scan.

After the scan is complete click on "Clean"

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

===============================================================================

Please download Junkware Removal Tool TO YOUR DESKTOP

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

===============================================================================

Download Malwarebytes' Anti-Malware TO YOUR DESKTOP

Windows XP : Double click on the icon to run it.

Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished and the log pops up...select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#7 mickey7

Silver Member

Authentic Member
254 posts

Posted 10 July 2015 - 09:41 PM

OK here's the latest:

ADWCleaner Log:

# AdwCleaner v4.208 - Logfile created 10/07/2015 at 20:45:29
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : MITCH - MITCH-PC
# Running from : C:\Users\MITCH\Desktop\AdwCleaner(1).exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : APNMCP
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
[#] Service Deleted : swdumon
[#] Service Deleted : UpdateCheck

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\apn
[!] Folder Deleted : C:\ProgramData\AskPartnerNetwork
[!] Folder Deleted : C:\ProgramData\MailUpdate
[!] Folder Deleted : C:\ProgramData\Kromtech
[!] Folder Deleted : C:\ProgramData\PC Booster
[!] Folder Deleted : C:\ProgramData\InstallSightSDK
[!] Folder Deleted : C:\ProgramData\PorOSuhoepper
[!] Folder Deleted : C:\ProgramData\5a33d5f6a5bbac86
[!] Folder Deleted : C:\ProgramData\6499773942544968838
[!] Folder Deleted : C:\ProgramData\{0da777ff-38fc-fbab-0da7-777ff38fdffc}
[!] Folder Deleted : C:\ProgramData\{d59329e7-058a-cbd1-d593-329e7058a79c}
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightspark 0.5.3-git
[!] Folder Deleted : C:\Program Files (x86)\AmiExt
[!] Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
[!] Folder Deleted : C:\Program Files (x86)\Lightspark 0.5.3-git
[!] Folder Deleted : C:\Program Files (x86)\predm
[!] Folder Deleted : C:\Program Files (x86)\Tweaks
[!] Folder Deleted : C:\Program Files (x86)\Driver Support
[!] Folder Deleted : C:\Program Files (x86)\Music Remote
[!] Folder Deleted : C:\Program Files (x86)\CloudScout Parental Control
[!] Folder Deleted : C:\Program Files (x86)\fun4us
[!] Folder Deleted : C:\Program Files (x86)\coupoon
[!] Folder Deleted : C:\Program Files (x86)\suprize
[!] Folder Deleted : C:\Program Files (x86)\WinZip Driver Updater
[!] Folder Deleted : C:\Program Files (x86)\WebProtectorPlus
[!] Folder Deleted : C:\Program Files (x86)\driverupdate
[!] Folder Deleted : C:\Program Files (x86)\apppsavue
[!] Folder Deleted : C:\Program Files (x86)\appsAve
[!] Folder Deleted : C:\Program Files (x86)\BetterePriceChec
[!] Folder Deleted : C:\Program Files (x86)\BEttteerPriCeoCheec
[!] Folder Deleted : C:\Program Files (x86)\BettterPRiceoCoheEac
[!] Folder Deleted : C:\Program Files (x86)\CClickFOrSalle
[!] Folder Deleted : C:\Program Files (x86)\CeOolSaaleCoUpoN
[!] Folder Deleted : C:\Program Files (x86)\CliCCkFFOOrSualle
[!] Folder Deleted : C:\Program Files (x86)\ClIckFaorSSale
[!] Folder Deleted : C:\Program Files (x86)\Coupoon
[!] Folder Deleted : C:\Program Files (x86)\deal2dealiiT
[!] Folder Deleted : C:\Program Files (x86)\deala4reall
[!] Folder Deleted : C:\Program Files (x86)\dowaNloaditKeepo
[!] Folder Deleted : C:\Program Files (x86)\downlloadItkoeepu
[!] Folder Deleted : C:\Program Files (x86)\ExtraaShopopeR
[!] Folder Deleted : C:\Program Files (x86)\Fastsalerr
[!] Folder Deleted : C:\Program Files (x86)\FlashhCCOupioNu
[!] Folder Deleted : C:\Program Files (x86)\FLasuhhCoupOn
[!] Folder Deleted : C:\Program Files (x86)\foastsaler
[!] Folder Deleted : C:\Program Files (x86)\KIngCouupon
[!] Folder Deleted : C:\Program Files (x86)\lowaprices
[!] Folder Deleted : C:\Program Files (x86)\LuckyCoupOen
[!] Folder Deleted : C:\Program Files (x86)\nittrOdeual
[!] Folder Deleted : C:\Program Files (x86)\offerrsaLe
[!] Folder Deleted : C:\Program Files (x86)\offersalee
[!] Folder Deleted : C:\Program Files (x86)\PrinceCouponi
[!] Folder Deleted : C:\Program Files (x86)\QuEeanCoeupon
[!] Folder Deleted : C:\Program Files (x86)\QueenCCoupon
[!] Folder Deleted : C:\Program Files (x86)\QueeNNCCouupOan
[!] Folder Deleted : C:\Program Files (x86)\quicckshOp
[!] Folder Deleted : C:\Program Files (x86)\RioyAlShopperrApp
[!] Folder Deleted : C:\Program Files (x86)\rocccketssaLe
[!] Folder Deleted : C:\Program Files (x86)\roccKetasale
[!] Folder Deleted : C:\Program Files (x86)\roucKuetdeal
[!] Folder Deleted : C:\Program Files (x86)\RoyalCoaupon
[!] Folder Deleted : C:\Program Files (x86)\RoyalCoupoN
[!] Folder Deleted : C:\Program Files (x86)\ROyalShopppErAppu
[!] Folder Deleted : C:\Program Files (x86)\SaaveerPPrro
[!] Folder Deleted : C:\Program Files (x86)\SahoppaeruMMasteer
[!] Folder Deleted : C:\Program Files (x86)\SaLesMauggneT
[!] Folder Deleted : C:\Program Files (x86)\SaverProo
[!] Folder Deleted : C:\Program Files (x86)\SHHoppeRMaster
[!] Folder Deleted : C:\Program Files (x86)\ShOppeReMaster
[!] Folder Deleted : C:\Program Files (x86)\ShopperMastter
[!] Folder Deleted : C:\Program Files (x86)\ShopperrMasoter
[!] Folder Deleted : C:\Program Files (x86)\ShoupperMMaster
[!] Folder Deleted : C:\Program Files (x86)\SiAlesCahecker
[!] Folder Deleted : C:\Program Files (x86)\SSalEsChiecker
[!] Folder Deleted : C:\Program Files (x86)\surfkeeepiit
[!] Folder Deleted : C:\Program Files (x86)\surfkeeepit
[!] Folder Deleted : C:\Users\MITCH\AppData\Local\Temp\apn
[!] Folder Deleted : C:\Users\MITCH\AppData\Local\Temp\VuuPC
[!] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
[!] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\StormWatch
[!] Folder Deleted : C:\Program Files\BubbleSound
[!] Folder Deleted : C:\Users\MITCH\AppData\Local\AskPartnerNetwork
[!] Folder Deleted : C:\Users\MITCH\AppData\Local\Gameo
[!] Folder Deleted : C:\Users\MITCH\AppData\Local\Crossbrowse
[!] Folder Deleted : C:\Users\MITCH\AppData\Local\UnicoBrowser
[!] Folder Deleted : C:\Users\MITCH\AppData\Local\slimware utilities inc
[!] Folder Deleted : C:\Users\MITCH\AppData\LocalLow\ShopAtHome
[!] Folder Deleted : C:\Users\MITCH\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[!] Folder Deleted : C:\Users\MITCH\AppData\Roaming\DigitalSites
[!] Folder Deleted : C:\Users\MITCH\AppData\Roaming\Systweak
[!] Folder Deleted : C:\Users\MITCH\AppData\Roaming\WebExtend
[!] Folder Deleted : C:\Users\MITCH\AppData\Roaming\MailUpdate
[!] Folder Deleted : C:\Users\MITCH\AppData\Roaming\ShopAtHome
[!] Folder Deleted : C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BubbleSound 1.0
[!] Folder Deleted : C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg
File Deleted : C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nemfjadlboooiffmcelkafilagddogim
File Deleted : C:\claraInstaller.txt
File Deleted : C:\Users\Public\Desktop\FileOpener.lnk
File Deleted : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
File Deleted : C:\Program Files (x86)\prefs.js
File Deleted : C:\Windows\efix.ini
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\drivers\SPPD.sys
File Deleted : C:\Windows\System32\drivers\swdumon.sys
File Deleted : C:\Users\MITCH\AppData\Roaming\TFNRF
File Deleted : C:\Users\MITCH\AppData\Roaming\Wqs3RURQofhshHTo
File Deleted : C:\Users\MITCH\Desktop\3D BubbleSound.lnk
File Deleted : C:\Users\MITCH\Desktop\Live PC Help.lnk
File Deleted : C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\user.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\my.cfg
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\my-prefs.js

***** [ Scheduled tasks ] *****

Task Deleted : Driver Pro Schedule
Task Deleted : gameo_update
Task Deleted : LaunchSignup
Task Deleted : Smart Driver Updater Schedule
Task Deleted : FastAgain PC Booster
Task Deleted : FastAgain PC Booster_DEFAULT
Task Deleted : FastAgain PC Booster_UPDATES
Task Deleted : Wqs3RURQofhshHTo

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [lyrix@lyrixeeker.co]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmbmildjdmppofnohldicmnkojfhggmb
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CrashMon]
Key Deleted : HKLM\SOFTWARE\Classes\Extension.jshep
Key Deleted : HKLM\SOFTWARE\Classes\Extension.jshep.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderlandInstaller.Start
Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderlandInstaller.Start.1
Key Deleted : HKLM\SOFTWARE\Classes\GardeningEnthusiast_7j.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\GardeningEnthusiast_7j.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\GardeningEnthusiast_7j.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\GardeningEnthusiast_7j.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\GardeningEnthusiast_7j.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\GardeningEnthusiast_7j.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\GardeningEnthusiast_7j.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\GardeningEnthusiast_7j.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.Radio
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.SkinLauncher.1
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\HowToSimplified_8e.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\HowToSimplified_8e.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39Installer.Start
Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39Installer.Start.1
Key Deleted : HKLM\SOFTWARE\Classes\PackageTracer_69.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\PackageTracer_69.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\PackageTracer_69.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\PackageTracer_69.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\PackageTracer_69.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\PackageTracer_69.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\0cb0f815-d87c-fc21-ffce-3412c1ecfd05
Key Deleted : HKLM\SOFTWARE\0f2a7b4f-969f-4c1f-acfb-20f19e0bc146
Key Deleted : HKLM\SOFTWARE\fa1ac5ef-9167-40cc-9d97-3788521ed091
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5081D2D4-1637-404C-B74F-50526718257D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{318C7F13-3498-459E-BF35-12865E6D005C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{43C44539-11A6-4DAB-A69B-1B7D71ECFF99}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4DDEC9FF-96A3-4B1B-ADCA-0B31EC700151}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5D9FB48A-5CE2-4118-B19F-F88ADDB0F814}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5DEBC66A-136E-4F2C-84CC-8A984EBA1195}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{829DD016-D322-481B-8BA3-10064B09EAC4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1965763-A486-4E1E-B574-19E44B3842E8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4D1C553-99C0-48E5-B0A7-B1E00163715C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5081D2D4-1637-404C-B74F-50526718257D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D2C31D2B-35BE-4C2B-ACCB-A78877274E60}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5081D2D4-1637-404C-B74F-50526718257D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BB66D3-9F1A-479A-AA5C-DB34B618B965}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a3e1d674-04ee-4c9e-b143-442555830fb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Boost
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tune
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\DriverSupport
Key Deleted : HKCU\Software\CoinisRS
Key Deleted : HKCU\Software\SpeeditUp
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\efixpro
Key Deleted : HKCU\Software\eFix
Key Deleted : HKCU\Software\WebBar
Key Deleted : HKCU\Software\Crossbrowse
Key Deleted : HKCU\Software\reimagerepair
Key Deleted : HKCU\Software\PC Booster
Key Deleted : HKCU\Software\suprize
Key Deleted : HKCU\Software\PRODUCTSETUP
Key Deleted : HKCU\Software\Kromtech
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\AmiExt
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Boost
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Lightspark Team
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tune
Key Deleted : HKLM\SOFTWARE\V9Software
Key Deleted : HKLM\SOFTWARE\StormWatchApp
Key Deleted : HKLM\SOFTWARE\Clara
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Better-Surf
Key Deleted : HKLM\SOFTWARE\Crossbrowse
Key Deleted : HKLM\SOFTWARE\Universal
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Deleted : HKU\.DEFAULT\Software\IBUpdaterService
Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lightspark
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks FileOpener
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3119AFD3-545C-0955-573A-494F62E61990}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Digital Sites
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\EZ Software Updater_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Lightspark
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Tweaks FileOpener
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Tuneup Pro_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BoBrowser
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StormWatch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Salus
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Super Optimizer_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE_Vosteran
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vosteran
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1C52B8B6-FFA2-12F6-0A5A-E8301F96A568}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\gameo
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Desktop Temperature Monitor
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Setup Support for Consumer Input
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Consumer Input Installer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Converter Free Online_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE_Binkiland
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2FA77785-00C3-A920-6452-D4FE5C9C129F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BubbleSound
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{594FD08C-0622-F9B8-CB02-7C1355D33CB8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E1527582-8509-4011-B922-29E3FB548882}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{49F8B4F8-0CD4-4BE4-A9E8-B13A071F7C90}_is1
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\eFix
Key Deleted : [x64] HKLM\SOFTWARE\BubbleSound
Key Deleted : [x64] HKLM\SOFTWARE\Kromtech
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BubbleSound
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\binkiland.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16659

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[sbpv9us6.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://search.v9.com/favicon.ico");
[sbpv9us6.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://search.v9.com/web/?type=ds&ts=1420537787&from=pjr&uid=FUJITSUXMHZ2320BHXG2_K618T8B2WCU5&i=psd&t=34eb4dd52&q={searchTerms}");
[sbpv9us6.default\prefs.js] - Line Deleted : user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22anthrop[...]
[sbpv9us6.default\prefs.js] - Line Deleted : user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22hxxp%3A//www.holasearch.com[...]
[sbpv9us6.default\prefs.js] - Line Deleted : user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%[...]
[sbpv9us6.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_coinis_15_01_ie&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0BtB0EyCtA0E0D0F0AyE0DtN0D0Tzu0StCtDzyzytN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzyt[...]
[sbpv9us6.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_coinis_15_01_ie&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0BtB0EyCtA0E0D0F0AyE0DtN0D0Tzu0StCtDzyzytN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBz[...]
[sbpv9us6.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_coinis_15_01_ie&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0BtB0EyCtA0E0D0F0AyE0DtN0D0Tzu0StCtDzyzytN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEt[...]

-\\ Google Chrome v43.0.2357.130

[C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [73429 bytes] - [02/12/2014 08:06:44]
AdwCleaner[R1].txt - [1157 bytes] - [03/12/2014 10:54:24]
AdwCleaner[R2].txt - [34261 bytes] - [10/07/2015 20:31:44]
AdwCleaner[S0].txt - [60048 bytes] - [02/12/2014 08:08:41]
AdwCleaner[S1].txt - [1192 bytes] - [03/12/2014 11:03:44]
AdwCleaner[S2].txt - [31454 bytes] - [10/07/2015 20:45:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [31514 bytes] ##########

JRT LOG:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.1 (07.10.2015:2)
OS: Windows ™ Vista Home Premium x64
Ran by MITCH on Fri 07/10/2015 at 21:04:35.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Bidaily Synchronize Task[8da6]
Successfully deleted: [Task] C:\Windows\tasks\Bidaily Synchronize Task[8da6].job

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{534D542D-5637-006A-76A7-7A786E7484D7}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Torch.LQEENEHX2XMOE2LONWPT5WTVEM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111251155}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{934BCD49-C81A-4ED0-86DF-56EE1B6DA341}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111251155}

~~~ Files

Successfully deleted: [File] C:\Users\MITCH\AppData\Roaming\appdataFr25.bin
Successfully deleted: [File] C:\Users\MITCH\AppData\Roaming\appdataFr3.bin

~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\opensoftwareupdater
Successfully deleted: [Folder] C:\ProgramData\pc1data
Successfully deleted: [Folder] C:\ProgramData\pchealthboost
Successfully deleted: [Folder] C:\Users\MITCH\appdata\locallow\company
Successfully deleted: [Folder] C:\Users\MITCH\appdata\locallow\gamingwonderlandei
Successfully deleted: [Folder] C:\Users\MITCH\AppData\Roaming\compete
Successfully deleted: [Folder] C:\Users\MITCH\AppData\Roaming\goldengate
Successfully deleted: [Folder] C:\Users\MITCH\AppData\Roaming\opensoftwareupdater
Successfully deleted: [Folder] C:\Users\MITCH\AppData\Roaming\pc cleaners
Successfully deleted: [Folder] C:\Users\MITCH\AppData\Roaming\pcpro
Successfully deleted: [Folder] C:\Users\MITCH\documents\add-in express
Successfully deleted: [Folder] C:\Users\MITCH\documents\optimizer pro
Successfully deleted: [Folder] C:\users\public\documents\downloaded installers
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
Successfully deleted: [Folder] C:\Users\MITCH\appdata\local\12009

~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\sbpv9us6.default\searchplugins\my-homepage.xml
Successfully deleted: [Folder] C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net
Successfully deleted: [Folder] C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@packagetracer_69.com/plugin
Successfully deleted the following from C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\sbpv9us6.default\prefs.js

user_pref(browser.search.searchengine.alias, v9);
user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.name, v9);
user_pref(browser.search.searchengine.ptid, pjr);
user_pref(browser.search.searchengine.uid, FUJITSUXMHZ2320BHXG2_K618T8B2WCU5);
user_pref(extensions.3gu8AewXeqQRDZ6n.scode, (function(){try{if(window.self.location.href.indexOf(\rjnErdY8rHs6rdk7qHCGqTa7rjk\)>-1){return;}}catch(e){}try{var d=[[\tria
user_pref(extensions.DRVnZ5k8RiEUxmF9.scode, (function(){try{if(window.self.location.href.indexOf(\rjnErdY8rHs6rdk7qHCGqTa7rjk\)>-1){return;}}catch(e){}try{var d=[[\tria
user_pref(extensions.Oj73lj6w5uOHSEyF.scode, (function(){try{if(window.self.location.href.indexOf(\rjnErdY8rHs6rdk7qHCGqTa7rjk\)>-1){return;}}catch(e){}try{var d=[[\tria
user_pref(extensions.TM90IVkezomQsnUc.scode, (function(){try{if(window.self.location.href.indexOf(\rjnErdY8rHs6rdk7qHCGqTa7rjk\)>-1){return;}}catch(e){}try{var d=[[\tria
user_pref(extensions.WR6xGbeIajT7fc4D.scode, (function(){try{if(window.self.location.href.indexOf(\rjnErdY8rHs6rdk7qHCGqTa7rjk\)>-1){return;}}catch(e){}try{var d=[[\tria
user_pref(extensions.srchvstrn.prtnrId, WSE_Vosteran);
user_pref(extensions.srchvstrn.srchPrvdr, Vosteran);
Emptied folder: C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\sbpv9us6.default\minidumps [1 files]

~~~ Chrome

[C:\Users\MITCH\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\MITCH\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\MITCH\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\MITCH\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
ogminpmldncgcmokldnmmapddoccmhfl
]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/10/2015 at 21:15:09.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Had a hard time getting the Malwarebytes to run. It would open and sit in the systray and do nothing. Eventually it started but again I could not update it due to connection problem. It was still running at midnight. Had to let it go. Have work in the morning. I will post that log when I can. But here are the others as a start.

#8 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 11 July 2015 - 04:17 AM

Wow, lots of bad stuff removed. With Windows Vista 64 bit what you need to do is right click on Malwarebytes and select RUN AS ADMINISTRATOR

Try running Malwarebytes in Safemode.

To Enter Safemode

Go to Start> Shut off your Computer> Restart

As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,

this will bring up a menu.

Use the Up and Down Arrow Keys to scroll up to Safemode with Networking

Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#9 mickey7

Silver Member

Authentic Member
254 posts

Posted 11 July 2015 - 07:29 AM

I thought it would be done before I had to get to bed, but it just seemed to stay on that very last area forever. But here are the logs.

Scan log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/10/2015
Scan Time: 9:57:26 PM
Logfile: scanlog.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.06.03.03
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: MITCH

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 427803
Time Elapsed: 2 hr, 6 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 148
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, Quarantined, [d8771a9c444610265bd9f3af73904ab6],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, Quarantined, [d8771a9c444610265bd9f3af73904ab6],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, Quarantined, [d8771a9c444610265bd9f3af73904ab6],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, Quarantined, [d8771a9c444610265bd9f3af73904ab6],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, Quarantined, [d8771a9c444610265bd9f3af73904ab6],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, Quarantined, [d8771a9c444610265bd9f3af73904ab6],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\APPID\ConsumerInputUpdate.exe, Quarantined, [9eb186302e5cf145dbeb9a4fe61d0af6],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\ConsumerInputUpdate.exe, Quarantined, [60ef764049412016c3031acfa063a060],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26EAFF8B-3CD5-42C3-8D9C-BE5FFF9F32DF}, Quarantined, [8dc26452d4b6ed4928efbac4cd3858a8],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B81DD85E-EB4F-470E-B394-CCD3E4A4FCE2}, Quarantined, [09465462f694a3939c7be89622e3ea16],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C4C0A26E-DBAE-49AD-B080-B8804953E551}, Quarantined, [b699c7efee9c1e18f524ef8fea1b0000],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C83DDCBF-AEC5-45E2-8B74-9CB877607BE6}, Quarantined, [301fb5010f7b30060217fe80c73e6c94],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [3e1100b61179cf67bb44e997e32227d9],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\ConsumerInput, Quarantined, [fa551e98701a91a530fe12d439ca2fd1],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [68e76d4954363df97fb12fb718ebb848],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\ConsumerInputUpdate.exe, Quarantined, [3d12882efe8c6ec87e48c52431d211ef],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\DPIMGLHOJAPIKOEEIFCIFANBEINEPHDM, Quarantined, [bf906f47f59579bdb9966a7cf60d15eb],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\LGGJOCKDKHAHIHJFEHMOCMJAKCHIHNJB, Quarantined, [c08f476f3e4c1c1afe517571e91a4fb1],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{113DDEDD-85B0-4F48-B9B0-7A727DB38CB5}, Quarantined, [ec63f3c3444638fe6036d8a443c2da26],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{16D0011B-A05D-4891-9DB2-7979236BB50E}, Quarantined, [ef60a313addd36004551007c9f669e62],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111251155}, Quarantined, [d27d3c7a5238eb4b011669153fc606fa],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26EAFF8B-3CD5-42C3-8D9C-BE5FFF9F32DF}, Quarantined, [d47bd1e52c5e6dc932e58cf28382df21],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B9BF8F6-0D9B-4C80-97F8-F8AF20888CE6}, Quarantined, [b798a80e2a6092a49105fe7e8f762ed2],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4F8A7EA8-CDEF-4393-8191-38DC6448F967}, Quarantined, [b9964e687515f73f5e38c7b5ed1839c7],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5806AF45-491A-4080-B99E-D5045B11D21E}, Quarantined, [2e21278f7713d85e5d3913695fa6f709],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68ED2974-ECDA-46DA-B5C8-0DBCDE795731}, Quarantined, [d57a9c1ae5a5cd6999fdf88421e451af],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{777651E4-13CA-4A6A-A605-79CD54B1CB08}, Quarantined, [301fad09a5e5a393f3a3e09c50b525db],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{88A61F12-5BEA-461B-878A-E9E310975F4D}, Quarantined, [4609b40296f49e98e8ae86f6010419e7],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89826354-5A6B-4BB5-B222-C350684DF0A7}, Quarantined, [ea6584322763c571781ec3b9996c6c94],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9299B102-415C-41D0-ABD4-9371283A0FFA}, Quarantined, [1837595dd2b8280e1581354754b1649c],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99F5CFDE-6252-4035-B820-BD521960F59F}, Quarantined, [56f9872f39511125ecaaff7da164e21e],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AB2BFE44-B528-416E-A56F-EE9BBAA114A4}, Quarantined, [d17ea511800ab680afe79ce01aeb7987],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B38CC7F3-9561-4AA5-9907-25724A4BB87B}, Quarantined, [a3ac3f77870390a6b1e50b71bf46f40c],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B81DD85E-EB4F-470E-B394-CCD3E4A4FCE2}, Quarantined, [2629b105f991072f8c8b86f834d1af51],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C4C0A26E-DBAE-49AD-B080-B8804953E551}, Quarantined, [0946e7cfacde87af76a3c8b6b352cd33],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C83DDCBF-AEC5-45E2-8B74-9CB877607BE6}, Quarantined, [ed628e28abdfb97dd04999e580855ba5],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CE12DC0F-3015-4D30-B186-BF9808558177}, Quarantined, [aba44076830771c5e3b3027a44c129d7],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1149832-ABE6-4A57-933D-5D5A6045EE9D}, Quarantined, [60eff5c1b4d61e18b3e395e72ed75fa1],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E24DE5E8-9C8F-4E23-8B0B-712F42992059}, Quarantined, [cd82ddd95c2ed066e5b1d9a32fd65ea2],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E4E0DA0E-CFCA-4BF5-865F-3E86093F6515}, Quarantined, [38178630aedcab8bcec81765fe07ee12],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E9B0ECA1-54C2-4E9D-9CA7-12E1C474185D}, Quarantined, [53fc278f52383ff7d8be7705689d8a76],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EDBBA871-43D1-4303-B495-31AF5BDB9242}, Quarantined, [0f40b8fefa90c4723165bdbf61a42cd4],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@ei.MapsGalaxy_39.com/Plugin, Quarantined, [e768edc9731741f590909ae47b8aa45c],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@ei.RadioRage_4j.com/Plugin, Quarantined, [0a45189ef199b086e83895e99d68916f],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [0b445a5c088239fda7588ef2fc09cd33],
PUP.Optional.ConsumerInput.C, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\ConsumerInput, Quarantined, [4b0404b27218d066412ba93f976cca36],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\DPIMGLHOJAPIKOEEIFCIFANBEINEPHDM, Quarantined, [212e486e0a8073c3fb5541a59b68c63a],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\LGGJOCKDKHAHIHJFEHMOCMJAKCHIHNJB, Quarantined, [cc839b1b0e7cbb7bf0602abced1635cb],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\nmhostct3306926, Quarantined, [d27d625472184fe7aa7a176a897c8e72],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1005EAE3-FDF4-4EE2-B1E0-DD4AE79B2164}, Quarantined, [ada2d5e134560d29d63f3e40f90c1be5],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14387D2E-409A-4D73-82F1-3E15494824CF}, Quarantined, [311e773f2b5fc076c253fd81798ce61a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{145E8993-BFE0-4C6E-82A8-401EACF1334E}, Quarantined, [c7884d698ffbc1750c0a5c22f90c6997],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{16C48B8D-C848-4758-B56E-375344FECDA5}, Quarantined, [3619387e2664da5cc1555f1f1ce99e62],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{185411BE-5BA3-4300-AB61-6CFBC9EFDF98}, Quarantined, [2a25f5c12c5e67cf60b52e50dc29f40c],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B3FA243-D23E-4FB8-87F4-3DF8FD49B5F6}, Quarantined, [0d42595d1f6b0c2a55c0daa4de27e21e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2280A4DD-F987-4C94-A322-7451A59B63B7}, Quarantined, [6de2b0063a5047ef43d3f38b000517e9],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{234C64BC-5785-45CE-8F7E-11D5D91B6FC7}, Quarantined, [2c23f3c30f7b6bcb3ed82955788d8d73],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26EAFF8B-3CD5-42C3-8D9C-BE5FFF9F32DF}, Quarantined, [b897882ec7c3f244a66e89f5ef161ae6],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{289B7AAC-5838-428A-ACB1-455E4175CCFA}, Quarantined, [0b440babfe8ce35323f3205e828335cb],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{303C20DC-71A0-4D6E-96CE-D515301D67FB}, Quarantined, [a0afa2145238092dfa1c92ecff06ab55],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{38B24EE3-E6AE-4E42-9779-D0241A2CEC40}, Quarantined, [2827dfd7fe8c87aff71eacd271948a76],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A6AA4A9-AACC-4211-91FF-9F5ED751C45E}, Quarantined, [81cee2d46921b87ea96d6717d332ca36],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B476F89-B1A0-4FAA-83A9-D72088412E9A}, Quarantined, [88c7c3f3e8a2c5715eb84f2f11f4f709],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3DADDD9F-792D-4584-99B6-978AF658F45F}, Quarantined, [cf80c9ed97f322148c892d511ee73ac6],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3F315681-1361-41D9-94B5-E3B6DA2170B0}, Quarantined, [133cefc77e0ce254a57128568a7b25db],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4339B9F6-2C73-4C64-A3E8-6899B231BCB5}, Quarantined, [f35ca0162d5d9b9be432c8b6c2434cb4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{447BF11D-4015-41C1-8B32-9DE47A2CF661}, Quarantined, [f35c288e38521224dd381c6244c1ac54],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{486A6257-988B-4E42-A273-1599C353DF7C}, Quarantined, [4d023e78771351e58e881f5f7b8a58a8],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{498AD811-9A75-4520-9665-BBD05AB7A015}, Quarantined, [b699fbbbec9e1d190f071866bd4807f9],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E4966CA-2F82-45A3-8FEA-6428796FB813}, Quarantined, [64eb70462c5e1f175fb783fbeb1a5ba5],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5212ADAB-111C-4BEE-91B0-6AC4B339FB34}, Quarantined, [6be49125117993a347ce136b709539c7],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5390B4F3-AE71-44D9-A833-C2EA216095CA}, Quarantined, [014e6353aae0f343bc5a443a8b7a6f91],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{569F2943-7CB3-4B08-82DA-163EF6705FD9}, Quarantined, [420d278f048675c157be235be61f6f91],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{57032DF5-61FD-405C-82E8-8C6614C18563}, Quarantined, [430c9b1ba1e951e50c095628e42102fe],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5B550B0B-997E-4459-9096-3B88E9DCFCB4}, Quarantined, [e26d05b119711c1a3cdaed9146bf50b0],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5F003FDD-9375-46E8-BBEC-B6B63CA6A4F7}, Quarantined, [5bf4a3132c5e62d475a1f38bea1bed13],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6185136A-FD3E-43BB-A5DD-2AFD6BFDB8F2}, Quarantined, [79d6a3135931979fc254a8d6b550c739],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{645E0C72-38C2-4A79-A03B-45448396BCA2}, Quarantined, [3718b8fe1575b97d38dddda18b7a1be5],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{66429CAB-47E3-4034-A4FB-DEFBE4BC8CA2}, Quarantined, [e6691a9c3951171fde38730b8d78817f],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C47FB69-45C4-44E0-BE4D-22B045BE76FE}, Quarantined, [65eaa70f1476a59118fecab447be619f],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C570F6A-AD7F-45BB-80C5-E466D5B448A4}, Quarantined, [c58ad1e51674c57164b23a446c990ef2],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C6650F5-D111-4D1C-844C-B731E4E35DE8}, Quarantined, [b996ddd96228d66026ef1b63cb3afa06],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6D2ED67B-3037-4605-93DF-63E563A8AF23}, Quarantined, [a6a93f77acde0432f71e38464db8b14f],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6E474ADB-6A77-4F92-9926-2B787EA5DB80}, Quarantined, [c48b8f277c0e290d3dd81965669feb15],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6EEBF7DA-E35F-4A6B-BE81-88AEB9C37967}, Quarantined, [cb845b5ba5e5ca6c47ce87f72cd9c937],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D3087B9-3A43-4720-BE25-5BDB35DB746B}, Quarantined, [301f0caa99f192a41df81f5fc73e629e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7EC659CD-6C1E-4EC5-9087-AF7D304BA094}, Quarantined, [50ff12a495f5c571888e83fb35d044bc],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F23342E-7744-4596-8C52-13F1B1E2293C}, Quarantined, [88c76353fd8de94d1105daa450b5de22],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F9E5B18-E556-46D9-A4B4-6624DA593E93}, Quarantined, [61eecaec0f7b1b1b898c3e409d68df21],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7FD4B26B-3B7B-4730-97D2-3C518C4CBDAE}, Quarantined, [1d328d298604a3935cbad5a9af56f60a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{832329D0-D53F-4F89-A915-F041C2AFA83F}, Quarantined, [90bf3e78e3a77bbb39dce9952dd8f907],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{86081724-EA76-4483-B45D-DAF43B6C5F92}, Quarantined, [6ce315a1bcce37ff9086245a9a6bd729],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E9830C1-50ED-46D2-943C-9071E9D335AF}, Quarantined, [034c93232f5b59dd59bce59927defc04],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{920E18FD-4574-4284-BA21-668F4A13458C}, Quarantined, [68e7e9cd4446e155769f146a23e20000],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{92ECDBDE-180C-4E4F-84D5-EE94B1BDF953}, Quarantined, [5bf4e8cebdcdf1459e78304eee17ba46],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{96D86980-8CC5-4BA1-8559-778B2DA92DA1}, Quarantined, [d679338373179d998591611ddd28b44c],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{97A84DBC-1EDD-48D1-B1BD-BB6ED3D6EA8E}, Quarantined, [b49b0ea8b7d3d75fc452dca235d0ae52],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{97E5199E-60B9-4F57-99C7-D736E7A5BEA3}, Quarantined, [81ce7046e6a4b185c254077723e2d030],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9AF41F6C-A0E3-411D-8A4A-D1304632984C}, Quarantined, [cc83ae089eec69cda372403e34d104fc],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9C89F270-5B1D-4A31-902C-1017322B2942}, Quarantined, [282706b0d5b5e74f68ad8ef0e42118e8],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CE574D4-E529-449A-BBD8-CBC143C8D73E}, Quarantined, [f15e2a8c5931221436dfc0be6c9926da],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9F25C6CB-3FC6-4F23-986C-BCF6F3AF881D}, Quarantined, [b699981ecdbdb97db56025596e9734cc],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A1A5B4EC-7000-4AD8-85E1-67BC6D90B619}, Quarantined, [b39cf0c6612957dfa1751965f3125ea2],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A537DDCF-22B6-4BAF-A5C8-A31B2C317FCB}, Quarantined, [92bd6452b1d9f1451afce49a26df5ca4],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5A2CB79-ECC3-49FC-8C97-64279C4A9B40}, Quarantined, [55fa65510e7c43f357be601efb0a10f0],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5E955BA-5B65-4FEE-8582-487996631BD2}, Quarantined, [55fad6e0503add595bba087635d0ce32],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A73710F0-5976-4995-8FFF-56C5CE86C454}, Quarantined, [f7581f97c5c53105e62fd8a624e1b34d],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A9501A40-86E2-49F6-B444-14B969211F5A}, Quarantined, [97b866509befa78fb660a3dbab5ac040],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A9BC7F9D-7C68-4E7B-91C8-CEDCAF86987D}, Quarantined, [f956585ed5b5d75fa96ce8960afb4eb2],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AB2E008A-18B4-4E21-B34C-52CF7457A517}, Quarantined, [e06f575fe9a1280e080e443a32d37b85],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC1DA0EE-1324-47CE-9515-F5A6FAB66728}, Quarantined, [064944727218211525f00f6f7590c23e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC82E4B3-47BC-4C62-B565-B076CA77C7E3}, Quarantined, [e06fb7ffddad241248cd1e6083824eb2],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE495342-C116-4C03-99DA-A94B5A30639A}, Quarantined, [242b9b1b612989ad60b60777cb3a44bc],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2584893-C4D2-46F7-B6F4-9BAA818B96B7}, Quarantined, [aaa5bff7800a270fdc39ea9459ac1ee2],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B5F0B833-6DB4-49C0-9397-A4C8E1B953D7}, Quarantined, [4f00b7fff09a13235abbef8fbe47d12f],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B81DD85E-EB4F-470E-B394-CCD3E4A4FCE2}, Quarantined, [89c63e78bdcdbd7960b485f9bf4640c0],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAE6EB76-F1F3-4AFF-AF3F-3FE52C86C554}, Quarantined, [95ba744277134de972a4c7b7cd38ce32],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BCE8F6F8-4FAC-4640-9D23-7E4E4BC2CB36}, Quarantined, [0a4563539cee37ff9a7c710d42c3c739],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BDB0C6B8-C641-433C-94AB-4164CF9A56FC}, Quarantined, [aba4991d01899c9aea2bccb26d98cb35],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BEA2D321-DB79-4616-BCAE-D447EA4ACB30}, Quarantined, [f956f4c24d3d5bdbda3bdba3a95c1ae6],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BEC8EB92-8542-4678-8C3E-115A523CF3D7}, Quarantined, [75daedc9f298aa8c8590abd3c0456b95],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BEF02BE0-F126-43FC-B522-45AA88B75836}, Quarantined, [1d327e38404a14224bcbd9a519ecb54b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BFB86BCF-79D9-442F-A5D4-B721D371EAF6}, Quarantined, [cf803c7afd8db3838a8ccdb1aa5bab55],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C3019572-86F7-4F2F-A038-BA5DE19324BE}, Quarantined, [7cd3dcdaa4e6f73fc254730b966fa55b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C4C0A26E-DBAE-49AD-B080-B8804953E551}, Quarantined, [94bbb40299f100369284fe80010406fa],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C5558BC8-488A-476E-AEF9-D49E13E2A723}, Quarantined, [fc5361558703d85e7d98d2acbe472bd5],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C83DDCBF-AEC5-45E2-8B74-9CB877607BE6}, Quarantined, [252a5264434756e08a8cdda101046d93],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CA3BFF74-46CA-4CC2-9EFD-CA32122076FF}, Quarantined, [83cc10a6d2b8a29436e0a5d93acb9e62],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CC1853F4-C7C4-4F77-A12E-F6A39996D3AC}, Quarantined, [e36cf6c0701abf777a9cef8fb94c8f71],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD8B2202-DA3A-4DA7-8CC4-ABF7E166AF7F}, Quarantined, [85cab6008efcdb5b0b0b0c72a0658779],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D599B948-1BBD-40F0-8CFC-33FF3EFD6396}, Quarantined, [a6a9aa0cee9c0e28b3628df1768fad53],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D5EEF6B9-3CDC-404C-9442-DBCE7517933C}, Quarantined, [87c8cee8c1c9c373a075245a6b9a9e62],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D63C0C54-8324-4A07-B942-D8FD824CDB6B}, Quarantined, [ada246704149ad89060f3f3fa362ee12],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D66A74C1-29F4-4C69-BE56-65244B4046C4}, Quarantined, [ce81793d0f7bb2841303e49a32d3ce32],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0A63BB8-AF81-4FB6-93D6-A5556BA8BE64}, Quarantined, [d57ad7df26640333cc490975aa5b2bd5],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E16ECDED-74AA-4856-ABC0-5254EDC8F2D9}, Quarantined, [0b443c7a09817abc27ee7b03f510d22e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E825842C-98B5-4AD2-B8B5-DA52936BEED1}, Quarantined, [d57a3d79d2b8979f3ed7b0ce47be06fa],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E9439D2F-1A50-458B-9DCF-56CF5F563862}, Quarantined, [d679902696f4d165da3c344ad53039c7],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EB21693A-D0D8-4E84-A3E7-9EF12C4FA4E9}, Quarantined, [341b5363325862d4070f2f4fc83dad53],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EB533284-E69E-417F-BC99-53795AD98A56}, Quarantined, [94bbdadce1a9b97df71f453909fc7c84],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EE0E7C43-93C9-4C5A-827A-DAF35A7B7DAF}, Quarantined, [ca852f872a603df94cc9423ca26340c0],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F193AB0A-D5C1-4916-81E2-BFF28C45D3A9}, Quarantined, [2b24b10504862313a1752a54679eb24e],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F3278990-E9CE-4AB7-B944-C9B7984CBC6D}, Quarantined, [e06feccac1c96ec8b561344aca3b46ba],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F592ADDE-D939-40EE-A6F0-9AB9FF6CB52A}, Quarantined, [90bfae084347f24458be0579e520d32d],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F70A9C1F-4A07-44AF-94FD-A527C55E5AC6}, Quarantined, [1639199dfa90f83ee72ef5892dd8d030],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FAC758A6-169B-4A18-9C11-5E3F43F48A73}, Quarantined, [212e4e68ddadfc3a8194c0bee322f40c],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FB111A72-67FB-4BF4-A284-ADE7B5D9B232}, Quarantined, [ada2a70fe6a49a9c72a4ccb253b212ee],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHCT3306926, Quarantined, [bf90278f5a30e84e9690344d2ed749b7],

Registry Values: 134
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26eaff8b-3cd5-42c3-8d9c-be5fff9f32df}|AppName, HDtubeV1.6V11.11-bg.exe, Quarantined, [8dc26452d4b6ed4928efbac4cd3858a8]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b81dd85e-eb4f-470e-b394-ccd3e4a4fce2}|AppName, I - Cinema-bg.exe, Quarantined, [09465462f694a3939c7be89622e3ea16]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c4c0a26e-dbae-49ad-b080-b8804953e551}|AppName, I - Cinema-codedownloader.exe, Quarantined, [b699c7efee9c1e18f524ef8fea1b0000]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c83ddcbf-aec5-45e2-8b74-9cb877607be6}|AppName, HDtubeV1.6V11.11-codedownloader.exe, Quarantined, [301fb5010f7b30060217fe80c73e6c94]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [3e1100b61179cf67bb44e997e32227d9]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dpimglhojapikoeeifcifanbeinephdm|path, C:\Users\MITCH\AppData\Local\CRE\dpimglhojapikoeeifcifanbeinephdm.crx, Quarantined, [bf906f47f59579bdb9966a7cf60d15eb]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\lggjockdkhahihjfehmocmjakchihnjb|path, C:\Users\MITCH\AppData\Local\CRE\lggjockdkhahihjfehmocmjakchihnjb.crx, Quarantined, [c08f476f3e4c1c1afe517571e91a4fb1]
PUP.Optional.Binkiland.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Binkiland\\, Quarantined, [470842749eec85b1c560658106fd37c9]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{113ddedd-85b0-4f48-b9b0-7a727db38cb5}|AppPath, C:\Program Files (x86)\PackageTracer_69\bar\1.bin, Quarantined, [ec63f3c3444638fe6036d8a443c2da26]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{16d0011b-a05d-4891-9db2-7979236bb50e}|AppPath, C:\Program Files (x86)\PackageTracer_69\bar\1.bin, Quarantined, [ef60a313addd36004551007c9f669e62]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111251155}|AppName, JollyWallet-bg.exe, Quarantined, [d27d3c7a5238eb4b011669153fc606fa]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26eaff8b-3cd5-42c3-8d9c-be5fff9f32df}|AppName, HDtubeV1.6V11.11-bg.exe, Quarantined, [d47bd1e52c5e6dc932e58cf28382df21]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3b9bf8f6-0d9b-4c80-97f8-f8af20888ce6}|AppPath, C:\Program Files (x86)\PackageTracer_69\bar\1.bin, Quarantined, [b798a80e2a6092a49105fe7e8f762ed2]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4f8a7ea8-cdef-4393-8191-38dc6448f967}|AppPath, C:\Program Files (x86)\PackageTracer_69\bar\1.bin, Quarantined, [b9964e687515f73f5e38c7b5ed1839c7]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5806af45-491a-4080-b99e-d5045b11d21e}|AppPath, C:\Program Files (x86)\GasGlance_5i\bar\1.bin, Quarantined, [2e21278f7713d85e5d3913695fa6f709]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68ed2974-ecda-46da-b5c8-0dbcde795731}|AppPath, C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin, Quarantined, [d57a9c1ae5a5cd6999fdf88421e451af]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{777651e4-13ca-4a6a-a605-79cd54b1cb08}|AppPath, C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin, Quarantined, [301fad09a5e5a393f3a3e09c50b525db]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{88a61f12-5bea-461b-878a-e9e310975f4d}|AppPath, C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin, Quarantined, [4609b40296f49e98e8ae86f6010419e7]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89826354-5a6b-4bb5-b222-c350684df0a7}|AppPath, C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin, Quarantined, [ea6584322763c571781ec3b9996c6c94]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9299b102-415c-41d0-abd4-9371283a0ffa}|AppPath, C:\Program Files (x86)\GardeningEnthusiast_7j\bar\1.bin, Quarantined, [1837595dd2b8280e1581354754b1649c]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99f5cfde-6252-4035-b820-bd521960f59f}|AppPath, C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin, Quarantined, [56f9872f39511125ecaaff7da164e21e]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ab2bfe44-b528-416e-a56f-ee9bbaa114a4}|AppPath, C:\Program Files (x86)\GasGlance_5i\bar\1.bin, Quarantined, [d17ea511800ab680afe79ce01aeb7987]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b38cc7f3-9561-4aa5-9907-25724a4bb87b}|AppPath, C:\Program Files (x86)\GasGlance_5i\bar\1.bin, Quarantined, [a3ac3f77870390a6b1e50b71bf46f40c]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b81dd85e-eb4f-470e-b394-ccd3e4a4fce2}|AppName, I - Cinema-bg.exe, Quarantined, [2629b105f991072f8c8b86f834d1af51]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c4c0a26e-dbae-49ad-b080-b8804953e551}|AppName, I - Cinema-codedownloader.exe, Quarantined, [0946e7cfacde87af76a3c8b6b352cd33]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c83ddcbf-aec5-45e2-8b74-9cb877607be6}|AppName, HDtubeV1.6V11.11-codedownloader.exe, Quarantined, [ed628e28abdfb97dd04999e580855ba5]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ce12dc0f-3015-4d30-b186-bf9808558177}|AppPath, C:\Program Files (x86)\GardeningEnthusiast_7j\bar\1.bin, Quarantined, [aba44076830771c5e3b3027a44c129d7]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d1149832-abe6-4a57-933d-5d5a6045ee9d}|AppPath, C:\Program Files (x86)\PackageTracer_69\bar\1.bin, Quarantined, [60eff5c1b4d61e18b3e395e72ed75fa1]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e24de5e8-9c8f-4e23-8b0b-712f42992059}|AppPath, C:\Program Files (x86)\PackageTracer_69\bar\1.bin, Quarantined, [cd82ddd95c2ed066e5b1d9a32fd65ea2]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e4e0da0e-cfca-4bf5-865f-3e86093f6515}|AppPath, C:\Program Files (x86)\GardeningEnthusiast_7j\bar\1.bin, Quarantined, [38178630aedcab8bcec81765fe07ee12]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e9b0eca1-54c2-4e9d-9ca7-12e1c474185d}|AppPath, C:\Program Files (x86)\GardeningEnthusiast_7j\bar\1.bin, Quarantined, [53fc278f52383ff7d8be7705689d8a76]
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{edbba871-43d1-4303-b495-31af5bdb9242}|AppPath, C:\Program Files (x86)\GasGlance_5i\bar\1.bin, Quarantined, [0f40b8fefa90c4723165bdbf61a42cd4]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [0b445a5c088239fda7588ef2fc09cd33]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dpimglhojapikoeeifcifanbeinephdm|path, C:\Users\MITCH\AppData\Local\CRE\dpimglhojapikoeeifcifanbeinephdm.crx, Quarantined, [212e486e0a8073c3fb5541a59b68c63a]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\lggjockdkhahihjfehmocmjakchihnjb|path, C:\Users\MITCH\AppData\Local\CRE\lggjockdkhahihjfehmocmjakchihnjb.crx, Quarantined, [cc839b1b0e7cbb7bf0602abced1635cb]
PUP.Optional.RelevantKnowledge.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\GUPPY\RKSURVEY|survey, 0, Quarantined, [351a42744149a3935238db0d12f1ec14]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1005EAE3-FDF4-4EE2-B1E0-DD4AE79B2164}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [ada2d5e134560d29d63f3e40f90c1be5]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14387D2E-409A-4D73-82F1-3E15494824CF}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [311e773f2b5fc076c253fd81798ce61a]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{145E8993-BFE0-4C6E-82A8-401EACF1334E}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [c7884d698ffbc1750c0a5c22f90c6997]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{16C48B8D-C848-4758-B56E-375344FECDA5}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [3619387e2664da5cc1555f1f1ce99e62]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{185411BE-5BA3-4300-AB61-6CFBC9EFDF98}|AppName, e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2.exe-buttonutil.exe, Quarantined, [2a25f5c12c5e67cf60b52e50dc29f40c]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B3FA243-D23E-4FB8-87F4-3DF8FD49B5F6}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [0d42595d1f6b0c2a55c0daa4de27e21e]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2280A4DD-F987-4C94-A322-7451A59B63B7}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [6de2b0063a5047ef43d3f38b000517e9]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{234C64BC-5785-45CE-8F7E-11D5D91B6FC7}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [2c23f3c30f7b6bcb3ed82955788d8d73]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26eaff8b-3cd5-42c3-8d9c-be5fff9f32df}|AppName, HDtubeV1.6V11.11-bg.exe, Quarantined, [b897882ec7c3f244a66e89f5ef161ae6]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{289B7AAC-5838-428A-ACB1-455E4175CCFA}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [0b440babfe8ce35323f3205e828335cb]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{303C20DC-71A0-4D6E-96CE-D515301D67FB}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [a0afa2145238092dfa1c92ecff06ab55]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{38B24EE3-E6AE-4E42-9779-D0241A2CEC40}|AppName, e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2.exe-buttonutil.exe, Quarantined, [2827dfd7fe8c87aff71eacd271948a76]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A6AA4A9-AACC-4211-91FF-9F5ED751C45E}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [81cee2d46921b87ea96d6717d332ca36]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B476F89-B1A0-4FAA-83A9-D72088412E9A}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [88c7c3f3e8a2c5715eb84f2f11f4f709]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3DADDD9F-792D-4584-99B6-978AF658F45F}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [cf80c9ed97f322148c892d511ee73ac6]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3F315681-1361-41D9-94B5-E3B6DA2170B0}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [133cefc77e0ce254a57128568a7b25db]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4339B9F6-2C73-4C64-A3E8-6899B231BCB5}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [f35ca0162d5d9b9be432c8b6c2434cb4]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{447BF11D-4015-41C1-8B32-9DE47A2CF661}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [f35c288e38521224dd381c6244c1ac54]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{486A6257-988B-4E42-A273-1599C353DF7C}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [4d023e78771351e58e881f5f7b8a58a8]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{498AD811-9A75-4520-9665-BBD05AB7A015}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [b699fbbbec9e1d190f071866bd4807f9]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E4966CA-2F82-45A3-8FEA-6428796FB813}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [64eb70462c5e1f175fb783fbeb1a5ba5]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5212ADAB-111C-4BEE-91B0-6AC4B339FB34}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [6be49125117993a347ce136b709539c7]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5390B4F3-AE71-44D9-A833-C2EA216095CA}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [014e6353aae0f343bc5a443a8b7a6f91]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{569F2943-7CB3-4B08-82DA-163EF6705FD9}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [420d278f048675c157be235be61f6f91]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{57032DF5-61FD-405C-82E8-8C6614C18563}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [430c9b1ba1e951e50c095628e42102fe]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5B550B0B-997E-4459-9096-3B88E9DCFCB4}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [e26d05b119711c1a3cdaed9146bf50b0]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5F003FDD-9375-46E8-BBEC-B6B63CA6A4F7}|AppName, e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2.exe-codedownloader.exe, Quarantined, [5bf4a3132c5e62d475a1f38bea1bed13]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6185136A-FD3E-43BB-A5DD-2AFD6BFDB8F2}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [79d6a3135931979fc254a8d6b550c739]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{645E0C72-38C2-4A79-A03B-45448396BCA2}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [3718b8fe1575b97d38dddda18b7a1be5]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{66429CAB-47E3-4034-A4FB-DEFBE4BC8CA2}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [e6691a9c3951171fde38730b8d78817f]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C47FB69-45C4-44E0-BE4D-22B045BE76FE}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [65eaa70f1476a59118fecab447be619f]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C570F6A-AD7F-45BB-80C5-E466D5B448A4}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [c58ad1e51674c57164b23a446c990ef2]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C6650F5-D111-4D1C-844C-B731E4E35DE8}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [b996ddd96228d66026ef1b63cb3afa06]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6D2ED67B-3037-4605-93DF-63E563A8AF23}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [a6a93f77acde0432f71e38464db8b14f]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6E474ADB-6A77-4F92-9926-2B787EA5DB80}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [c48b8f277c0e290d3dd81965669feb15]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6EEBF7DA-E35F-4A6B-BE81-88AEB9C37967}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [cb845b5ba5e5ca6c47ce87f72cd9c937]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D3087B9-3A43-4720-BE25-5BDB35DB746B}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [301f0caa99f192a41df81f5fc73e629e]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7EC659CD-6C1E-4EC5-9087-AF7D304BA094}|AppName, e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2.exe-codedownloader.exe, Quarantined, [50ff12a495f5c571888e83fb35d044bc]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F23342E-7744-4596-8C52-13F1B1E2293C}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [88c76353fd8de94d1105daa450b5de22]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F9E5B18-E556-46D9-A4B4-6624DA593E93}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [61eecaec0f7b1b1b898c3e409d68df21]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7FD4B26B-3B7B-4730-97D2-3C518C4CBDAE}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [1d328d298604a3935cbad5a9af56f60a]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{832329D0-D53F-4F89-A915-F041C2AFA83F}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [90bf3e78e3a77bbb39dce9952dd8f907]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{86081724-EA76-4483-B45D-DAF43B6C5F92}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [6ce315a1bcce37ff9086245a9a6bd729]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E9830C1-50ED-46D2-943C-9071E9D335AF}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [034c93232f5b59dd59bce59927defc04]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{920E18FD-4574-4284-BA21-668F4A13458C}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [68e7e9cd4446e155769f146a23e20000]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{92ECDBDE-180C-4E4F-84D5-EE94B1BDF953}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [5bf4e8cebdcdf1459e78304eee17ba46]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{96D86980-8CC5-4BA1-8559-778B2DA92DA1}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [d679338373179d998591611ddd28b44c]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{97A84DBC-1EDD-48D1-B1BD-BB6ED3D6EA8E}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [b49b0ea8b7d3d75fc452dca235d0ae52]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{97E5199E-60B9-4F57-99C7-D736E7A5BEA3}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [81ce7046e6a4b185c254077723e2d030]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9AF41F6C-A0E3-411D-8A4A-D1304632984C}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [cc83ae089eec69cda372403e34d104fc]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9C89F270-5B1D-4A31-902C-1017322B2942}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [282706b0d5b5e74f68ad8ef0e42118e8]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CE574D4-E529-449A-BBD8-CBC143C8D73E}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [f15e2a8c5931221436dfc0be6c9926da]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9F25C6CB-3FC6-4F23-986C-BCF6F3AF881D}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [b699981ecdbdb97db56025596e9734cc]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A1A5B4EC-7000-4AD8-85E1-67BC6D90B619}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [b39cf0c6612957dfa1751965f3125ea2]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A537DDCF-22B6-4BAF-A5C8-A31B2C317FCB}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [92bd6452b1d9f1451afce49a26df5ca4]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5A2CB79-ECC3-49FC-8C97-64279C4A9B40}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [55fa65510e7c43f357be601efb0a10f0]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5E955BA-5B65-4FEE-8582-487996631BD2}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [55fad6e0503add595bba087635d0ce32]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A73710F0-5976-4995-8FFF-56C5CE86C454}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [f7581f97c5c53105e62fd8a624e1b34d]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A9501A40-86E2-49F6-B444-14B969211F5A}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [97b866509befa78fb660a3dbab5ac040]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A9BC7F9D-7C68-4E7B-91C8-CEDCAF86987D}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [f956585ed5b5d75fa96ce8960afb4eb2]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AB2E008A-18B4-4E21-B34C-52CF7457A517}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [e06f575fe9a1280e080e443a32d37b85]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC1DA0EE-1324-47CE-9515-F5A6FAB66728}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [064944727218211525f00f6f7590c23e]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC82E4B3-47BC-4C62-B565-B076CA77C7E3}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [e06fb7ffddad241248cd1e6083824eb2]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE495342-C116-4C03-99DA-A94B5A30639A}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [242b9b1b612989ad60b60777cb3a44bc]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2584893-C4D2-46F7-B6F4-9BAA818B96B7}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [aaa5bff7800a270fdc39ea9459ac1ee2]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B5F0B833-6DB4-49C0-9397-A4C8E1B953D7}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [4f00b7fff09a13235abbef8fbe47d12f]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b81dd85e-eb4f-470e-b394-ccd3e4a4fce2}|AppName, I - Cinema-bg.exe, Quarantined, [89c63e78bdcdbd7960b485f9bf4640c0]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAE6EB76-F1F3-4AFF-AF3F-3FE52C86C554}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [95ba744277134de972a4c7b7cd38ce32]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BCE8F6F8-4FAC-4640-9D23-7E4E4BC2CB36}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [0a4563539cee37ff9a7c710d42c3c739]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BDB0C6B8-C641-433C-94AB-4164CF9A56FC}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [aba4991d01899c9aea2bccb26d98cb35]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BEA2D321-DB79-4616-BCAE-D447EA4ACB30}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [f956f4c24d3d5bdbda3bdba3a95c1ae6]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BEC8EB92-8542-4678-8C3E-115A523CF3D7}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [75daedc9f298aa8c8590abd3c0456b95]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BEF02BE0-F126-43FC-B522-45AA88B75836}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [1d327e38404a14224bcbd9a519ecb54b]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BFB86BCF-79D9-442F-A5D4-B721D371EAF6}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [cf803c7afd8db3838a8ccdb1aa5bab55]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C3019572-86F7-4F2F-A038-BA5DE19324BE}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [7cd3dcdaa4e6f73fc254730b966fa55b]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c4c0a26e-dbae-49ad-b080-b8804953e551}|AppName, I - Cinema-codedownloader.exe, Quarantined, [94bbb40299f100369284fe80010406fa]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C5558BC8-488A-476E-AEF9-D49E13E2A723}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [fc5361558703d85e7d98d2acbe472bd5]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c83ddcbf-aec5-45e2-8b74-9cb877607be6}|AppName, HDtubeV1.6V11.11-codedownloader.exe, Quarantined, [252a5264434756e08a8cdda101046d93]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CA3BFF74-46CA-4CC2-9EFD-CA32122076FF}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [83cc10a6d2b8a29436e0a5d93acb9e62]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CC1853F4-C7C4-4F77-A12E-F6A39996D3AC}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [e36cf6c0701abf777a9cef8fb94c8f71]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD8B2202-DA3A-4DA7-8CC4-ABF7E166AF7F}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [85cab6008efcdb5b0b0b0c72a0658779]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D599B948-1BBD-40F0-8CFC-33FF3EFD6396}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [a6a9aa0cee9c0e28b3628df1768fad53]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D5EEF6B9-3CDC-404C-9442-DBCE7517933C}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [87c8cee8c1c9c373a075245a6b9a9e62]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D63C0C54-8324-4A07-B942-D8FD824CDB6B}|AppName, e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2.exe-buttonutil.exe, Quarantined, [ada246704149ad89060f3f3fa362ee12]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D66A74C1-29F4-4C69-BE56-65244B4046C4}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [ce81793d0f7bb2841303e49a32d3ce32]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0A63BB8-AF81-4FB6-93D6-A5556BA8BE64}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [d57ad7df26640333cc490975aa5b2bd5]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E16ECDED-74AA-4856-ABC0-5254EDC8F2D9}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [0b443c7a09817abc27ee7b03f510d22e]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E825842C-98B5-4AD2-B8B5-DA52936BEED1}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [d57a3d79d2b8979f3ed7b0ce47be06fa]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E9439D2F-1A50-458B-9DCF-56CF5F563862}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [d679902696f4d165da3c344ad53039c7]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EB21693A-D0D8-4E84-A3E7-9EF12C4FA4E9}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [341b5363325862d4070f2f4fc83dad53]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EB533284-E69E-417F-BC99-53795AD98A56}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [94bbdadce1a9b97df71f453909fc7c84]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EE0E7C43-93C9-4C5A-827A-DAF35A7B7DAF}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [ca852f872a603df94cc9423ca26340c0]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F193AB0A-D5C1-4916-81E2-BFF28C45D3A9}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [2b24b10504862313a1752a54679eb24e]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F3278990-E9CE-4AB7-B944-C9B7984CBC6D}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [e06feccac1c96ec8b561344aca3b46ba]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F592ADDE-D939-40EE-A6F0-9AB9FF6CB52A}|AppName, e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2.exe-codedownloader.exe, Quarantined, [90bfae084347f24458be0579e520d32d]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F70A9C1F-4A07-44AF-94FD-A527C55E5AC6}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [1639199dfa90f83ee72ef5892dd8d030]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FAC758A6-169B-4A18-9C11-5E3F43F48A73}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [212e4e68ddadfc3a8194c0bee322f40c]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FB111A72-67FB-4BF4-A284-ADE7B5D9B232}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [ada2a70fe6a49a9c72a4ccb253b212ee]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.PullUpdate.A, C:\ProgramData\atpfbZ\dat, Quarantined, [8cc3773f5c2ef93d089eaac78284659b],
PUP.Optional.PullUpdate.A, C:\ProgramData\atpfbZ, Quarantined, [8cc3773f5c2ef93d089eaac78284659b],

Files: 107
PUP.Optional.PullUpdate.A, C:\ProgramData\atpfbZ\dat\dTRbyThYcEX.dll, Quarantined, [d6799323e1a90b2b243d303f5aac03fd],
PUP.Optional.Crossbrowse.C, C:\Users\MITCH\AppData\Local\Temp\698.exe, Quarantined, [bd92c2f47a10f73f376481d7e41eb24e],
PUP.Optional.APNToolBar.A, C:\Users\MITCH\AppData\Local\Temp\APNSetup.exe, Quarantined, [94bb8f270684a294863741220bf7f40c],
PUP.Optional.Compete, C:\Users\MITCH\AppData\Local\Temp\ConsumerInputSetup.exe, Quarantined, [b6997f370981f442d746432dd3338c74],
PUP.Optional.SuperOptimizer.A, C:\Users\MITCH\AppData\Local\Temp\supoptsetup.exe, Quarantined, [311ee4d202888ea81482b9a7df23857b],
PUP.Optional.Shopperz.A, C:\Users\MITCH\AppData\Local\Temp\setup_489.exe, Quarantined, [fd52dcdafe8ce551fc03adc031d5867a],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-2TP7K.tmp\gentlemjmp_ieeuu.exe, Quarantined, [fe51dfd78a002d095f34254a38ce6a96],
PUP.Optional.Bundle, C:\Users\MITCH\AppData\Local\Temp\is-3D3DS.tmp\pcoupoon.exe, Quarantined, [08476452e7a34ceaf25c81f89e62df21],
PUP.Optional.Taplika, C:\Users\MITCH\AppData\Local\Temp\is-4NM9U.tmp\150.exe, Quarantined, [55fa0bab1e6cca6ca0e806719b65619f],
PUP.Optional.WebBar.A, C:\Users\MITCH\AppData\Local\Temp\is-4NM9U.tmp\package_airwebbar_installer_multilang.exe, Quarantined, [a6a93383008a3ef841df5f1032d444bc],
PUP.Optional.Amonetize.A, C:\Users\MITCH\AppData\Local\Temp\is-4NM9U.tmp\package_AmNuvision_installer_multilang.exe, Quarantined, [8fc042748dfda492a187a7c83acc7e82],
PUP.Optional.CubepileShopperz.A, C:\Users\MITCH\AppData\Local\Temp\is-4NM9U.tmp\package_CubepileShopperz_installer_multilang.exe, Quarantined, [8bc4476ff991ca6cb354353ab45229d7],
PUP.Optional.SafeGuard.A, C:\Users\MITCH\AppData\Local\Temp\is-4NM9U.tmp\package_psafeguard_installer_multilang.exe, Quarantined, [1e314b6b06841026927b501f976f6a96],
PUP.Optional.SpeedItUp.A, C:\Users\MITCH\AppData\Local\Temp\is-4NM9U.tmp\package_speeditup_installer_multilang.exe, Quarantined, [b49b03b38109c2745bb393dc2adce41c],
PUP.Optional.StromWatch.A, C:\Users\MITCH\AppData\Local\Temp\is-4NM9U.tmp\package_StormWatch_Boost_Verti_installer_multilang.exe, Quarantined, [b8978432f5955bdbda623738c6405aa6],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-5G181.tmp\gentlemjmp_ieeuu.exe, Quarantined, [4d02edc999f184b2048ff37ccb3baa56],
PUP.Optional.Taplika, C:\Users\MITCH\AppData\Local\Temp\is-FP0S5.tmp\150.exe, Quarantined, [eb6433839feb072f3a4e94e3cb35e51b],
PUP.Optional.WebBar.A, C:\Users\MITCH\AppData\Local\Temp\is-FP0S5.tmp\package_airwebbar_installer_multilang.exe, Quarantined, [9cb35e58aae023133de3f57ac442db25],
PUP.Optional.StromWatch.A, C:\Users\MITCH\AppData\Local\Temp\is-FP0S5.tmp\package_StormWatch_Boost_Verti_installer_multilang.exe, Quarantined, [1837c7ef9cee5fd73903b9b681851ee2],
PUP.Optional.Taplika, C:\Users\MITCH\AppData\Local\Temp\is-G1OVG.tmp\150.exe, Quarantined, [440b3185ed9d7eb8d7b1680f916ffc04],
PUP.Optional.WebBar.A, C:\Users\MITCH\AppData\Local\Temp\is-G1OVG.tmp\package_airwebbar_installer_multilang.exe, Quarantined, [d9768f277d0d22140818df90db2b09f7],
PUP.Optional.Amonetize.A, C:\Users\MITCH\AppData\Local\Temp\is-G1OVG.tmp\package_AmNuvision_installer_multilang.exe, Quarantined, [a2ad595daedc201678b0b8b70600ce32],
PUP.Optional.CubepileShopperz.A, C:\Users\MITCH\AppData\Local\Temp\is-G1OVG.tmp\package_CubepileShopperz_installer_multilang.exe, Quarantined, [be913c7ae2a88fa731d6fc73c44202fe],
PUP.Optional.SafeGuard.A, C:\Users\MITCH\AppData\Local\Temp\is-G1OVG.tmp\package_psafeguard_installer_multilang.exe, Quarantined, [bf90feb87e0c181e888571febe486f91],
PUP.Optional.SpeedItUp.A, C:\Users\MITCH\AppData\Local\Temp\is-G1OVG.tmp\package_speeditup_installer_multilang.exe, Quarantined, [004f8d29860431056ea018571ceabc44],
PUP.Optional.StromWatch.A, C:\Users\MITCH\AppData\Local\Temp\is-G1OVG.tmp\package_StormWatch_Boost_Verti_installer_multilang.exe, Quarantined, [8bc4288eaedc142294a87cf363a3c838],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-GASKJ.tmp\11.exe, Quarantined, [e669179f3f4bfa3c1083de91e71fe41c],
PUP.Optional.BrowseFox, C:\Users\MITCH\AppData\Local\Temp\is-GBI7R.tmp\mountainbike_soft_partner.exe, Quarantined, [a8a7c7eff991d660a16eda8823df0df3],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-GC4O5.tmp\gentlemjmp_ieeuu.exe, Quarantined, [e96605b16f1bb0868211412e26e07d83],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-T42D9.tmp\package_spyouyahoo_installer_multilang.exe, Quarantined, [004fe9cd5a3049ed2073b8b76a9cce32],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-TQ3OC.tmp\gentlemjmp_ieeuu.exe, Quarantined, [6ae5a90d2367f83e870c6609bb4ba759],
PUP.Optional.PullUpdate.A, C:\Users\MITCH\AppData\Local\Temp\nsc5F95.tmp\Helper.dll, Quarantined, [fd5273431b6fb48281e0ef809d69d42c],
PUP.Optional.OptimizerPro, C:\Users\MITCH\AppData\Local\Temp\WPR\OptimizerPro.exe, Quarantined, [62ed179fc3c75bdba4f849fc4db5768a],
PUP.Optional.OfferInstaller.C, C:\Users\MITCH\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\OfferInstaller.exe, Quarantined, [054a4571e0aabd7940d38eb1df230ff1],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-7L1B8.tmp\gentlemjmp_ieeuu.exe, Quarantined, [c48bb10515754fe7ddb6b4bb6f9710f0],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-82M5I.tmp\gentlemjmp_ieeuu.exe, Quarantined, [fc53e4d2226873c397fcafc04eb8c43c],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-88RE4.tmp\gentlemjmp_ieeuu.exe, Quarantined, [4f00d8def59542f42370b3bc3dc96b95],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-ASDN8.tmp\gentlemjmp_ieeuu.exe, Quarantined, [5af522947c0edd596132313ec24454ac],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-IR1NK.tmp\gentlemjmp_ieeuu.exe, Quarantined, [aaa5754145453df9c9ca82ed15f15ba5],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-JGKA8.tmp\gentlemjmp_ieeuu.exe, Quarantined, [85ca96203b4f57dffb985f10000625db],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-JS3LN.tmp\gentlemjmp_ieeuu.exe, Quarantined, [c28dd0e66b1f0036f3a007689274ae52],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-JT3SN.tmp\gentlemjmp_ieeuu.exe, Quarantined, [dc730da91b6f21156d2674fb5bab11ef],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-OROPQ.tmp\gentlemjmp_ieeuu.exe, Quarantined, [4d021d99a7e35adc8211e7880afc33cd],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-P2I3I.tmp\gentlemjmp_ieeuu.exe, Quarantined, [7ed1dfd7761478be2e65f47b0ef844bc],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-PC09I.tmp\gentlemjmp_ieeuu.exe, Quarantined, [3c13d8dee0aa83b3345fdd92a66028d8],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-QDPOQ.tmp\gentlemjmp_ieeuu.exe, Quarantined, [4708d5e1fb8f75c1fe95cfa00204bc44],
PUP.Optional.Crossbrowse.C, C:\Users\MITCH\AppData\Local\Temp\5929\setup.exe, Quarantined, [46092a8c6921db5b4fdd2b448a7cd729],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-5H1BC.tmp\gentlemjmp_ieeuu.exe, Quarantined, [0847f6c0eb9f7bbb9bf8096649bd6c94],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-EECCD.tmp\gentlemjmp_ieeuu.exe, Quarantined, [202f9620cdbdd26490035f10e323ba46],
PUP.Optional.CheckOffer, C:\Users\MITCH\AppData\Local\Temp\is-IHKJE.tmp\InstallManager.exe, Quarantined, [c18e298de7a33cfaa6eec89acf338080],
PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-IHKJE.tmp\package_spyouyahoo_installer_multilang.exe, Quarantined, [e16e11a5701ad95dfc97a2cd699d629e],
PUP.Optional.Clara.A, C:\Windows\Temp\SienUpdater\s2u0.exe, Quarantined, [331c3a7c34564aec0d9fd69944c20000],
PUP.Optional.Bundle, C:\Users\MITCH\Downloads\FPP_Setup (6).exe, Quarantined, [50fffeb8e9a12412402dc49ba75b9b65],
PUP.Optional.Bundle, C:\Users\MITCH\Downloads\FPP_Setup.exe, Quarantined, [490600b67119eb4b07665708ef13da26],
PUP.Optional.Bundlore.C, C:\Users\MITCH\Downloads\Setup (3).exe, Quarantined, [8ec15c5a53371620c5e7f14a38ca49b7],
PUP.Optional.Bundlore.C, C:\Users\MITCH\Downloads\Setup (4).exe, Quarantined, [0f40cee83753ec4ad7d51a215ca6ea16],
PUP.Optional.Bundlore.C, C:\Users\MITCH\Downloads\Setup(1).exe, Quarantined, [d47b75415b2f8aac793387b4ec16a55b],
PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(11).exe, Quarantined, [66e93e78008a5cda52e2005e11f1b050],
PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(12).exe, Quarantined, [e26d882ef298bb7b1f15a1bdbc46fd03],
PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(13).exe, Quarantined, [87c8cbebd9b1d56149eba5b9d0329769],
PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(14).exe, Quarantined, [fd52d0e6c9c191a5aa8a92cc867c8d73],
PUP.Optional.Bundlore.C, C:\Users\MITCH\Downloads\Setup(2).exe, Quarantined, [9db2eacc91f9fa3cb5f72f0c0cf6e818],
PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(20).exe, Quarantined, [cb84ab0b3a50b77f03314c12ef13a957],
PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(21).exe, Quarantined, [153afcbad6b4e551b97baeb08b77dd23],
PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(22).exe, Quarantined, [62ed1c9a5535a29490a44d11dc266997],
PUP.Optional.Bundle, C:\Users\MITCH\Downloads\FPP_Setup (1).exe, Quarantined, [9db2249229611a1c4528a8b78181a65a],
PUP.Optional.Bundle, C:\Users\MITCH\Downloads\FPP_Setup (2).exe, Quarantined, [ec63b10589018fa725481c4343bf07f9],
PUP.Optional.Bundle, C:\Users\MITCH\Downloads\FPP_Setup (3).exe, Quarantined, [a7a8c8ee187261d587e65e011fe354ac],
PUP.Optional.Bundle, C:\Users\MITCH\Downloads\FPP_Setup (4).exe, Quarantined, [113e50665535999d79f4cf902fd35ba5],
PUP.Optional.InstallCore.SID.A, C:\Users\MITCH\Downloads\adobe_flash_setup (1).exe, Quarantined, [4e018333dab020166b05422d64a2ad53],
PUP.Optional.InstallCore.A, C:\Users\MITCH\Downloads\adobe_flash_setup(1).exe, Quarantined, [133cdadcb1d975c1d58da9c7aa5cc33d],
PUP.Optional.InstallCore.A, C:\Users\MITCH\Downloads\adobe_flash_setup(2).exe, Quarantined, [ada2eec818723006b6ac4d23de28748c],
PUP.Optional.InstallCore.SID.C, C:\Users\MITCH\Downloads\adobe_flash_setup(3).exe, Quarantined, [232cccea9cee14221de0bcb3ad59768a],
PUP.Optional.InstallCore.A, C:\Users\MITCH\Downloads\adobe_flash_setup.exe, Quarantined, [6de24274c1c93303cd95e58bd036e917],
PUP.Optional.Bundlore.C, C:\Users\MITCH\Downloads\Setup(3).exe, Quarantined, [3f1064524248e84e6448f04b5ea4d22e],
PUP.Optional.Bundlore.C, C:\Users\MITCH\Downloads\Setup(4).exe, Quarantined, [c48bf2c497f31323307ccb7013efea16],
PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(5).exe, Quarantined, [2b248432b8d275c170c4342a33cfd62a],
PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(6).exe, Quarantined, [450aa412a9e166d036feee70a35f37c9],
PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(8).exe, Quarantined, [b69902b48bff52e4ba7ac09e5fa39b65],
PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(9).exe, Quarantined, [400feacc1e6c71c545efef6f0ff3738d],
PUP.Optional.InstallCore.SID.A, C:\Users\MITCH\Downloads\Unconfirmed 887848.crdownload, Quarantined, [2c234571ff8bef478cec333ca26409f7],
PUP.Optional.Bundle, C:\Users\MITCH\Downloads\FPP_Setup (5).exe, Quarantined, [7bd4bbfbb5d51224c4a94e1144bebe42],
PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(10).exe, Quarantined, [3718b7ffb7d3b28430040e507a888779],
PUP.Optional.SweetGamer.C, C:\Users\Public\GameNutt\gamenutt.exe, Quarantined, [d57a793dc2c847effc87d87a4db5cf31],
PUP.Optional.Mindspark.A, C:\Users\Public\Videos\GamingWonderlandSetup2.5.14.31.^Z7^man000^YYA^.exe, Quarantined, [c48bc5f1ff8b50e6c320bbb45caac63a],
PUP.Optional.DsiLoad, C:\Users\MITCH\AppData\Local\1754699dsisetup17581152.exe, Quarantined, [430c5b5bacde73c38a74f7687b87827e],
PUP.Optional.DsiLoad, C:\Users\MITCH\AppData\Local\dsisetup14924302.exe, Quarantined, [9eb16551deacf244af4f9ac5f80a2fd1],
PUP.Optional.DsiLoad, C:\Users\MITCH\AppData\Local\dsisetup24596202.exe, Quarantined, [c986b006ccbefd39c836cb944fb309f7],
PUP.Optional.DsiLoad, C:\Users\MITCH\AppData\Local\dsisetup2751072.exe, Quarantined, [232c5660602a87af837bce9159a9cc34],
PUP.Optional.DsiLoad, C:\Users\MITCH\AppData\Local\dsisetup80848292.exe, Quarantined, [8fc0eaccf99191a5be40194622e0e917],
PUP.Optional.Binkiland.C, C:\Users\MITCH\AppData\LocalLow\Microsoft\Internet Explorer\Services\FavIcon.icoWSE_Binkiland, Quarantined, [ce81575fb5d5e254a377697d32d1b947],
PUP.Optional.PullUpdate.A, C:\ProgramData\atpfbZ\dat\noNgeUyb.exe.config, Quarantined, [8cc3773f5c2ef93d089eaac78284659b],
PUP.Optional.PullUpdate.A, C:\ProgramData\atpfbZ\dat\QWBmADv.exe.config, Quarantined, [8cc3773f5c2ef93d089eaac78284659b],
PUP.Optional.PullUpdate.A, C:\ProgramData\atpfbZ\info.dat, Quarantined, [8cc3773f5c2ef93d089eaac78284659b],
PUP.Optional.PullUpdate.A, C:\ProgramData\atpfbZ\SZSiITyB.dat, Quarantined, [8cc3773f5c2ef93d089eaac78284659b],
PUP.Optional.PullUpdate.A, C:\ProgramData\atpfbZ\SZSiITyB.exe.config, Quarantined, [8cc3773f5c2ef93d089eaac78284659b],
PUP.Optional.Spigot.A, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://search.yahoo...=238417&p="),Replaced,[ada2f7bff49675c1a843026f0600e818]
PUP.Optional.Spigot.A, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://search.yahoo...=238417&p="),Replaced,[103f377f65251620ad3ecfa244c220e0]
PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (user_pref("extensions.ciff.dca.lastDcaConfigUrl", "https://dcs-config.c...a=20140910"),Replaced,[75daa1152466bc7a35ffb8bdee18946c]
PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (To make a manual change to preferences, you can visit the URL about:config
*/

user_pref("app.update.a), Replaced,[410e42740b7f58defb396f06b15502fe]
PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (se);
user_pref("app.update.enabled", false);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1436401781);
use), Replaced,[6fe0c1f509815adce94b7afb887e4ab6]
PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (out:config
*/

user_pref("app.update.auto", false);
user_pref("app.update.enabled", false);
user_pref("app.update.lastUpdateT), Replaced,[07487244602a69cdf93bc6af0600dc24]
PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (s.
*
* To make a manual change to preferences, you can visit the URL about:config
*/

user_pref("app.update.auto", false);
user_), Replaced,[1b3493236e1c082e7bb9cbaabe48ac54]
PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*), Replaced,[2a252294088203337aba0d6863a3d32d]
PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (n exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/

user_pref("app.update.auto", false);
user_pref("app.update.enabled", false);
user_pref("app.update.lastUpdateTime.addon-back), Replaced,[0f403f77404a44f27abae293a85eb54b]
PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (er_pref("app.update.enabled", false);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1436401781);
user_pref(), Replaced,[2a25b9fddcaeae88151fbfb6b84e5aa6]
PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (mer", 1436401660);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1428374667);
user_pref("app.update.l), Replaced,[7cd31c9a6b1f70c62c0890e520e69967]

Physical Sectors: 0
(No malicious items detected)

(end)

Protection Log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan, 7/11/2015 7:37:41 AM, SYSTEM, MITCH-PC, Manual, Start:7/10/2015 9:57:26 PM, Duration:2 hr 6 min 51 sec, Threat Scan, Completed, 0 Malware Detections, 391 Non-Malware Detections,

(end)

(FYI: Will be able to see your advice but not act on it until after 4 pm EST. Thanks again.)

#10 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 11 July 2015 - 07:37 AM

Whoever used or owned this laptop previously really did a number on it

Open up FRST, make sure to put a checkmark in Additions, run a new scan and post both the FRST and Additions logs

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#11 mickey7

Silver Member

Authentic Member
254 posts

Posted 11 July 2015 - 07:45 AM

I know, I took one look and did a facepalm and long shake of the head. I should have known I would need help then. I try to tell them about clicking on stuff etc and the importance of antivirus and malware screeners (and to USE them), but alas... maybe I should try to install a filter or block sites.. lol...

But anyway, will rerun scan when I return home. Thanks.

#12 mickey7

Silver Member

Authentic Member
254 posts

Posted 11 July 2015 - 03:54 PM

here are the logs:

and..

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015
Ran by MITCH (administrator) on MITCH-PC on 11-07-2015 16:18:33
Running from C:\Users\MITCH\Desktop
Loaded Profiles: MITCH (Available Profiles: MITCH)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\PresentationSettings.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(Google Inc.) C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Google Inc.) C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
(Farbar) C:\Users\MITCH\Desktop\FRST64(1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [456192 2009-08-13] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-10-08] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM-x32\...\Run: [DVDAgent] => "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-09-25] (CyberLink)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre1.8.0_25\bin\jusched.exe"
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-499354876-3266562091-500007027-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
HKU\S-1-5-21-499354876-3266562091-500007027-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {934BCD49-C81A-4ED0-86DF-56EE1B6DA341} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM -> {a3e1d674-04ee-4c9e-b143-442555830fb7} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {4F5E3C10-FEB0-467A-A7CD-FD0C05FDA134} URL = http://www.flickr.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {CFE23308-78C6-44BE-99F5-8A42DE00E17B} URL = http://search.yahoo....f-8&fr=chr-yie9
SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {EFA0BB11-5A96-43DF-A6CC-F172A691CAB1} URL = http://delicious.com...p={searchTerms}
Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-05-30] (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.0.180
Tcpip\..\Interfaces\{28A4C540-8B9E-470A-9135-F3AE6A55F184}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{28A4C540-8B9E-470A-9135-F3AE6A55F184}: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.0.180
Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [NameServer] 82.163.143.150,82.163.142.152
Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.80.251

FireFox:
========
FF ProfilePath: C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default
FF DefaultSearchEngine: Binkiland
FF SearchEngineOrder.3: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-25] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @ei.GamingWonderland.com/Plugin -> C:\Program Files (x86)\GamingWonderlandEI\Installr\2.bin\NPgtEISB.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-30] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2015-01-02] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @tools.google.com/Google Update;version=3 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @tools.google.com/Google Update;version=9 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\generic_search.xml [2014-11-13]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-14]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\MGKN37049485@ACPSC11936960.com [not found]
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\vriyjhvpjcaii@wkthnvmbgqrmsmmjo.net [not found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-22]
CHR HKLM\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
CHR HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [Äÿ] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-06-29] () [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe [240640 2009-08-13] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 cpuz134; \??\C:\Users\MITCH\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
U4 eabfiltr; No ImagePath
S4 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 16:18 - 2015-07-11 16:21 - 00016066 _____ C:\Users\MITCH\Desktop\FRST.txt
2015-07-11 16:15 - 2015-07-11 16:15 - 00003436 _____ C:\Windows\System32\Tasks\PresentationSettingsTurnOff_MITCH-PC_MITCH
2015-07-11 07:37 - 2015-07-11 07:37 - 00001064 _____ C:\mbl.txt
2015-07-10 21:18 - 2015-07-10 21:18 - 00005846 _____ C:\Users\MITCH\Documents\JRT.txt
2015-07-10 21:01 - 2015-07-10 20:55 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\MITCH\Desktop\mbam-setup-2.1.8.1057.exe
2015-07-10 21:00 - 2015-07-10 20:34 - 03033806 _____ (Malwarebytes Corporation) C:\Users\MITCH\Desktop\JRT.exe
2015-07-10 20:31 - 2015-07-10 20:27 - 02248704 _____ C:\Users\MITCH\Desktop\AdwCleaner(1).exe
2015-07-10 17:33 - 2015-07-10 17:30 - 02112512 _____ (Farbar) C:\Users\MITCH\Desktop\FRST64(1).exe
2015-07-10 14:29 - 2015-07-11 16:18 - 00000000 ____D C:\FRST
2015-07-10 14:17 - 2015-07-10 14:17 - 00006717 _____ C:\Users\MITCH\Desktop\dds.zip
2015-07-10 14:17 - 2015-07-10 14:17 - 00003205 _____ C:\Users\MITCH\Desktop\attach.zip
2015-07-10 14:02 - 2015-07-10 14:03 - 00011433 _____ C:\Users\MITCH\Documents\hijackthis.log
2015-07-10 13:58 - 2015-07-10 13:59 - 00002519 _____ C:\Users\MITCH\Desktop\HiJackThis.lnk
2015-07-10 13:58 - 2015-07-10 13:59 - 00000000 ____D C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-07-10 13:58 - 2015-07-10 13:58 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2015-07-10 13:57 - 2014-10-31 13:30 - 00688992 ____R (Swearware) C:\Users\MITCH\Desktop\dds.com
2015-07-10 13:57 - 2014-04-12 15:05 - 01402880 _____ C:\Users\MITCH\Desktop\HijackThis.msi
2015-07-10 08:57 - 2014-10-29 21:33 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\MITCH\Desktop\mbam-setup-2.0.3.1025.exe
2015-07-09 20:27 - 2015-07-09 22:53 - 00000000 ____D C:\Users\MITCH\Desktop\mbar
2015-07-09 20:24 - 2015-07-09 15:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\MITCH\Desktop\tdsskiller.exe
2015-07-09 19:14 - 2015-07-09 15:24 - 21971528 _____ C:\Users\MITCH\Desktop\RogueKillerX64.exe
2015-07-09 19:10 - 2015-07-09 15:19 - 05200384 _____ (AVAST Software) C:\Users\MITCH\Desktop\aswMBR.exe
2015-07-07 21:05 - 2015-07-07 15:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MITCH\Desktop\revosetup.exe
2015-07-07 17:59 - 2015-07-07 17:59 - 00000000 _____ C:\Users\MITCH\AppData\Local\Temp.dat
2015-07-07 17:51 - 2015-07-07 17:51 - 00001861 _____ C:\Users\MITCH\Desktop\chrome.lnk
2015-07-07 17:42 - 2015-07-07 21:05 - 00001059 _____ C:\Users\MITCH\Desktop\Revo Uninstaller.lnk
2015-07-07 17:42 - 2015-07-07 21:05 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-07 08:31 - 2015-07-07 08:31 - 00000949 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-07-05 01:32 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-05 01:32 - 2015-04-30 11:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-05 01:18 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Gravity Highlighter
2015-07-05 01:07 - 2015-04-10 19:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-07-05 01:07 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-07-05 01:02 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Looper for YouTube
2015-07-03 17:18 - 2015-07-03 17:22 - 00004097 _____ C:\Windows\system32\dummy.002
2015-06-30 18:08 - 2015-06-30 18:08 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (38).exe
2015-06-27 22:14 - 2015-05-08 19:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-27 22:14 - 2015-05-08 19:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-27 22:10 - 2015-05-04 18:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-27 22:10 - 2015-05-04 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-27 22:10 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-27 22:10 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-27 22:10 - 2015-05-04 18:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-27 22:10 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-27 22:10 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-27 22:10 - 2015-05-04 18:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-27 22:10 - 2015-05-04 17:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-27 22:10 - 2015-05-04 17:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-27 22:09 - 2015-05-21 10:36 - 02795520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-27 21:40 - 2015-04-24 11:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-27 21:40 - 2015-04-24 11:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-27 21:39 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Redbooth for Gmail
2015-06-24 18:46 - 2015-06-24 18:46 - 00000680 _____ C:\Users\MITCH\AppData\Local\d3d9caps.dat
2015-06-24 17:11 - 2015-06-24 17:11 - 02808824 _____ (tuneuppro.com ) C:\Users\MITCH\Downloads\setup (5).exe
2015-06-22 23:35 - 2015-06-22 23:35 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\Unconfirmed 680101.crdownload
2015-06-22 23:33 - 2015-06-26 16:40 - 00001985 _____ C:\Users\MITCH\Desktop\Google Chrome.lnk
2015-06-22 23:22 - 2015-06-22 23:24 - 00000000 ____D C:\94d4568a-ad62-4a6e-a62b-238f2297a462
2015-06-22 23:20 - 2015-06-22 23:20 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (37).exe
2015-06-22 22:22 - 2015-05-30 20:48 - 02343424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-22 22:21 - 2015-05-30 20:42 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-22 22:21 - 2015-05-30 20:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-22 22:21 - 2015-05-30 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-22 22:21 - 2015-05-30 20:40 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-22 22:21 - 2015-05-30 20:40 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-22 22:21 - 2015-05-30 20:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-22 22:21 - 2015-05-30 19:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-22 22:21 - 2015-05-30 19:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-22 22:21 - 2015-05-30 19:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-22 22:21 - 2015-05-30 19:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-22 22:21 - 2015-05-30 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-22 22:21 - 2015-05-30 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-22 22:21 - 2015-05-30 19:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-22 22:21 - 2015-05-30 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-22 22:21 - 2015-05-30 19:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-22 22:20 - 2015-05-30 21:05 - 17884672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-22 22:20 - 2015-05-30 20:41 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-22 22:20 - 2015-05-30 20:40 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-22 22:20 - 2015-05-30 20:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-22 22:19 - 2015-05-30 20:41 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-22 22:19 - 2015-05-30 20:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-22 22:19 - 2015-05-30 19:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-22 22:19 - 2015-05-30 19:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-22 22:19 - 2015-05-30 19:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-22 22:18 - 2015-05-30 20:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-22 22:18 - 2015-05-30 20:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-22 22:18 - 2015-05-30 20:41 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-22 22:18 - 2015-05-30 20:41 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-22 22:18 - 2015-05-30 20:41 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-22 22:18 - 2015-05-30 20:41 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-22 22:18 - 2015-05-30 20:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-22 22:18 - 2015-05-30 19:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-22 22:18 - 2015-05-30 19:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-22 22:18 - 2015-05-30 19:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-22 22:18 - 2015-05-30 19:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-22 22:18 - 2015-05-30 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-22 22:17 - 2015-05-30 20:49 - 10935296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-22 22:17 - 2015-05-30 20:41 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-22 22:17 - 2015-05-30 20:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-22 22:17 - 2015-05-30 19:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-22 22:17 - 2015-05-30 19:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-22 22:17 - 2015-05-30 19:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-22 22:17 - 2015-05-30 19:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-21 14:24 - 2015-04-19 17:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-06-21 14:24 - 2015-04-19 17:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-06-21 14:24 - 2015-04-19 17:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-06-21 14:24 - 2015-04-19 17:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-06-21 14:24 - 2015-04-19 16:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-06-21 14:24 - 2015-04-19 16:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-06-21 14:24 - 2015-04-19 16:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-06-21 14:24 - 2015-04-19 16:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-21 14:24 - 2015-04-17 20:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-06-21 14:24 - 2015-04-17 20:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-06-21 14:24 - 2015-04-17 20:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-06-21 14:24 - 2015-04-17 20:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-06-21 14:24 - 2015-04-17 19:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-21 14:24 - 2015-04-17 19:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-06-21 14:24 - 2015-04-17 19:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-06-21 14:24 - 2015-04-17 19:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-21 14:24 - 2015-04-17 19:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-20 17:43 - 2015-06-20 17:43 - 00000000 ____D C:\Program Files (x86)\Galaxy New Tab
2015-06-20 17:01 - 2015-06-20 17:01 - 00000000 ____D C:\Program Files (x86)\saVeerabbOOx
2015-06-20 16:57 - 2015-06-20 17:04 - 00000000 ____D C:\Program Files (x86)\saverabOx
2015-06-20 16:53 - 2015-06-20 17:38 - 00000000 ____D C:\Program Files (x86)\JavaScript Popup Blocker
2015-06-13 03:11 - 2015-06-13 03:42 - 00763984 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (36).exe
2015-06-13 03:10 - 2015-06-13 03:30 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (35).exe
2015-06-13 03:09 - 2015-06-13 03:20 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (33).exe
2015-06-13 03:09 - 2015-06-13 03:19 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (34).exe
2015-06-13 03:03 - 2015-06-13 03:17 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (31).exe
2015-06-13 03:03 - 2015-06-13 03:13 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (32).exe
2015-06-13 02:56 - 2015-06-13 02:56 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (30).exe
2015-06-13 02:55 - 2015-06-13 02:55 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (29).exe
2015-06-13 02:35 - 2015-06-13 02:37 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (28).exe
2015-06-13 02:33 - 2015-06-13 02:33 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (27).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-11 16:24 - 2014-11-15 20:12 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA.job
2015-07-11 16:21 - 2011-08-08 22:41 - 01278983 _____ C:\Windows\WindowsUpdate.log
2015-07-11 16:18 - 2012-09-10 13:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-11 16:18 - 2008-10-23 05:54 - 00003580 _____ C:\Windows\System32\Tasks\HP Health Check
2015-07-11 16:14 - 2014-11-21 21:35 - 00000414 _____ C:\Windows\Tasks\Quick PC Booster64 startups.job
2015-07-11 16:14 - 2014-09-23 16:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-11 16:14 - 2013-12-08 15:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b.job
2015-07-11 16:14 - 2013-08-11 15:29 - 04084900 _____ C:\Windows\PFRO.log
2015-07-11 16:14 - 2011-12-22 01:42 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2015-07-11 16:14 - 2011-10-15 20:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-11 16:14 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-11 16:14 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-11 16:14 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-11 16:14 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\security
2015-07-11 07:43 - 2008-10-23 03:45 - 00000012 _____ C:\Windows\bthservsdp.dat
2015-07-11 07:43 - 2006-11-02 11:42 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-11 07:37 - 2013-01-24 17:42 - 00000000 ____D C:\Users\Public\GameNutt
2015-07-11 03:00 - 2012-05-04 11:50 - 00002313 _____ C:\Windows\epplauncher.mif
2015-07-10 21:50 - 2014-09-23 16:56 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-10 21:37 - 2014-09-23 16:54 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-10 21:37 - 2014-09-23 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-10 20:48 - 2014-12-02 08:06 - 00000000 ____D C:\AdwCleaner
2015-07-10 20:48 - 2012-07-28 18:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-10 20:45 - 2014-11-15 20:12 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core.job
2015-07-10 17:27 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\Help
2015-07-10 14:34 - 2015-04-18 12:47 - 00000000 ____D C:\Program Files (x86)\Tab Hibernation
2015-07-10 14:34 - 2015-01-06 02:55 - 00000000 ____D C:\Program Files (x86)\ce88c4aa-b86a-4c1e-bb45-d6da615fde68
2015-07-10 14:34 - 2014-11-11 01:11 - 00000000 ____D C:\Program Files (x86)\360a619a-0cf8-4762-bee6-45c5335152cc
2015-07-10 14:22 - 2015-04-06 00:06 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-09 22:53 - 2014-12-02 01:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-09 20:24 - 2014-12-03 08:40 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-09 19:34 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\tracing
2015-07-09 19:15 - 2014-12-03 08:40 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-09 19:13 - 2006-11-02 08:46 - 00005086 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-07 23:23 - 2015-05-05 03:18 - 00000000 ____D C:\Users\MITCH\AppData\Local\CrashDumps
2015-07-07 23:15 - 2012-10-08 16:39 - 00000000 ____D C:\Windows\Minidump
2015-07-07 08:31 - 2011-09-27 01:39 - 00000934 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-07 08:30 - 2011-09-27 01:38 - 00000915 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-07-07 03:12 - 2014-01-11 07:47 - 00000000 ____D C:\Windows\pss
2015-07-06 19:48 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache
2015-07-05 02:01 - 2008-10-23 05:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-05 01:54 - 2008-10-23 05:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-05 01:11 - 2014-12-07 19:21 - 00116019 _____ C:\Windows\system32\ScanResults.xml
2015-07-05 01:06 - 2011-08-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-05 00:42 - 2014-11-11 21:56 - 00000188 _____ C:\Users\MITCH\AppData\Roaming\WB.CFG
2015-07-05 00:35 - 2014-12-07 19:12 - 00000464 _____ C:\Windows\system32\ScannerSettings
2015-07-03 21:08 - 2006-11-02 08:33 - 77594624 _____ C:\Windows\system32\config\software_previous
2015-07-03 21:07 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\spool
2015-07-03 21:07 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\Msdtc
2015-07-03 21:07 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\registration
2015-07-03 21:07 - 2006-11-02 08:33 - 22544384 _____ C:\Windows\system32\config\system_previous
2015-07-03 21:02 - 2006-11-02 08:33 - 66322432 _____ C:\Windows\system32\config\components_previous
2015-07-03 21:01 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2015-07-03 17:09 - 2011-08-09 07:14 - 00000000 ____D C:\Users\MITCH
2015-07-03 16:20 - 2006-11-02 08:33 - 00524288 _____ C:\Windows\system32\config\default_previous
2015-07-03 16:20 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2015-06-27 22:30 - 2006-11-02 11:21 - 00317688 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-27 22:09 - 2013-11-20 01:25 - 00000000 ____D C:\Windows\system32\MRT
2015-06-26 17:03 - 2014-12-26 00:40 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-25 20:21 - 2012-09-10 13:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-25 20:21 - 2012-09-10 13:33 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-25 20:21 - 2011-08-14 13:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-22 22:32 - 2015-01-25 22:35 - 00000000 ____D C:\Program Files (x86)\Strong Password Generator
2015-06-21 00:09 - 2006-11-02 09:33 - 00000000 __RSD C:\Windows\Media
2015-06-19 23:45 - 2013-05-12 21:04 - 00000000 ____D C:\temp
2015-06-18 08:41 - 2014-09-23 16:51 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-09-23 16:51 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2013-01-03 10:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\MITCH\AppData\Roaming\QV
2011-09-04 18:51 - 2011-09-04 18:51 - 0029216 _____ () C:\Users\MITCH\AppData\Roaming\UserTile.png
2014-11-11 21:56 - 2015-07-05 00:42 - 0000188 _____ () C:\Users\MITCH\AppData\Roaming\WB.CFG
2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\AtStart.txt
2015-06-24 18:46 - 2015-06-24 18:46 - 0000680 _____ () C:\Users\MITCH\AppData\Local\d3d9caps.dat
2011-08-09 07:45 - 2014-01-11 18:49 - 0007680 _____ () C:\Users\MITCH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\DSwitch.txt
2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\QSwitch.txt
2015-07-07 17:59 - 2015-07-07 17:59 - 0000000 _____ () C:\Users\MITCH\AppData\Local\Temp.dat
2014-01-27 03:19 - 2014-01-28 16:45 - 0002763 _____ () C:\ProgramData\connector.swf
2011-08-08 23:17 - 2011-08-08 23:17 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2008-10-23 05:36 - 2008-10-23 05:37 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-08-08 23:16 - 2011-08-08 23:16 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2008-10-23 05:24 - 2008-10-23 05:27 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-08-08 23:14 - 2011-08-08 23:14 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-08-08 23:16 - 2011-08-08 23:16 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2008-10-23 05:22 - 2008-10-23 05:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2008-10-23 05:27 - 2008-10-23 05:36 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2011-08-08 23:17 - 2011-08-08 23:17 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.8428.dll

Some files in TEMP:
====================
C:\Users\MITCH\AppData\Local\Temp\2cedfc8d-10f8-498f-8e56-6c2bc70b001e.exe
C:\Users\MITCH\AppData\Local\Temp\ASPackage.exe
C:\Users\MITCH\AppData\Local\Temp\CloudBackup1299.exe
C:\Users\MITCH\AppData\Local\Temp\CloudBackup4488.exe
C:\Users\MITCH\AppData\Local\Temp\component_634-1C80.exe
C:\Users\MITCH\AppData\Local\Temp\dllnt_dump.dll
C:\Users\MITCH\AppData\Local\Temp\eFixProPackage.exe
C:\Users\MITCH\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\MITCH\AppData\Local\Temp\ms.exe
C:\Users\MITCH\AppData\Local\Temp\ntdll_dump.dll
C:\Users\MITCH\AppData\Local\Temp\optprosetup.exe
C:\Users\MITCH\AppData\Local\Temp\Quarantine.exe
C:\Users\MITCH\AppData\Local\Temp\ReimagePackage.exe
C:\Users\MITCH\AppData\Local\Temp\ReiScanner.exe
C:\Users\MITCH\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\MITCH\AppData\Local\Temp\sdf2092.exe
C:\Users\MITCH\AppData\Local\Temp\sdf33E3.exe
C:\Users\MITCH\AppData\Local\Temp\sdf4578.exe
C:\Users\MITCH\AppData\Local\Temp\sdfF834.exe
C:\Users\MITCH\AppData\Local\Temp\setacl.exe
C:\Users\MITCH\AppData\Local\Temp\Setup0988111.exe
C:\Users\MITCH\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\MITCH\AppData\Local\Temp\sqlite3.dll
C:\Users\MITCH\AppData\Local\Temp\sqlite3.exe
C:\Users\MITCH\AppData\Local\Temp\updater_uninstall.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-11 16:20

==================== End of log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-07-2015
Ran by MITCH at 2015-07-11 17:03:08
Running from C:\Users\MITCH\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-499354876-3266562091-500007027-500 - Administrator - Disabled)
Guest (S-1-5-21-499354876-3266562091-500007027-501 - Limited - Disabled)
MITCH (S-1-5-21-499354876-3266562091-500007027-1000 - Administrator - Enabled) => C:\Users\MITCH

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player 10 ActiveX) (Version: 10.0.2.13 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation)
AMD USB Audio Driver Filter (HKLM-x32\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{7510991E-FE80-7466-2E31-561B52059618}) (Version: 3.0.691.0 - ATI Technologies, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cache utility (HKU\.DEFAULT\...\Cache utility) (Version: 1 - Cache utility)
ccc-core-static (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Display settings (HKU\.DEFAULT\...\Display settings) (Version: 1 - Display settings)
ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Hoyle Magic Carpet (x32 Version: 3.0.2.32 - WildTangent) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.0.0 - Hewlett-Packard Company)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2125 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}) (Version: 2.0.8 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.0926 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.9.1 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP User Guides 0129 (HKLM-x32\...\{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}) (Version: 1.00.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPTCSSetup (HKLM-x32\...\{30D3B7BC-5798-45D9-822D-05CA18F39E99}) (Version: 1.1.1955.2793 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6087.0 - IDT)
Instant Wireless USB Adapter (HKLM-x32\...\{B78823CD-488F-43B4-80D6-FAEADAE40EC4}) (Version: - )
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.17.07 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0919 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.0919 - CyberLink Corp.) Hidden
Luxor 2 HD (x32 Version: 3.0.2.38 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Monopoly® (x32 Version: 3.0.2.32 - WildTangent) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal (HKLM-x32\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2119 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2119 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2119 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2119 - CyberLink Corp.) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1D00}) (Version: 12.29.0.197 - APN, LLC) <==== ATTENTION
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (x32 Version: 2008.0917.337.4556 - ATI) Hidden
SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Update (HKLM-x32\...\System Update) (Version: 1 - Network Downloads)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

10-07-2015 13:58:20 Installed HiJackThis
11-07-2015 03:00:20 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2014-12-02 08:34 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {011BC47C-CD3D-4075-BC44-E654FC9CB337} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-25] (Adobe Systems Incorporated)
Task: {0DD27251-64E2-4650-9D4A-C3ADF7018863} - \Bidaily Synchronize Task[8da6] No Task File <==== ATTENTION
Task: {1561D7EC-89A8-4FBE-AD83-D692307716D9} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {2F92FA4C-3E2A-463E-A873-A4263673B066} - System32\Tasks\SPD\Updater\SPDUpdater => C:\Program Files (x86)\SPDUpdater\updater.exe
Task: {3534170A-F599-4C07-9A09-91E068AC4146} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5 No Task File <==== ATTENTION
Task: {358A5B96-24A7-40C9-ACA0-01E66672CC53} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-3 No Task File <==== ATTENTION
Task: {47FADA48-E1F7-4394-AC82-87D3855E38DF} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-4 No Task File <==== ATTENTION
Task: {4F056A86-4ECC-46A0-AD5F-E0A1FCE648AB} - System32\Tasks\Norton Security Scan for MITCH => C:\PROGRA~1\NORTON~2\Engine\410~1.31\Nss.exe
Task: {51C251A7-C5BB-47A5-BD9C-C6E087DA7AD9} - System32\Tasks\User_Feed_Synchronization-{3B747F91-B0D3-4654-9E4B-A4C40BA27FB7}
Task: {54A904D6-5A97-4A13-BEE9-07810288425F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {550197BE-9449-406E-A87E-B4A5D0C5A7E9} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user No Task File <==== ATTENTION
Task: {5C33F235-D5D5-466A-98C1-ABB2D0D4AD0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {606604CF-21B5-4097-938E-59ED41B41D34} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5_user No Task File <==== ATTENTION
Task: {6D6FEC66-1079-4D1C-B170-52A2AFE4832E} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-1 No Task File <==== ATTENTION
Task: {6D773EDA-08EB-4551-8393-1331CDA6AECA} - System32\Tasks\PresentationSettingsTurnOff_MITCH-PC_MITCH => C:\Windows\system32\PresentationSettings.exe [2009-04-11] (Microsoft Corporation)
Task: {72DB8461-CBB1-4A87-B856-F19587FED056} - System32\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {74316EC4-62D8-4E24-A976-9EB79DCF5DF5} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5 No Task File <==== ATTENTION
Task: {78B9017C-6763-46A7-BE4A-27DAE3BDE864} - \LyricXeeker Update No Task File <==== ATTENTION
Task: {7A558424-DC0E-41CF-8906-0DE8B23AFE4D} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-10_user No Task File <==== ATTENTION
Task: {86AF4274-9E1B-479E-AE76-096AC9D1ABAA} - \CIMT_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
Task: {92B3EC2B-547D-4BCA-81D8-432B3EDC48EA} - \WSE_Vosteran No Task File <==== ATTENTION
Task: {963FF965-5E0E-4CDF-A672-A2259FD12654} - \CIMT_daily_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
Task: {9955E6D2-E9F2-4CF8-A32E-4584825313F2} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user No Task File <==== ATTENTION
Task: {9F04B29F-E2C8-463B-A4AC-E05C1D17E1D2} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-6 No Task File <==== ATTENTION
Task: {9F3A227D-0B84-4572-90B9-7493B3C9E26C} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {ADA036F4-E5E7-4468-83AB-B64A1DC2A6E0} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-11 No Task File <==== ATTENTION
Task: {C1798675-C18C-404F-90F5-7B354082CBE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {C3104997-0446-4339-8E33-EDFB711CDE8B} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2 No Task File <==== ATTENTION
Task: {C4E5BC74-40CC-46DD-9B1B-C9DFF5AF7E28} - \avaxvavya No Task File <==== ATTENTION
Task: {CB2DFFB6-695A-4CA6-9C22-E23E6A0EF409} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {CB3E08E5-2739-4261-95CF-12FD75F1F6DA} - \Wse_binkiland No Task File <==== ATTENTION
Task: {D027A209-468A-407D-A28B-C48FC816D4F2} - \ConsumerInputUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {DB62B7FB-D370-4087-8D7E-7B9D5BC9D85F} - System32\Tasks\HPCeeScheduleForMITCH => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
Task: {DC375676-FE95-45E1-865D-18DC07723629} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-7 No Task File <==== ATTENTION
Task: {E254E739-0480-4F7D-B40D-41E2195AF220} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
Task: {F27A700D-2399-4465-8225-F76ACCEAD52F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate
Task: {F4A14272-E385-446D-84AC-898751525AEB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {FF7FD197-8DA0-4E29-9261-EF614DAB4123} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core.job => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA.job => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMITCH.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
Task: C:\Windows\Tasks\Norton Security Scan for MITCH.job => C:\PROGRA~1\NORTON~2\Engine\410~1.31\Nss.exe
Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe

==================== Loaded Modules (Whitelisted) ==============

2008-09-17 00:16 - 2008-09-17 00:16 - 00117248 _____ () C:\Windows\system32\atitmm64.dll
2008-10-23 05:48 - 2008-10-06 12:54 - 00365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe
2008-10-23 05:36 - 2008-06-29 19:10 - 00241734 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-08-08 22:52 - 2011-08-08 22:52 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-08-22 13:03 - 2008-08-22 13:03 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2008-10-23 05:48 - 2008-10-06 12:54 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll
2008-10-23 05:36 - 2008-06-29 19:10 - 00028672 _____ () C:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll
2008-09-25 21:42 - 2008-09-25 21:42 - 00881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\Drivers\zuuqjjlq.sys:changelist
AlternateDataStreams: C:\ProgramData\Temp:D346F792

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-499354876-3266562091-500007027-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MITCH\AppData\Local\Microsoft\BingDesktop\themes\2014-02-12.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: GamingWonderlandService => 2
MSCONFIG\Services: InternetUpdater => 2
MSCONFIG\Services: PCKeeper2Service => 2
MSCONFIG\Services: PCKeeperOcfService => 2
MSCONFIG\Services: RecipeHub_2jService => 2
MSCONFIG\Services: Retrogamer_4wService => 2
MSCONFIG\Services: vToolbarUpdater17.3.0 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^crossbrowse.lnk => C:\Windows\pss\crossbrowse.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Lightning.lnk => C:\Windows\pss\Desktop Lightning.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Temperature Monitor.lnk => C:\Windows\pss\Desktop Temperature Monitor.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StormWatch.lnk => C:\Windows\pss\StormWatch.lnk.Startup
MSCONFIG\startupreg: 3D BubbleSound => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: BoBrowser => "C:\Users\MITCH\AppData\Local\BoBrowser\Application\bobrowser.exe" --no-proxy-server
MSCONFIG\startupreg: Boost => C:\Program Files (x86)\Boost\Boost.exe
MSCONFIG\startupreg: cdloader => "C:\Users\MITCH\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: Gameo => C:\Users\MITCH\AppData\Roaming\Gameo\gameo.exe "C:\Users\MITCH\AppData\Roaming\Gameo\gameo.dat" mode:minimized
MSCONFIG\startupreg: GamingWonderland Browser Plugin Loader => C:\PROGRA~1\GAMING~2\bar\2.bin\gtbrmon.exe
MSCONFIG\startupreg: GamingWonderland EPM Support => "C:\PROGRA~1\GAMING~2\bar\3.bin\gtmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: GamingWonderland Home Page Guard 64 bit => "C:\PROGRA~1\GAMING~2\bar\2.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: GamingWonderland Search Scope Monitor => "C:\PROGRA~1\GAMING~2\bar\2.bin\gtsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: GardeningEnthusiast EPM Support => "C:\PROGRA~1\GARDEN~2\bar\1.bin\7jmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: GardeningEnthusiast Home Page Guard 64 bit => "C:\PROGRA~1\GARDEN~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: GardeningEnthusiast Search Scope Monitor => "C:\PROGRA~1\GARDEN~2\bar\1.bin\7jsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: GardeningEnthusiast_7j Browser Plugin Loader => C:\PROGRA~1\GARDEN~2\bar\1.bin\7jbrmon.exe
MSCONFIG\startupreg: GenieoSystemTray => "C:\Users\MITCH\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe"
MSCONFIG\startupreg: GenieoUpdaterService => "C:\Users\MITCH\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5
MSCONFIG\startupreg: Google Update => "C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_1966301AF37C65D1ED1179E7CBD99E72 => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
MSCONFIG\startupreg: HowToSimplified EPM Support => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\8emedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: HowToSimplified Home Page Guard 64 bit => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: HowToSimplified Search Scope Monitor => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\8esrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: HowToSimplified_8e Browser Plugin Loader => C:\PROGRA~1\HOWTOS~2\bar\1.bin\8ebrmon.exe
MSCONFIG\startupreg: InboxToolbar => "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro 3.20\OptProLauncher.exe
MSCONFIG\startupreg: PackageTracer AppIntegrator 32-bit => C:\PROGRA~1\PACKAG~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: PackageTracer AppIntegrator 64-bit => C:\PROGRA~1\PACKAG~2\bar\1.bin\AppIntegrator64.exe
MSCONFIG\startupreg: PackageTracer EPM Support => "C:\PROGRA~1\PACKAG~2\bar\1.bin\69medint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: PackageTracer Search Scope Monitor => "C:\PROGRA~1\PACKAG~2\bar\1.bin\69srchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: PC Cleaners => "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize
MSCONFIG\startupreg: PC Health Kit => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
MSCONFIG\startupreg: PCFixSpeed => "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup
MSCONFIG\startupreg: PCKeeper2 => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
MSCONFIG\startupreg: PCTechHotline => "C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe" /STARTUP
MSCONFIG\startupreg: Recipe Hub Home Page Guard 64 bit => "C:\PROGRA~1\RECIPE~2\bar\2.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: Recipe Hub Search Scope Monitor => "C:\PROGRA~1\RECIPE~2\bar\2.bin\2jsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: RecipeHub_2j Browser Plugin Loader => C:\PROGRA~1\RECIPE~2\bar\2.bin\2jbrmon.exe
MSCONFIG\startupreg: Retrogamer Search Scope Monitor => "C:\PROGRA~1\RETROG~2\bar\2.bin\4wsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: Retrogamer_4w Browser Plugin Loader => C:\PROGRA~1\RETROG~2\bar\2.bin\4wbrmon.exe
MSCONFIG\startupreg: Salus CrashMon => "C:\Program Files (x86)\f552dd4c52e3\a7d12b5975b4.exe" "b786bdb3c67d.exe" "http://log.data-url.com/salus/crash"
MSCONFIG\startupreg: Search Protection => "C:\Users\MITCH\AppData\Roaming\Search Protection\SP.EXE" /autostart
MSCONFIG\startupreg: SearchProtect => C:\Users\MITCH\AppData\Roaming\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SearchProtectAll => "C:\Program Files (x86)\SearchProtect\bin\cltmng.exe"
MSCONFIG\startupreg: SelectRebates => "C:\Program Files (x86)\SelectRebates\SelectRebates.exe"
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\MITCH\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\MITCH\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: shopperz => C:\Program Files\shopperz\wrex.exe
MSCONFIG\startupreg: shopperz64 => C:\Program Files\shopperz\wrex64.exe
MSCONFIG\startupreg: SpywareClearShield => "C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe"
MSCONFIG\startupreg: SpywareClearUpdater => "C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe"
MSCONFIG\startupreg: StormWatch => "C:\Program Files (x86)\StormWatch\StormWatchApp.exe"
MSCONFIG\startupreg: Super Optimizer => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
MSCONFIG\startupreg: TSMAgent => "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDIRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: WebBar => C:\Users\MITCH\AppData\Local\WebBar\2.0.5343.21616\wb.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2D720E0B-FB17-4C8A-9F86-B55938CFA8A9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{2EE9D486-776E-4A38-BC02-BD5F65BD28BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{8900904A-1EE6-4C87-96CB-7D86BA6CF64C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{E8290F9D-7197-4FCE-88B6-80063D832BC5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{C7963FE5-36CE-4FFA-8459-0F879C4A0E7B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{A107B0DE-B6D8-4607-9F2E-7665B44C7B33}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{D4905A67-ED93-4AF3-A217-99D2C0F551A0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{E66EA628-13EB-4B6B-BFFC-5A9E5C1E10F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{6FE01D9B-EB0F-4788-8DCC-EC59AF93C650}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{B19F4E26-A53A-46E2-B47B-6E93B76D4D24}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{8C2326A8-FEBD-456F-9CC0-0A8B70DDE8D7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{9D4CA0E9-1209-4B35-B8A9-CEF5A320674E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{37948C4D-AFDB-4E8B-8FDE-E113AD9A1A5F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QP.exe
FirewallRules: [{D231B7E7-FA3B-4432-BF83-D93D9F897BD9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QPService.exe
FirewallRules: [{5CD0FD8E-FC7E-4F04-850C-E6D8C86FB0F2}] => (Allow) LPort=80
FirewallRules: [{A9B3E1B3-D13A-4871-A0CE-F75D2638C6AA}] => (Allow) LPort=80
FirewallRules: [{0077EA1C-8965-4DA9-8255-7701AC4063E1}] => (Allow) LPort=80
FirewallRules: [TCP Query User{DA0631B7-7E96-4808-B2D5-9F0641460FC4}C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{00448820-4586-4DBA-B7AC-EE49FE0A898D}C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [TCP Query User{B7F8A776-007E-4C64-A28F-550E9D4602C5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{875B22E8-B606-4C64-98EB-E19F3D004A9B}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{1FFC6C13-530F-4C20-B161-D609D94DC4FC}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
FirewallRules: [{BCD33088-CBC3-4791-B171-23CA234BE409}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
FirewallRules: [{8046D6BC-6A93-4EF2-9C67-31E758EB034D}] => (Allow) C:\Users\MITCH\AppData\Local\Temp\ibtmp3f6c444\component_514
FirewallRules: [{FD29D261-A29C-409E-B37A-5AAED6162D36}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe
FirewallRules: [{2DE2CBC0-830F-4902-836A-3786D03873DE}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
FirewallRules: [{0FF8F62A-3271-4F1C-AC53-5665DFAAA8FA}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
FirewallRules: [TCP Query User{6BBFA39E-AD5C-4406-95F3-446C4716EE75}C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{977C99A4-24D8-4D66-B45C-71F685BFABFD}C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{C6117AF1-7B22-46EA-BF08-2ADE597FFE9C}C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{0540A14D-E985-4766-9D4F-E6C68B7D3461}C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [{33580EE5-CAD7-4CE9-992C-FC393CCEAC16}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{908B6D24-BD5A-42E3-B776-2551860859DB}] => (Allow) LPort=2869
FirewallRules: [{C1520C1F-25AC-459D-87AF-F696CC7BCCBD}] => (Allow) LPort=1900
FirewallRules: [{87EAD9F9-E3BB-4B21-8AAF-D7BB98002636}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{893C92B2-7F86-43D0-AE3E-6533E7347F0D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{345584AC-AFCD-43A8-BBAF-184C821686DE}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe
FirewallRules: [UDP Query User{387DBBA5-ACF8-44B3-90E8-C2579A546F02}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe
FirewallRules: [TCP Query User{B396CADD-5AFD-418A-B83C-B0056A1D7CF3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{6C81C147-C618-4E57-8EC9-A39482E6A5CE}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{03BEA1CC-4967-4248-B683-821220DC922B}C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [UDP Query User{912186A5-B513-4198-8FE6-A1A35E7809C6}C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [{0659870B-2E91-458D-9905-0CA47E7AF388}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

More help is available by typing NET HELPMSG 4201.

==================== Memory info ===========================

Processor: AMD Turion™ X2 Dual-Core Mobile RM-74
Percentage of memory in use: 38%
Total physical RAM: 3836.89 MB
Available physical RAM: 2367.52 MB
Total Virtual: 7860.3 MB
Available Virtual: 6236.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.18 GB) (Free:213.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:12.9 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 89900F6B)
Partition 1: (Active) - (Size=285.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12.9 GB) - (Type=07 NTFS)

==================== End of log ============================

#13 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 11 July 2015 - 05:37 PM

Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.

Please copy the entire contents Inside of the code box below beginning with START and ending with END

(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).

Name the file Fixlist, Save it to your desktop where you have FRST/FRST64 or the fix wont work, . Then open up FRST/FRST64 and click on FIX (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please

Start
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM -> {934BCD49-C81A-4ED0-86DF-56EE1B6DA341} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM -> {a3e1d674-04ee-4c9e-b143-442555830fb7} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF DefaultSearchEngine: Binkiland
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\MGKN37049485@ACPSC11936960.com [not found]
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\vriyjhvpjcaii@wkthnvmbgqrmsmmjo.net [not found]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\generic_search.xml [2014-11-13]
CHR HKLM\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
CHR HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
2015-06-24 17:11 - 2015-06-24 17:11 - 02808824 _____ (tuneuppro.com ) C:\Users\MITCH\Downloads\setup (5).exe
2015-06-22 23:35 - 2015-06-22 23:35 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\Unconfirmed 680101.crdownload
2015-06-22 23:20 - 2015-06-22 23:20 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (37).exe
2015-06-20 17:01 - 2015-06-20 17:01 - 00000000 ____D C:\Program Files (x86)\saVeerabbOOx
2015-06-20 16:57 - 2015-06-20 17:04 - 00000000 ____D C:\Program Files (x86)\saverabOx
2015-06-13 03:11 - 2015-06-13 03:42 - 00763984 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (36).exe
2015-06-13 03:10 - 2015-06-13 03:30 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (35).exe
2015-06-13 03:09 - 2015-06-13 03:20 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (33).exe
2015-06-13 03:09 - 2015-06-13 03:19 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (34).exe
2015-06-13 03:03 - 2015-06-13 03:17 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (31).exe
2015-06-13 03:03 - 2015-06-13 03:13 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (32).exe
2015-06-13 02:56 - 2015-06-13 02:56 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (30).exe
2015-06-13 02:55 - 2015-06-13 02:55 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (29).exe
2015-06-13 02:35 - 2015-06-13 02:37 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (28).exe
2015-06-13 02:33 - 2015-06-13 02:33 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (27).exe
2015-07-11 16:14 - 2014-11-21 21:35 - 00000414 _____ C:\Windows\Tasks\Quick PC Booster64 startups.job
C:\Users\MITCH\AppData\Local\Temp\2cedfc8d-10f8-498f-8e56-6c2bc70b001e.exe
C:\Users\MITCH\AppData\Local\Temp\ASPackage.exe
C:\Users\MITCH\AppData\Local\Temp\CloudBackup1299.exe
C:\Users\MITCH\AppData\Local\Temp\CloudBackup4488.exe
C:\Users\MITCH\AppData\Local\Temp\component_634-1C80.exe
C:\Users\MITCH\AppData\Local\Temp\dllnt_dump.dll
C:\Users\MITCH\AppData\Local\Temp\eFixProPackage.exe
C:\Users\MITCH\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\MITCH\AppData\Local\Temp\ms.exe
C:\Users\MITCH\AppData\Local\Temp\ntdll_dump.dll
C:\Users\MITCH\AppData\Local\Temp\optprosetup.exe
C:\Users\MITCH\AppData\Local\Temp\Quarantine.exe
C:\Users\MITCH\AppData\Local\Temp\ReimagePackage.exe
C:\Users\MITCH\AppData\Local\Temp\ReiScanner.exe
C:\Users\MITCH\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\MITCH\AppData\Local\Temp\sdf2092.exe
C:\Users\MITCH\AppData\Local\Temp\sdf33E3.exe
C:\Users\MITCH\AppData\Local\Temp\sdf4578.exe
C:\Users\MITCH\AppData\Local\Temp\sdfF834.exe
C:\Users\MITCH\AppData\Local\Temp\setacl.exe
C:\Users\MITCH\AppData\Local\Temp\Setup0988111.exe
C:\Users\MITCH\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\MITCH\AppData\Local\Temp\sqlite3.dll
C:\Users\MITCH\AppData\Local\Temp\sqlite3.exe
C:\Users\MITCH\AppData\Local\Temp\updater_uninstall.exe
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1D00}) (Version: 12.29.0.197 - APN, LLC) <==== ATTENTION
Task: {0DD27251-64E2-4650-9D4A-C3ADF7018863} - \Bidaily Synchronize Task[8da6] No Task File <==== ATTENTION
Task: {1561D7EC-89A8-4FBE-AD83-D692307716D9} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {2F92FA4C-3E2A-463E-A873-A4263673B066} - System32\Tasks\SPD\Updater\SPDUpdater => C:\Program Files (x86)\SPDUpdater\updater.exe
Task: {3534170A-F599-4C07-9A09-91E068AC4146} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5 No Task File <==== ATTENTION
Task: {358A5B96-24A7-40C9-ACA0-01E66672CC53} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-3 No Task File <==== ATTENTION
Task: {47FADA48-E1F7-4394-AC82-87D3855E38DF} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-4 No Task File <==== ATTENTION
Task: {550197BE-9449-406E-A87E-B4A5D0C5A7E9} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user No Task File <==== ATTENTION
Task: {606604CF-21B5-4097-938E-59ED41B41D34} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5_user No Task File <==== ATTENTION
Task: {6D6FEC66-1079-4D1C-B170-52A2AFE4832E} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-1 No Task File <==== ATTENTION
Task: {74316EC4-62D8-4E24-A976-9EB79DCF5DF5} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5 No Task File <==== ATTENTION
Task: {78B9017C-6763-46A7-BE4A-27DAE3BDE864} - \LyricXeeker Update No Task File <==== ATTENTION
Task: {7A558424-DC0E-41CF-8906-0DE8B23AFE4D} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-10_user No Task File <==== ATTENTION
Task: {86AF4274-9E1B-479E-AE76-096AC9D1ABAA} - \CIMT_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
Task: {92B3EC2B-547D-4BCA-81D8-432B3EDC48EA} - \WSE_Vosteran No Task File <==== ATTENTION
Task: {963FF965-5E0E-4CDF-A672-A2259FD12654} - \CIMT_daily_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
Task: {9955E6D2-E9F2-4CF8-A32E-4584825313F2} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user No Task File <==== ATTENTION
Task: {9F04B29F-E2C8-463B-A4AC-E05C1D17E1D2} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-6 No Task File <==== ATTENTION
Task: {ADA036F4-E5E7-4468-83AB-B64A1DC2A6E0} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-11 No Task File <==== ATTENTION
Task: {C3104997-0446-4339-8E33-EDFB711CDE8B} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2 No Task File <==== ATTENTION
Task: {C4E5BC74-40CC-46DD-9B1B-C9DFF5AF7E28} - \avaxvavya No Task File <==== ATTENTION
Task: {CB3E08E5-2739-4261-95CF-12FD75F1F6DA} - \Wse_binkiland No Task File <==== ATTENTION
Task: {D027A209-468A-407D-A28B-C48FC816D4F2} - \ConsumerInputUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {DC375676-FE95-45E1-865D-18DC07723629} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-7 No Task File <==== ATTENTION
Task: {E254E739-0480-4F7D-B40D-41E2195AF220} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
Task: {FF7FD197-8DA0-4E29-9261-EF614DAB4123} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe
FirewallRules: [TCP Query User{B7F8A776-007E-4C64-A28F-550E9D4602C5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{875B22E8-B606-4C64-98EB-E19F3D004A9B}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{1FFC6C13-530F-4C20-B161-D609D94DC4FC}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
FirewallRules: [{BCD33088-CBC3-4791-B171-23CA234BE409}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
FirewallRules: [{FD29D261-A29C-409E-B37A-5AAED6162D36}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

After you run the fix post the FIXLOG, it will be on your desktop after you run the fix

After the fix look in Programs and Features in the Control Panel for the Seach App By ASK and uninstall it if you see it

You had so much to remove that I may have missed an item or two so after the fix, post the FIXLOG, see if you can uninstall ASK, then open up FRST, checkmark Additions, run a new scan and post both new logs please

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#14 mickey7

Silver Member

Authentic Member
254 posts

Posted 11 July 2015 - 06:43 PM

FRST is still running but a message popped up that states:

"FARBAR Recovery Scan Tool FRST64.exe Corrupt File

The file or directory C:\Users\MITCH\AppData\Local\Temp\nw5888_27333\

notificationTemplates is corrupt and unreadable. Please run the Chkdsk utility."

#15 mickey7

Silver Member

Authentic Member
254 posts

Posted 11 July 2015 - 07:14 PM

frst now stopped responding. Should I end task and try again?

Body Background

skin color theme

Severly Infected and Cannot Connect

#1 mickey7

Attached Files

Advertisements

Register to Remove

#2 ken545

#3 mickey7

#4 ken545

#5 mickey7

#6 ken545

#7 mickey7

#8 ken545

#9 mickey7

#10 ken545

Advertisements

Register to Remove

#11 mickey7

#12 mickey7

#13 ken545

#14 mickey7

#15 mickey7

Related Topics

1 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Severly Infected and Cannot Connect

#1 mickey7

Attached Files

Advertisements Register to Remove

#2 ken545

#3 mickey7

#4 ken545

#5 mickey7

#6 ken545

#7 mickey7

#8 ken545

#9 mickey7

#10 ken545

Advertisements Register to Remove

#11 mickey7

#12 mickey7

#13 ken545

#14 mickey7

#15 mickey7

Related Topics

1 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove