Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93116 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Severly Infected and Cannot Connect

Huge Mess of a Laptop

  • Please log in to reply
42 replies to this topic

#1 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 10 July 2015 - 12:49 PM

Next problem from a former student.  They dropped off this laptop because it didn't seem to be working right for them.

LAPTOP STATS:

HP Pavillion dv7-1232nr notebook

AMD 64

Windows Vista

Uses Windows Antivirus Program and had Malwarebytes previously installed.

 

Noticed tons of stuff on the desktop. Wide variety of "antispyware" etc type programs. Firstly tried to get online to check for updates.Could not get a successful internet connection.  States connected but only locally.  Cannot resolve DNS? errors to complete connection.

 

Ran the Malwarebytes that was on the computer.  Ran until 3am.  Found 14,078 items.  Thought I quarantined and removed them.  But after the finish button was done,   it stated 0 threats successfully removed.

 

Installed Revo Uninstalled and removed suspicious programs.  Through Control Panel removed more.  Removed approximately 40+ programs that were known malware and suspicious. 

 

Still unable to connect. Checked the adapter in device manager.  Found numerous instance of 6to4 type adapters.  Deleted all but one instance of each but disabled that remaining one.  Still no luck with getting online.  Also went into properties and tried both allowing the DNS to obtain itself and entering open DNS settings.  Neither has worked.

 

Also tried running RogueKiller and tdsskiller.  Not to successful there either. Tried re-running Malwarebytes after all these uninstalling of those programs.  Still finding about 7900+ issues.  Also received the same 0 threat removal after quarantine.

 

Posting and attaching logs for further advice.  This is not the first time they have brought me their laptop.  (It just doesn't seem to stick about how careful they need to be.)  [I have a HJT and dds log available if needed.] Thank you for your time.

 

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-07-10 14:19:11
-----------------------------
14:19:11.706    OS Version: Windows x64 6.0.6002 Service Pack 2
14:19:11.706    Number of processors: 2 586 0x301
14:19:11.707    ComputerName: MITCH-PC  UserName: MITCH
14:19:36.419    Initialize success
14:19:37.234    VM: initialized successfully
14:19:37.240    VM: Amd CPU BiosDisabled
14:19:57.250    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2
14:19:57.264    Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 8909 Size: 305245MB BusType: 3
14:19:57.772    Disk 0 MBR read successfully
14:19:57.780    Disk 0 MBR scan
14:19:57.788    Disk 0 unknown MBR code
14:20:08.353    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS       292028 MB offset 2048
14:20:08.388    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS        13213 MB offset 598075392
14:20:08.798    Disk 0 scanning C:\Windows\system32\drivers
14:20:50.248    Service scanning
14:22:35.988    Modules scanning
14:22:36.012    Disk 0 trace - called modules:
14:22:36.053    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:22:36.071    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003f59300]
14:22:36.098    3 CLASSPNP.SYS[fffffa6000a02c33] -> nt!IofCallDriver -> [0xfffffa8003f66950]
14:22:36.115    5 hpdskflt.sys[fffffa6001a02189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-2[0xfffffa8003f47060]
14:22:36.132    Disk 0 statistics 115665/0/0 @ 1.27 MB/s
14:22:36.148    Scan finished successfully
14:23:02.666    Disk 0 MBR has been saved successfully to "C:\Users\MITCH\Desktop\MBR.dat"
14:23:02.835    The log file has been saved successfully to "C:\Users\MITCH\Desktop\aswMBR.txt"

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01 (ATTENTION: ====> FRST version is 253 days old and could be outdated)
Ran by MITCH (administrator) on MITCH-PC on 10-07-2015 14:34:19
Running from C:\Users\MITCH\Desktop
Loaded Profile: MITCH (Available profiles: MITCH)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DiscountFrenzy) C:\Program Files (x86)\I - Cinema\e9d689fd-334c-4ca5-92be-ab72eda8d8c6-6.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(ClaraLabs) C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Rational Thought Solutions) C:\ProgramData\atpfbZ\SZSiITyB.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\System32\PresentationSettings.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [456192 2009-08-13] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-10-08] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
HKLM-x32\...\Run: [DVDAgent] => "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
HKLM-x32\...\Run: [CrashMon] => "C:\Program Files (x86)\0ca45c95134d\5596b4e010aa.exe" "UniversalUpdater" "http://log.data-url.com/crash/"
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-09-25] (CyberLink)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre1.8.0_25\bin\jusched.exe"
HKLM-x32\...\Run: [ospd_us_961] => [X]
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1684360 2015-05-26] (APN)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34eb4dd52
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34eb4dd52
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM - {934BCD49-C81A-4ED0-86DF-56EE1B6DA341} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM - {a3e1d674-04ee-4c9e-b143-442555830fb7} URL =
SearchScopes: HKLM - {C4B887F1-E634-4BCC-8BA4-6E91B16D2814} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM - {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Vosteran.com/...=1146529631&ir=
SearchScopes: HKLM-x32 - {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKLM-x32 - {934BCD49-C81A-4ED0-86DF-56EE1B6DA341} URL = http://search.live.c...ms}&FORM=HPNTDF
SearchScopes: HKLM-x32 - {a3e1d674-04ee-4c9e-b143-442555830fb7} URL = http://search.condui...5163226023&UM=2
SearchScopes: HKLM-x32 - {C4B887F1-E634-4BCC-8BA4-6E91B16D2814} URL = http://www.ask.com/w...}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {ef80d754-fb77-4a7f-be75-489beebb20c9} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKCU - DefaultScope {CFE23308-78C6-44BE-99F5-8A42DE00E17B} URL = http://search.yahoo....f-8&fr=chr-yie9
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKCU - {01BB66D3-9F1A-479A-AA5C-DB34B618B965} URL = http://www.search.as...rms}&psv=&pt=tb
SearchScopes: HKCU - {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.trovi.com...rchTerms}&SSPV=
SearchScopes: HKCU - {4F5E3C10-FEB0-467A-A7CD-FD0C05FDA134} URL = http://www.flickr.co...q={searchTerms}
SearchScopes: HKCU - {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
SearchScopes: HKCU - {CFE23308-78C6-44BE-99F5-8A42DE00E17B} URL = http://search.yahoo....f-8&fr=chr-yie9
SearchScopes: HKCU - {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Vosteran.com/...=1932793410&ir=
SearchScopes: HKCU - {EFA0BB11-5A96-43DF-A6CC-F172A691CAB1} URL = http://delicious.com...p={searchTerms}
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {F92A9FE4-2850-4198-B9D5-279880E49B16} -  No File
Toolbar: HKCU - No Name - {238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9} -  No File
Toolbar: HKCU - No Name - {534D542D-5637-006A-76A7-7A786E7484D7} -  No File
Toolbar: HKCU - No Name - {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.0.180
Tcpip\..\Interfaces\{28A4C540-8B9E-470A-9135-F3AE6A55F184}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [NameServer] 82.163.143.150,82.163.142.152

FireFox:
========
FF ProfilePath: C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default
FF DefaultSearchEngine: Binkiland
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://search.gboxapp.com/?aff=p
FF Keyword.URL: https://search.yahoo...&type=238417&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @ei.GamingWonderland.com/Plugin -> C:\Program Files (x86)\GamingWonderlandEI\Installr\2.bin\NPgtEISB.dll No File
FF Plugin-x32: @ei.MapsGalaxy_39.com/Plugin -> C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll No File
FF Plugin-x32: @ei.RadioRage_4j.com/Plugin -> C:\Program Files (x86)\RadioRage_4jEI\Installr\1.bin\NP4jEISB.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @PackageTracer_69.com/Plugin -> C:\Program Files (x86)\PackageTracer_69\bar\1.bin\NP69Stub.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\user.js
FF SearchPlugin: C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\searchplugins\my-homepage.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\generic_search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF Extension: ArcadeWeb - C:\Users\MITCH\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\text_links@arcadeweb.com [2013-04-06]
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\Extensions\MGKN37049485@ACPSC11936960.com [2015-07-03]
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net [2013-08-07]
FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org [2013-08-13]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-14]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] - C:\Program Files (x86)\LyriXeeker\128.xpi
FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\vriyjhvpjcaii@wkthnvmbgqrmsmmjo.net [Not Found]
FF Extension: No Name - vriyjhvpjcaii@wkthnvmbgqrmsmmjo.net [Not Found]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-22]
CHR Extension: (Looper for YouTube) - C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg [2015-07-05]
CHR Extension: (No Name) - C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg [2015-01-06]
CHR HKCU\...\Chrome\Extension: [dpimglhojapikoeeifcifanbeinephdm] - C:\Users\MITCH\AppData\Local\CRE\dpimglhojapikoeeifcifanbeinephdm.crx []
CHR HKCU\...\Chrome\Extension: [lggjockdkhahihjfehmocmjakchihnjb] - C:\Users\MITCH\AppData\Local\CRE\lggjockdkhahihjfehmocmjakchihnjb.crx []
CHR HKLM-x32\...\Chrome\Extension: [dpimglhojapikoeeifcifanbeinephdm] - C:\Users\MITCH\AppData\Local\CRE\dpimglhojapikoeeifcifanbeinephdm.crx []
CHR HKLM-x32\...\Chrome\Extension: [lggjockdkhahihjfehmocmjakchihnjb] - C:\Users\MITCH\AppData\Local\CRE\lggjockdkhahihjfehmocmjakchihnjb.crx []


 

 

 

Attached Files


    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 July 2015 - 01:57 PM

:welcome:

 

Is this a business or a school computer, do you fix computers for profit ?



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 mickey7

mickey7

    Silver Member

  • Authentic Member
  • PipPipPip
  • 254 posts

Posted 10 July 2015 - 02:55 PM

No I do not.  I  work at a public library and occasionally teach general computer use to the public as a library service.  One of my former students approached me for help.  I am doing this as a courtesy for her and her husband. 



#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 July 2015 - 03:07 PM

OK, thanks

 

Let me see an entire FRST log. Go ahead and drag FRST to the trash and lets download and run a current version

 

Please download Farbar Recovery Scan Tool and save it to your DESKTOP
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
FRST_zps5d956a1a.jpg
 
 
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Please make sure All Users is checked
  • Just keep the defaults as in the picture checkmarked
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #5 mickey7

    mickey7

      Silver Member

    • Authentic Member
    • PipPipPip
    • 254 posts

    Posted 10 July 2015 - 04:30 PM

    Sorry for the delay... since I cannot connect I have to dl to a usb from my laptop and transfer stuff back and forth.  But here are the new logs...

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015
    Ran by MITCH (administrator) on MITCH-PC on 10-07-2015 17:33:55
    Running from C:\Users\MITCH\Desktop
    Loaded Profiles: MITCH (Available Profiles: MITCH)
    Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\stacsv64.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Agere Systems) C:\Windows\System32\agr64svc.exe
    (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
    () C:\Program Files (x86)\SMINST\BLService.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\PresentationSettings.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
    () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    (Microsoft Corporation) C:\Windows\System32\mobsync.exe
    (Farbar) C:\Users\MITCH\Desktop\FRST64(1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Windows Defender] => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [456192 2009-08-13] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-10-08] ( Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
    HKLM-x32\...\Run: [DVDAgent] => "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    HKLM-x32\...\Run: [CrashMon] => "C:\Program Files (x86)\0ca45c95134d\5596b4e010aa.exe" "UniversalUpdater" "http://log.data-url.com/crash/"
    HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-09-25] (CyberLink)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre1.8.0_25\bin\jusched.exe"
    HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1684360 2015-05-26] (APN)
    HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKU\S-1-5-21-499354876-3266562091-500007027-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
    HKU\S-1-5-21-499354876-3266562091-500007027-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
    SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
    SearchScopes: HKLM -> {934BCD49-C81A-4ED0-86DF-56EE1B6DA341} URL = http://search.live.c...ms}&FORM=HPNTDF
    SearchScopes: HKLM -> {a3e1d674-04ee-4c9e-b143-442555830fb7} URL =
    SearchScopes: HKLM -> {C4B887F1-E634-4BCC-8BA4-6E91B16D2814} URL = http://www.ask.com/w...}&l=dis&o=ushpl
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Vosteran.com/...=1146529631&ir=
    SearchScopes: HKLM-x32 -> {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} URL = http://search.tb.ask...r={searchTerms}
    SearchScopes: HKLM-x32 -> {934BCD49-C81A-4ED0-86DF-56EE1B6DA341} URL = http://search.live.c...ms}&FORM=HPNTDF
    SearchScopes: HKLM-x32 -> {a3e1d674-04ee-4c9e-b143-442555830fb7} URL = http://search.condui...5163226023&UM=2
    SearchScopes: HKLM-x32 -> {C4B887F1-E634-4BCC-8BA4-6E91B16D2814} URL = http://www.ask.com/w...}&l=dis&o=ushpl
    SearchScopes: HKLM-x32 -> {ef80d754-fb77-4a7f-be75-489beebb20c9} URL = http://search.mywebs...r={searchTerms}
    SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> DefaultScope {CFE23308-78C6-44BE-99F5-8A42DE00E17B} URL = http://search.yahoo....f-8&fr=chr-yie9
    SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {01BB66D3-9F1A-479A-AA5C-DB34B618B965} URL = http://www.search.as...rms}&psv=&pt=tb
    SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.trovi.com...rchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {4F5E3C10-FEB0-467A-A7CD-FD0C05FDA134} URL = http://www.flickr.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
    SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {CFE23308-78C6-44BE-99F5-8A42DE00E17B} URL = http://search.yahoo....f-8&fr=chr-yie9
    SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://Vosteran.com/...=1932793410&ir=
    SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {EFA0BB11-5A96-43DF-A6CC-F172A691CAB1} URL = http://delicious.com...p={searchTerms}
    Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
    Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-05-30] (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9} -  No File
    Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {534D542D-5637-006A-76A7-7A786E7484D7} -  No File
    Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} -  No File
    DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
    Hosts: 127.0.0.1    localhost
    Tcpip\Parameters: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.0.180
    Tcpip\..\Interfaces\{28A4C540-8B9E-470A-9135-F3AE6A55F184}: [NameServer] 208.67.222.222,208.67.220.220
    Tcpip\..\Interfaces\{28A4C540-8B9E-470A-9135-F3AE6A55F184}: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.0.180
    Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [NameServer] 82.163.143.150,82.163.142.152
    Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.80.251

    FireFox:
    ========
    FF ProfilePath: C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default
    FF DefaultSearchEngine: Binkiland
    FF SearchEngineOrder.3: Bing
    FF Keyword.URL: https://search.yahoo...&type=238417&p=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-25] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-25] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @ei.GamingWonderland.com/Plugin -> C:\Program Files (x86)\GamingWonderlandEI\Installr\2.bin\NPgtEISB.dll No File
    FF Plugin-x32: @ei.MapsGalaxy_39.com/Plugin -> C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll No File
    FF Plugin-x32: @ei.RadioRage_4j.com/Plugin -> C:\Program Files (x86)\RadioRage_4jEI\Installr\1.bin\NP4jEISB.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-16] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-16] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin-x32: @PackageTracer_69.com/Plugin -> C:\Program Files (x86)\PackageTracer_69\bar\1.bin\NP69Stub.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-30] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-30] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2015-01-02] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [2011-12-01] ( )
    FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @tools.google.com/Google Update;version=3 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @tools.google.com/Google Update;version=9 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
    FF user.js: detected! => C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\user.js [2015-04-06]
    FF SearchPlugin: C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\searchplugins\my-homepage.xml [2014-11-25]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\generic_search.xml [2014-11-13]
    FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net [2013-08-07]
    FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org [2013-08-13]
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-14]
    FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    FF HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Firefox\Extensions: [lyrix@lyrixeeker.co] - C:\Program Files (x86)\LyriXeeker\128.xpi
    FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\MGKN37049485@ACPSC11936960.com [not found]
    FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\vriyjhvpjcaii@wkthnvmbgqrmsmmjo.net [not found]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-03-25] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-03-25] <==== ATTENTION

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Docs) - C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-22]
    CHR Extension: (Looper for YouTube) - C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg [2015-07-05]
    CHR HKLM\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
    CHR HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dpimglhojapikoeeifcifanbeinephdm] - C:\Users\MITCH\AppData\Local\CRE\dpimglhojapikoeeifcifanbeinephdm.crx [Not Found]
    CHR HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lggjockdkhahihjfehmocmjakchihnjb] - C:\Users\MITCH\AppData\Local\CRE\lggjockdkhahihjfehmocmjakchihnjb.crx [Not Found]
    CHR HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
    CHR HKLM-x32\...\Chrome\Extension: [dpimglhojapikoeeifcifanbeinephdm] - C:\Users\MITCH\AppData\Local\CRE\dpimglhojapikoeeifcifanbeinephdm.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [jmbmildjdmppofnohldicmnkojfhggmb] - https://clients2.goo...ice/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lggjockdkhahihjfehmocmjakchihnjb] - C:\Users\MITCH\AppData\Local\CRE\lggjockdkhahihjfehmocmjakchihnjb.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [Äÿ] - No Path Or update_url value

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-28] (APN LLC.)
    R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
    R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-06-29] () [File not signed]
    R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe [240640 2009-08-13] (IDT, Inc.)
    S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] <==== ATTENTION
    S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
    S2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe run  [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
    S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-11] ()
    S3 cpuz134; \??\C:\Users\MITCH\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    U4 eabfiltr; No ImagePath
    S4 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-10 17:33 - 2015-07-10 17:35 - 00022577 _____ C:\Users\MITCH\Desktop\FRST.txt
    2015-07-10 17:33 - 2015-07-10 17:30 - 02112512 _____ (Farbar) C:\Users\MITCH\Desktop\FRST64(1).exe
    2015-07-10 17:30 - 2015-07-10 17:30 - 00003436 _____ C:\Windows\System32\Tasks\PresentationSettingsTurnOff_MITCH-PC_MITCH
    2015-07-10 14:29 - 2015-07-10 17:34 - 00000000 ____D C:\FRST
    2015-07-10 14:23 - 2015-07-10 14:23 - 00001781 _____ C:\Users\MITCH\Desktop\aswMBR.txt
    2015-07-10 14:23 - 2015-07-10 14:23 - 00000512 _____ C:\Users\MITCH\Desktop\MBR.dat
    2015-07-10 14:17 - 2015-07-10 14:17 - 00006717 _____ C:\Users\MITCH\Desktop\dds.zip
    2015-07-10 14:17 - 2015-07-10 14:17 - 00003205 _____ C:\Users\MITCH\Desktop\attach.zip
    2015-07-10 14:16 - 2015-07-10 14:16 - 00024195 _____ C:\Users\MITCH\Desktop\dds.txt
    2015-07-10 14:16 - 2015-07-10 14:16 - 00011630 _____ C:\Users\MITCH\Desktop\attach.txt
    2015-07-10 14:02 - 2015-07-10 14:03 - 00011433 _____ C:\Users\MITCH\Documents\hijackthis.log
    2015-07-10 13:58 - 2015-07-10 13:59 - 00002519 _____ C:\Users\MITCH\Desktop\HiJackThis.lnk
    2015-07-10 13:58 - 2015-07-10 13:59 - 00000000 ____D C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2015-07-10 13:58 - 2015-07-10 13:58 - 00000000 ____D C:\Program Files (x86)\Trend Micro
    2015-07-10 13:57 - 2014-10-31 13:30 - 00688992 ____R (Swearware) C:\Users\MITCH\Desktop\dds.com
    2015-07-10 13:57 - 2014-04-12 15:05 - 01402880 _____ C:\Users\MITCH\Desktop\HijackThis.msi
    2015-07-10 08:57 - 2014-10-29 21:33 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\MITCH\Desktop\mbam-setup-2.0.3.1025.exe
    2015-07-09 20:27 - 2015-07-09 22:53 - 00000000 ____D C:\Users\MITCH\Desktop\mbar
    2015-07-09 20:24 - 2015-07-09 15:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\MITCH\Desktop\tdsskiller.exe
    2015-07-09 19:14 - 2015-07-09 15:24 - 21971528 _____ C:\Users\MITCH\Desktop\RogueKillerX64.exe
    2015-07-09 19:10 - 2015-07-09 15:19 - 05200384 _____ (AVAST Software) C:\Users\MITCH\Desktop\aswMBR.exe
    2015-07-07 22:24 - 2015-07-07 22:24 - 00000000 ____D C:\Program Files (x86)\predm
    2015-07-07 21:05 - 2015-07-07 15:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MITCH\Desktop\revosetup.exe
    2015-07-07 17:59 - 2015-07-07 17:59 - 00000000 _____ C:\Users\MITCH\AppData\Local\Temp.dat
    2015-07-07 17:51 - 2015-07-07 17:51 - 00001861 _____ C:\Users\MITCH\Desktop\chrome.lnk
    2015-07-07 17:47 - 2015-07-07 17:47 - 00001104 _____ C:\Users\MITCH\Desktop\Live PC Help.lnk
    2015-07-07 17:42 - 2015-07-07 21:05 - 00001059 _____ C:\Users\MITCH\Desktop\Revo Uninstaller.lnk
    2015-07-07 17:42 - 2015-07-07 21:05 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
    2015-07-07 08:31 - 2015-07-07 08:31 - 00000949 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    2015-07-05 01:32 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-07-05 01:32 - 2015-04-30 11:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-07-05 01:18 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Gravity Highlighter
    2015-07-05 01:15 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\ClIckFaorSSale
    2015-07-05 01:13 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\CliCCkFFOOrSualle
    2015-07-05 01:07 - 2015-04-10 19:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-07-05 01:07 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
    2015-07-05 01:02 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Looper for YouTube
    2015-07-03 23:41 - 2015-07-10 11:41 - 00000000 ____D C:\ProgramData\{d59329e7-058a-cbd1-d593-329e7058a79c}
    2015-07-03 23:37 - 2015-07-05 00:55 - 00000000 ____D C:\Program Files (x86)\SaverProo
    2015-07-03 23:35 - 2015-07-05 00:55 - 00000000 ____D C:\Program Files (x86)\SaaveerPPrro
    2015-07-03 17:58 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\apppsavue
    2015-07-03 17:54 - 2015-07-03 23:35 - 00000000 ____D C:\Program Files (x86)\appsAve
    2015-07-03 17:18 - 2015-07-03 17:22 - 00004097 _____ C:\Windows\system32\dummy.002
    2015-06-30 18:08 - 2015-06-30 18:08 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (38).exe
    2015-06-30 17:55 - 2015-07-10 12:11 - 00000340 _____ C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job
    2015-06-30 17:55 - 2015-07-03 23:41 - 00003252 _____ C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6]
    2015-06-30 17:55 - 2015-07-03 17:57 - 00000000 ____D C:\ProgramData\{0da777ff-38fc-fbab-0da7-777ff38fdffc}
    2015-06-27 22:14 - 2015-05-08 19:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-06-27 22:14 - 2015-05-08 19:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-06-27 22:10 - 2015-05-04 18:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-06-27 22:10 - 2015-05-04 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-06-27 22:10 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-06-27 22:10 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-06-27 22:10 - 2015-05-04 18:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-06-27 22:10 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-06-27 22:10 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-06-27 22:10 - 2015-05-04 18:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-06-27 22:10 - 2015-05-04 17:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-06-27 22:10 - 2015-05-04 17:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-06-27 22:09 - 2015-05-21 10:36 - 02795520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-06-27 21:42 - 2015-07-03 17:55 - 00000000 ____D C:\Program Files (x86)\QueenCCoupon
    2015-06-27 21:40 - 2015-07-03 17:55 - 00000000 ____D C:\Program Files (x86)\QueeNNCCouupOan
    2015-06-27 21:40 - 2015-04-24 11:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
    2015-06-27 21:40 - 2015-04-24 11:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2015-06-27 21:39 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Redbooth for Gmail
    2015-06-26 17:35 - 2015-07-03 17:55 - 00000000 ____D C:\Program Files (x86)\dowaNloaditKeepo
    2015-06-26 17:31 - 2015-07-03 17:55 - 00000000 ____D C:\Program Files (x86)\downlloadItkoeepu
    2015-06-25 20:51 - 2015-06-26 17:32 - 00000000 ____D C:\Program Files (x86)\ShoupperMMaster
    2015-06-25 20:47 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\SahoppaeruMMasteer
    2015-06-25 20:46 - 2015-06-26 17:32 - 00000000 ____D C:\Program Files (x86)\ShopperrMasoter
    2015-06-24 18:46 - 2015-06-24 18:46 - 00000680 _____ C:\Users\MITCH\AppData\Local\d3d9caps.dat
    2015-06-24 17:38 - 2015-06-26 17:32 - 00000000 ____D C:\Program Files (x86)\BetterePriceChec
    2015-06-24 17:37 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\BettterPRiceoCoheEac
    2015-06-24 17:35 - 2015-06-26 17:32 - 00000000 ____D C:\Program Files (x86)\BEttteerPriCeoCheec
    2015-06-24 17:11 - 2015-06-24 17:11 - 02808824 _____ (tuneuppro.com ) C:\Users\MITCH\Downloads\setup (5).exe
    2015-06-22 23:35 - 2015-06-22 23:35 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\Unconfirmed 680101.crdownload
    2015-06-22 23:33 - 2015-06-26 16:40 - 00001985 _____ C:\Users\MITCH\Desktop\Google Chrome.lnk
    2015-06-22 23:31 - 2015-07-09 19:17 - 00000024 _____ C:\Users\MITCH\AppData\Roaming\appdataFr25.bin
    2015-06-22 23:22 - 2015-06-22 23:24 - 00000000 ____D C:\94d4568a-ad62-4a6e-a62b-238f2297a462
    2015-06-22 23:20 - 2015-06-22 23:20 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (37).exe
    2015-06-22 23:09 - 2015-06-22 23:09 - 00341552 _____ C:\Users\MITCH\Downloads\Setup (4).exe
    2015-06-22 23:09 - 2015-06-22 23:09 - 00341552 _____ C:\Users\MITCH\Downloads\Setup (3).exe
    2015-06-22 22:22 - 2015-05-30 20:48 - 02343424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-06-22 22:21 - 2015-05-30 20:42 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-06-22 22:21 - 2015-05-30 20:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-06-22 22:21 - 2015-05-30 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-06-22 22:21 - 2015-05-30 20:40 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-06-22 22:21 - 2015-05-30 20:40 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-06-22 22:21 - 2015-05-30 20:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-06-22 22:21 - 2015-05-30 19:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-06-22 22:21 - 2015-05-30 19:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-06-22 22:21 - 2015-05-30 19:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-06-22 22:21 - 2015-05-30 19:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-06-22 22:21 - 2015-05-30 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-06-22 22:21 - 2015-05-30 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-06-22 22:21 - 2015-05-30 19:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-06-22 22:21 - 2015-05-30 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-06-22 22:21 - 2015-05-30 19:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-06-22 22:20 - 2015-05-30 21:05 - 17884672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-06-22 22:20 - 2015-05-30 20:41 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-06-22 22:20 - 2015-05-30 20:40 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-06-22 22:20 - 2015-05-30 20:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-06-22 22:19 - 2015-05-30 20:41 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-06-22 22:19 - 2015-05-30 20:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-06-22 22:19 - 2015-05-30 19:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-06-22 22:19 - 2015-05-30 19:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2015-06-22 22:19 - 2015-05-30 19:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2015-06-22 22:18 - 2015-05-30 20:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-06-22 22:18 - 2015-05-30 20:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-06-22 22:18 - 2015-05-30 20:41 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-06-22 22:18 - 2015-05-30 20:41 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-06-22 22:18 - 2015-05-30 20:41 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-06-22 22:18 - 2015-05-30 20:41 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-06-22 22:18 - 2015-05-30 20:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-06-22 22:18 - 2015-05-30 19:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-06-22 22:18 - 2015-05-30 19:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-06-22 22:18 - 2015-05-30 19:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-06-22 22:18 - 2015-05-30 19:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-06-22 22:18 - 2015-05-30 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2015-06-22 22:17 - 2015-05-30 20:49 - 10935296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-06-22 22:17 - 2015-05-30 20:41 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-06-22 22:17 - 2015-05-30 20:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-06-22 22:17 - 2015-05-30 19:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-06-22 22:17 - 2015-05-30 19:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-06-22 22:17 - 2015-05-30 19:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-06-22 22:17 - 2015-05-30 19:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2015-06-22 21:51 - 2015-07-03 17:55 - 00000000 ____D C:\Program Files (x86)\surfkeeepiit
    2015-06-22 21:50 - 2015-07-03 17:55 - 00000000 ____D C:\Program Files (x86)\surfkeeepit
    2015-06-21 14:24 - 2015-04-19 17:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
    2015-06-21 14:24 - 2015-04-19 17:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
    2015-06-21 14:24 - 2015-04-19 17:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
    2015-06-21 14:24 - 2015-04-19 17:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
    2015-06-21 14:24 - 2015-04-19 16:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2015-06-21 14:24 - 2015-04-19 16:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2015-06-21 14:24 - 2015-04-19 16:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2015-06-21 14:24 - 2015-04-19 16:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-06-21 14:24 - 2015-04-17 20:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
    2015-06-21 14:24 - 2015-04-17 20:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
    2015-06-21 14:24 - 2015-04-17 20:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
    2015-06-21 14:24 - 2015-04-17 20:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
    2015-06-21 14:24 - 2015-04-17 19:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-06-21 14:24 - 2015-04-17 19:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2015-06-21 14:24 - 2015-04-17 19:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2015-06-21 14:24 - 2015-04-17 19:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-06-21 14:24 - 2015-04-17 19:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-06-20 17:43 - 2015-06-20 17:43 - 00000000 ____D C:\Program Files (x86)\Galaxy New Tab
    2015-06-20 17:33 - 2015-06-20 17:34 - 00000000 ____D C:\Program Files (x86)\ShopperMastter
    2015-06-20 17:29 - 2015-06-20 17:30 - 00000000 ____D C:\Program Files (x86)\ShOppeReMaster
    2015-06-20 17:01 - 2015-06-20 17:01 - 00000000 ____D C:\Program Files (x86)\saVeerabbOOx
    2015-06-20 16:57 - 2015-06-20 17:04 - 00000000 ____D C:\Program Files (x86)\saverabOx
    2015-06-20 16:53 - 2015-06-20 17:38 - 00000000 ____D C:\Program Files (x86)\JavaScript Popup Blocker
    2015-06-13 03:11 - 2015-06-13 03:42 - 00763984 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (36).exe
    2015-06-13 03:10 - 2015-06-13 03:30 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (35).exe
    2015-06-13 03:09 - 2015-06-13 03:20 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (33).exe
    2015-06-13 03:09 - 2015-06-13 03:19 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (34).exe
    2015-06-13 03:03 - 2015-06-13 03:17 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (31).exe
    2015-06-13 03:03 - 2015-06-13 03:13 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (32).exe
    2015-06-13 02:56 - 2015-06-13 02:56 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (30).exe
    2015-06-13 02:55 - 2015-06-13 02:55 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (29).exe
    2015-06-13 02:35 - 2015-06-13 02:37 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (28).exe
    2015-06-13 02:33 - 2015-06-13 02:33 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (27).exe
    2015-06-13 02:22 - 2015-07-07 23:29 - 00000000 ____D C:\Program Files (x86)\Coupoon

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-10 17:34 - 2011-08-08 22:41 - 01103237 _____ C:\Windows\WindowsUpdate.log
    2015-07-10 17:33 - 2008-10-23 05:54 - 00003580 _____ C:\Windows\System32\Tasks\HP Health Check
    2015-07-10 17:28 - 2015-04-13 01:28 - 00001004 _____ C:\Windows\Tasks\Wqs3RURQofhshHTo.job
    2015-07-10 17:28 - 2014-11-21 21:35 - 00000414 _____ C:\Windows\Tasks\Quick PC Booster64 startups.job
    2015-07-10 17:28 - 2013-12-08 15:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b.job
    2015-07-10 17:28 - 2011-12-22 01:42 - 00065536 _____ C:\Windows\system32\Ikeext.etl
    2015-07-10 17:28 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-07-10 17:28 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-07-10 17:28 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-07-10 17:27 - 2015-01-06 06:00 - 00000000 ____D C:\ProgramData\atpfbZ
    2015-07-10 17:27 - 2014-09-23 16:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-07-10 17:27 - 2013-08-11 15:29 - 04059102 _____ C:\Windows\PFRO.log
    2015-07-10 17:27 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\Help
    2015-07-10 14:55 - 2008-10-23 03:45 - 00000012 _____ C:\Windows\bthservsdp.dat
    2015-07-10 14:55 - 2006-11-02 11:42 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-07-10 14:42 - 2011-10-15 20:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-07-10 14:34 - 2015-04-18 12:47 - 00000000 ____D C:\Program Files (x86)\Tab Hibernation
    2015-07-10 14:34 - 2015-01-06 02:55 - 00000000 ____D C:\Program Files (x86)\ce88c4aa-b86a-4c1e-bb45-d6da615fde68
    2015-07-10 14:34 - 2014-11-13 00:12 - 00000000 ____D C:\Users\MITCH\AppData\Local\12009
    2015-07-10 14:34 - 2014-11-11 01:11 - 00000000 ____D C:\Program Files (x86)\360a619a-0cf8-4762-bee6-45c5335152cc
    2015-07-10 14:22 - 2015-04-06 00:06 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    2015-07-10 14:18 - 2012-09-10 13:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-07-10 14:17 - 2014-11-15 20:12 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA.job
    2015-07-10 11:25 - 2014-09-23 16:56 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-07-10 11:24 - 2014-09-23 16:54 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-07-10 11:24 - 2014-09-23 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-07-09 23:45 - 2014-11-15 20:12 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core.job
    2015-07-09 22:53 - 2014-12-02 01:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-07-09 20:24 - 2014-12-03 08:40 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-07-09 19:34 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\tracing
    2015-07-09 19:15 - 2014-12-03 08:40 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-07-09 19:13 - 2006-11-02 08:46 - 00005086 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-07-09 02:03 - 2012-05-04 11:50 - 00002313 _____ C:\Windows\epplauncher.mif
    2015-07-08 20:15 - 2015-01-03 21:42 - 00000000 ____D C:\Users\MITCH\AppData\Roaming\DigitalSites
    2015-07-08 00:26 - 2015-03-16 02:56 - 00000000 ____D C:\Program Files (x86)\AmiExt
    2015-07-07 23:23 - 2015-05-05 03:18 - 00000000 ____D C:\Users\MITCH\AppData\Local\CrashDumps
    2015-07-07 23:15 - 2012-10-08 16:39 - 00000000 ____D C:\Windows\Minidump
    2015-07-07 23:09 - 2014-11-12 17:55 - 00000000 ____D C:\Users\MITCH\AppData\Roaming\MailUpdate
    2015-07-07 22:03 - 2014-12-07 19:43 - 00000000 ____D C:\Users\MITCH\AppData\Local\Gameo
    2015-07-07 17:47 - 2015-01-06 22:42 - 00000000 ____D C:\Users\MITCH\AppData\Roaming\Systweak
    2015-07-07 15:01 - 2014-05-28 03:38 - 00000288 _____ C:\Windows\Tasks\FastAgain PC Booster_DEFAULT.job
    2015-07-07 08:31 - 2011-09-27 01:39 - 00000934 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-07-07 08:30 - 2011-09-27 01:38 - 00000915 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
    2015-07-07 03:12 - 2014-01-11 07:47 - 00000000 ____D C:\Windows\pss
    2015-07-06 19:59 - 2015-01-24 22:51 - 00000000 ____D C:\ProgramData\PorOSuhoepper
    2015-07-06 19:48 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache
    2015-07-05 02:01 - 2008-10-23 05:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-07-05 01:54 - 2008-10-23 05:11 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-07-05 01:20 - 2015-01-25 18:52 - 00000000 ____D C:\ProgramData\6499773942544968838
    2015-07-05 01:11 - 2014-12-07 19:21 - 00116019 _____ C:\Windows\system32\ScanResults.xml
    2015-07-05 01:06 - 2011-08-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-07-05 00:42 - 2014-11-11 21:56 - 00000188 _____ C:\Users\MITCH\AppData\Roaming\WB.CFG
    2015-07-05 00:35 - 2014-12-07 19:12 - 00000464 _____ C:\Windows\system32\ScannerSettings
    2015-07-03 21:08 - 2006-11-02 08:33 - 77594624 _____ C:\Windows\system32\config\software_previous
    2015-07-03 21:07 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\spool
    2015-07-03 21:07 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\Msdtc
    2015-07-03 21:07 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\registration
    2015-07-03 21:07 - 2006-11-02 08:33 - 22544384 _____ C:\Windows\system32\config\system_previous
    2015-07-03 21:02 - 2006-11-02 08:33 - 66322432 _____ C:\Windows\system32\config\components_previous
    2015-07-03 21:01 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
    2015-07-03 17:09 - 2011-08-09 07:14 - 00000000 ____D C:\Users\MITCH
    2015-07-03 16:20 - 2006-11-02 08:33 - 00524288 _____ C:\Windows\system32\config\default_previous
    2015-07-03 16:20 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\security_previous
    2015-06-30 17:37 - 2015-01-04 22:29 - 00000120 _____ C:\Windows\efix.ini
    2015-06-30 17:37 - 2014-11-14 19:49 - 00000165 _____ C:\Windows\Reimage.ini
    2015-06-27 22:30 - 2006-11-02 11:21 - 00317688 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-06-27 22:09 - 2013-11-20 01:25 - 00000000 ____D C:\Windows\system32\MRT
    2015-06-26 17:03 - 2014-12-26 00:40 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2015-06-25 20:21 - 2012-09-10 13:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-06-25 20:21 - 2012-09-10 13:33 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-06-25 20:21 - 2011-08-14 13:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-22 22:32 - 2015-01-25 22:36 - 00000000 ____D C:\Program Files (x86)\deal2dealiiT
    2015-06-22 22:32 - 2015-01-25 22:35 - 00000000 ____D C:\Program Files (x86)\Strong Password Generator
    2015-06-22 22:32 - 2015-01-25 18:52 - 00000000 ____D C:\Program Files (x86)\CeOolSaaleCoUpoN
    2015-06-22 21:50 - 2015-04-18 19:15 - 00000000 ____D C:\Program Files (x86)\KIngCouupon
    2015-06-22 21:50 - 2015-04-18 12:48 - 00000000 ____D C:\Program Files (x86)\QuEeanCoeupon
    2015-06-22 21:50 - 2015-04-14 20:14 - 00000000 ____D C:\Program Files (x86)\quicckshOp
    2015-06-22 21:50 - 2015-04-14 20:05 - 00000000 ____D C:\Program Files (x86)\rocccketssaLe
    2015-06-22 21:50 - 2015-03-26 21:46 - 00000000 ____D C:\Program Files (x86)\SHHoppeRMaster
    2015-06-22 21:50 - 2015-03-26 21:44 - 00000000 ____D C:\Program Files (x86)\FlashhCCOupioNu
    2015-06-22 21:50 - 2015-03-05 16:31 - 00000000 ____D C:\Program Files (x86)\SSalEsChiecker
    2015-06-21 00:09 - 2006-11-02 09:33 - 00000000 __RSD C:\Windows\Media
    2015-06-19 23:45 - 2013-05-12 21:04 - 00000000 ____D C:\temp

    ==================== Files in the root of some directories =======

    2015-03-05 02:54 - 2015-03-05 02:54 - 0000079 _____ () C:\Program Files (x86)\prefs.js
    2015-06-22 23:31 - 2015-07-09 19:17 - 0000024 _____ () C:\Users\MITCH\AppData\Roaming\appdataFr25.bin
    2015-03-16 03:44 - 2015-04-27 19:29 - 0000020 _____ () C:\Users\MITCH\AppData\Roaming\appdataFr3.bin
    2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\MITCH\AppData\Roaming\QV
    2014-09-01 04:18 - 2014-09-01 04:18 - 0001248 _____ () C:\Users\MITCH\AppData\Roaming\TFNRF
    2011-09-04 18:51 - 2011-09-04 18:51 - 0029216 _____ () C:\Users\MITCH\AppData\Roaming\UserTile.png
    2014-11-11 21:56 - 2015-07-05 00:42 - 0000188 _____ () C:\Users\MITCH\AppData\Roaming\WB.CFG
    2015-03-31 04:14 - 2015-03-31 04:14 - 0004387 _____ () C:\Users\MITCH\AppData\Roaming\Wqs3RURQofhshHTo
    2014-11-13 21:56 - 2014-11-13 21:56 - 0022528 _____ () C:\Users\MITCH\AppData\Local\1754699dsisetup17581152.exe
    2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\AtStart.txt
    2015-06-24 18:46 - 2015-06-24 18:46 - 0000680 _____ () C:\Users\MITCH\AppData\Local\d3d9caps.dat
    2011-08-09 07:45 - 2014-01-11 18:49 - 0007680 _____ () C:\Users\MITCH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-11-21 18:57 - 2014-11-21 18:57 - 0022528 _____ () C:\Users\MITCH\AppData\Local\dsisetup14924302.exe
    2014-12-07 21:45 - 2014-12-07 21:45 - 0022528 _____ () C:\Users\MITCH\AppData\Local\dsisetup24596202.exe
    2015-02-08 17:55 - 2015-02-08 17:55 - 0022528 _____ () C:\Users\MITCH\AppData\Local\dsisetup2751072.exe
    2015-01-04 23:55 - 2015-01-04 23:55 - 0022528 _____ () C:\Users\MITCH\AppData\Local\dsisetup80848292.exe
    2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\DSwitch.txt
    2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\QSwitch.txt
    2015-07-07 17:59 - 2015-07-07 17:59 - 0000000 _____ () C:\Users\MITCH\AppData\Local\Temp.dat
    2014-01-27 03:19 - 2014-01-28 16:45 - 0002763 _____ () C:\ProgramData\connector.swf
    2011-08-08 23:17 - 2011-08-08 23:17 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2008-10-23 05:36 - 2008-10-23 05:37 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2011-08-08 23:16 - 2011-08-08 23:16 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2008-10-23 05:24 - 2008-10-23 05:27 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2011-08-08 23:14 - 2011-08-08 23:14 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2011-08-08 23:16 - 2011-08-08 23:16 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    2008-10-23 05:22 - 2008-10-23 05:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2008-10-23 05:27 - 2008-10-23 05:36 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    2011-08-08 23:17 - 2011-08-08 23:17 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    Files to move or delete:
    ====================
    C:\Users\Public\AlexaNSISPlugin.8428.dll


    Some files in TEMP:
    ====================
    C:\Users\MITCH\AppData\Local\Temp\2cedfc8d-10f8-498f-8e56-6c2bc70b001e.exe
    C:\Users\MITCH\AppData\Local\Temp\698.exe
    C:\Users\MITCH\AppData\Local\Temp\APNSetup.exe
    C:\Users\MITCH\AppData\Local\Temp\ASPackage.exe
    C:\Users\MITCH\AppData\Local\Temp\CloudBackup1299.exe
    C:\Users\MITCH\AppData\Local\Temp\CloudBackup4488.exe
    C:\Users\MITCH\AppData\Local\Temp\component_634-1C80.exe
    C:\Users\MITCH\AppData\Local\Temp\ConsumerInputSetup.exe
    C:\Users\MITCH\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\MITCH\AppData\Local\Temp\eFixProPackage.exe
    C:\Users\MITCH\AppData\Local\Temp\jre-8u25-windows-au.exe
    C:\Users\MITCH\AppData\Local\Temp\ms.exe
    C:\Users\MITCH\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\MITCH\AppData\Local\Temp\optprosetup.exe
    C:\Users\MITCH\AppData\Local\Temp\Quarantine.exe
    C:\Users\MITCH\AppData\Local\Temp\ReimagePackage.exe
    C:\Users\MITCH\AppData\Local\Temp\ReiScanner.exe
    C:\Users\MITCH\AppData\Local\Temp\ReiSysUpdate.exe
    C:\Users\MITCH\AppData\Local\Temp\sdf2092.exe
    C:\Users\MITCH\AppData\Local\Temp\sdf33E3.exe
    C:\Users\MITCH\AppData\Local\Temp\sdf4578.exe
    C:\Users\MITCH\AppData\Local\Temp\sdfF834.exe
    C:\Users\MITCH\AppData\Local\Temp\setacl.exe
    C:\Users\MITCH\AppData\Local\Temp\Setup0988111.exe
    C:\Users\MITCH\AppData\Local\Temp\setup_489.exe
    C:\Users\MITCH\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    C:\Users\MITCH\AppData\Local\Temp\sqlite3.exe
    C:\Users\MITCH\AppData\Local\Temp\supoptsetup.exe
    C:\Users\MITCH\AppData\Local\Temp\updater_uninstall.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-07-10 17:38

    ==================== End of log ============================

     

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-07-2015
    Ran by MITCH at 2015-07-10 17:44:28
    Running from C:\Users\MITCH\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-499354876-3266562091-500007027-500 - Administrator - Disabled)
    Guest (S-1-5-21-499354876-3266562091-500007027-501 - Limited - Disabled)
    MITCH (S-1-5-21-499354876-3266562091-500007027-1000 - Administrator - Enabled) => C:\Users\MITCH

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
    ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player 10 ActiveX) (Version: 10.0.2.13 - Adobe Systems Incorporated)
    Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
    Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - LSI Corporation)
    AMD USB Audio Driver Filter (HKLM-x32\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
    ATI Catalyst Install Manager (HKLM\...\{7510991E-FE80-7466-2E31-561B52059618}) (Version: 3.0.691.0 - ATI Technologies, Inc.)
    Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    BubbleSound (HKLM\...\BubbleSound) (Version: 1.0 - BubbleSound) <==== ATTENTION!
    Cache utility (HKU\.DEFAULT\...\Cache utility) (Version: 1 - Cache utility)
    ccc-core-static (x32 Version: 2008.0917.337.4556 - ATI) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2126 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Display settings (HKU\.DEFAULT\...\Display settings) (Version: 1 - Display settings)
    ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
    FileOpener (HKLM-x32\...\Tweaks FileOpener) (Version: 1.1.1 - Tweaks)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    Hoyle Magic Carpet (x32 Version: 3.0.2.32 - WildTangent) Hidden
    HP Customer Experience Enhancements (HKLM-x32\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
    HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
    HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.0.0 - Hewlett-Packard Company)
    HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2125 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}) (Version: 2.0.8 - Hewlett-Packard)
    HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.0926 - Hewlett-Packard)
    HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.9.1 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
    HP User Guides 0129 (HKLM-x32\...\{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}) (Version: 1.00.0000 - Hewlett-Packard)
    HP Wireless Assistant (HKLM-x32\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
    HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
    HPTCSSetup (HKLM-x32\...\{30D3B7BC-5798-45D9-822D-05CA18F39E99}) (Version: 1.1.1955.2793 - Hewlett-Packard Company)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6087.0 - IDT)
    Instant Wireless USB Adapter (HKLM-x32\...\{B78823CD-488F-43B4-80D6-FAEADAE40EC4}) (Version:  - )
    Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.17.07 - JMicron Technology Corp.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0919 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.0919 - CyberLink Corp.) Hidden
    Lightspark 0.5.3-git (HKLM-x32\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)
    Luxor 2 HD (x32 Version: 3.0.2.38 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Monopoly® (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    muvee Reveal (HKLM-x32\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
    My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2119 - CyberLink Corp.)
    Power2Go (x32 Version: 6.0.2119 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2119 - CyberLink Corp.)
    PowerDirector (x32 Version: 7.0.2119 - CyberLink Corp.) Hidden
    ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
    QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
    Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1D00}) (Version: 12.29.0.197 - APN, LLC) <==== ATTENTION
    Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
    Skins (x32 Version: 2008.0917.337.4556 - ATI) Hidden
    SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
    System Update (HKLM-x32\...\System Update) (Version: 1 - Network Downloads)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
    Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    10-07-2015 13:58:20 Installed HiJackThis

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 08:34 - 2014-12-02 08:34 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1    localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {011BC47C-CD3D-4075-BC44-E654FC9CB337} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-25] (Adobe Systems Incorporated)
    Task: {0DD27251-64E2-4650-9D4A-C3ADF7018863} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{d59329e7-058a-cbd1-d593-329e7058a79c}\hqghumeaylnlf.exe [2014-07-03] (Super PC Tools Ltd) <==== ATTENTION
    Task: {1561D7EC-89A8-4FBE-AD83-D692307716D9} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION
    Task: {19D08A5D-C45B-4BD5-AAE2-05952A69966C} - System32\Tasks\FastAgain PC Booster => C:\Program Files (x86)\FastAgain PC Booster\PCBooster.exe
    Task: {2DFCA062-7DB7-4D08-9A3C-70D85232294B} - System32\Tasks\gameo_update => C:\Users\MITCH\AppData\Roaming\Gameo\gameo.exe <==== ATTENTION
    Task: {2F92FA4C-3E2A-463E-A873-A4263673B066} - System32\Tasks\SPD\Updater\SPDUpdater => C:\Program Files (x86)\SPDUpdater\updater.exe
    Task: {3534170A-F599-4C07-9A09-91E068AC4146} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5 No Task File <==== ATTENTION
    Task: {358A5B96-24A7-40C9-ACA0-01E66672CC53} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-3 No Task File <==== ATTENTION
    Task: {47FADA48-E1F7-4394-AC82-87D3855E38DF} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-4 No Task File <==== ATTENTION
    Task: {4B4CA7A5-086F-46B7-ADFF-7B9AFA96D676} - System32\Tasks\Smart Driver Updater Schedule => C:\Program Files (x86)\Smart Driver Updater\SDUTray.exe
    Task: {4F056A86-4ECC-46A0-AD5F-E0A1FCE648AB} - System32\Tasks\Norton Security Scan for MITCH => C:\PROGRA~1\NORTON~2\Engine\410~1.31\Nss.exe
    Task: {51C251A7-C5BB-47A5-BD9C-C6E087DA7AD9} - System32\Tasks\User_Feed_Synchronization-{3B747F91-B0D3-4654-9E4B-A4C40BA27FB7}
    Task: {54A904D6-5A97-4A13-BEE9-07810288425F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
    Task: {550197BE-9449-406E-A87E-B4A5D0C5A7E9} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user No Task File <==== ATTENTION
    Task: {59F71A9A-B1DE-4DE5-8933-DDD85C688A41} - System32\Tasks\FastAgain PC Booster_DEFAULT => C:\Program Files (x86)\FastAgain PC Booster\PCBooster.exe
    Task: {5C33F235-D5D5-466A-98C1-ABB2D0D4AD0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {606604CF-21B5-4097-938E-59ED41B41D34} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5_user No Task File <==== ATTENTION
    Task: {6D6FEC66-1079-4D1C-B170-52A2AFE4832E} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-1 No Task File <==== ATTENTION
    Task: {6F7F74AF-2004-492D-B049-835AE3B78221} - System32\Tasks\FastAgain PC Booster_UPDATES => C:\Program Files (x86)\FastAgain PC Booster\PCBooster.exe
    Task: {72DB8461-CBB1-4A87-B856-F19587FED056} - System32\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {74316EC4-62D8-4E24-A976-9EB79DCF5DF5} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5 No Task File <==== ATTENTION
    Task: {78B9017C-6763-46A7-BE4A-27DAE3BDE864} - \LyricXeeker Update No Task File <==== ATTENTION
    Task: {7A558424-DC0E-41CF-8906-0DE8B23AFE4D} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-10_user No Task File <==== ATTENTION
    Task: {7F92867E-9D5D-448F-AB80-6209CE6E6134} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {86AF4274-9E1B-479E-AE76-096AC9D1ABAA} - \CIMT_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
    Task: {92B3EC2B-547D-4BCA-81D8-432B3EDC48EA} - \WSE_Vosteran No Task File <==== ATTENTION
    Task: {963FF965-5E0E-4CDF-A672-A2259FD12654} - \CIMT_daily_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
    Task: {97104820-2037-4255-AF41-5350423981D4} - System32\Tasks\Driver Pro Schedule => C:\Program Files (x86)\Driver Pro\DPTray.exe <==== ATTENTION
    Task: {9955E6D2-E9F2-4CF8-A32E-4584825313F2} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user No Task File <==== ATTENTION
    Task: {9F04B29F-E2C8-463B-A4AC-E05C1D17E1D2} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-6 No Task File <==== ATTENTION
    Task: {9F3A227D-0B84-4572-90B9-7493B3C9E26C} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
    Task: {ADA036F4-E5E7-4468-83AB-B64A1DC2A6E0} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-11 No Task File <==== ATTENTION
    Task: {C1798675-C18C-404F-90F5-7B354082CBE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {C21A7633-BFB3-40C2-860B-A58FC6F674EB} - System32\Tasks\Wqs3RURQofhshHTo => C:\Users\MITCH\AppData\Roaming\Wqs3RURQofhshHTo.exe <==== ATTENTION
    Task: {C3104997-0446-4339-8E33-EDFB711CDE8B} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2 No Task File <==== ATTENTION
    Task: {C4E5BC74-40CC-46DD-9B1B-C9DFF5AF7E28} - \avaxvavya No Task File <==== ATTENTION
    Task: {CB2DFFB6-695A-4CA6-9C22-E23E6A0EF409} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
    Task: {CB3E08E5-2739-4261-95CF-12FD75F1F6DA} - \Wse_binkiland No Task File <==== ATTENTION
    Task: {CC65BF6D-42C0-4729-9A84-6E0A7647BA2B} - System32\Tasks\PresentationSettingsTurnOff_MITCH-PC_MITCH => C:\Windows\system32\PresentationSettings.exe [2009-04-11] (Microsoft Corporation)
    Task: {D027A209-468A-407D-A28B-C48FC816D4F2} - \ConsumerInputUpdateTaskMachineCore No Task File <==== ATTENTION
    Task: {DB62B7FB-D370-4087-8D7E-7B9D5BC9D85F} - System32\Tasks\HPCeeScheduleForMITCH => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
    Task: {DC375676-FE95-45E1-865D-18DC07723629} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-7 No Task File <==== ATTENTION
    Task: {E254E739-0480-4F7D-B40D-41E2195AF220} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
    Task: {F27A700D-2399-4465-8225-F76ACCEAD52F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate
    Task: {F4A14272-E385-446D-84AC-898751525AEB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
    Task: {FF7FD197-8DA0-4E29-9261-EF614DAB4123} - \Run_Bobby_Browser No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job => c:\programdata\{d59329e7-058a-cbd1-d593-329e7058a79c}\hqghumeaylnlf.exe <==== ATTENTION
    Task: C:\Windows\Tasks\FastAgain PC Booster_DEFAULT.job => C:\Program Files (x86)\FastAgain PC Booster\PCBooster.exe
    Task: C:\Windows\Tasks\FastAgain PC Booster_UPDATES.job => C:\Program Files (x86)\FastAgain PC Booster\PCBooster.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core.job => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA.job => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForMITCH.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
    Task: C:\Windows\Tasks\Norton Security Scan for MITCH.job => C:\PROGRA~1\NORTON~2\Engine\410~1.31\Nss.exe
    Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe
    Task: C:\Windows\Tasks\Wqs3RURQofhshHTo.job => C:\Users\MITCH\AppData\Roaming\Wqs3RURQofhshHTo.exe <==== ATTENTION

    ==================== Loaded Modules (Whitelisted) ==============

    2015-01-08 14:12 - 2015-01-08 14:12 - 02264576 _____ () C:\Program Files\BubbleSound\BubbleSound.dll
    2008-09-17 00:16 - 2008-09-17 00:16 - 00117248 _____ () C:\Windows\system32\atitmm64.dll
    2008-10-23 05:48 - 2008-10-06 12:54 - 00365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe
    2008-10-23 05:36 - 2008-06-29 19:10 - 00241734 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    2011-08-08 22:52 - 2011-08-08 22:52 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
    2008-08-22 13:03 - 2008-08-22 13:03 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2008-10-23 05:48 - 2008-10-06 12:54 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll
    2008-10-23 05:36 - 2008-06-29 19:10 - 00028672 _____ () C:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll
    2008-09-25 21:42 - 2008-09-25 21:42 - 00881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows\system32\Drivers\zuuqjjlq.sys:changelist
    AlternateDataStreams: C:\ProgramData\Temp:D346F792

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-499354876-3266562091-500007027-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MITCH\AppData\Local\Microsoft\BingDesktop\themes\2014-02-12.jpg
    DNS Servers: Media is not connected to internet.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: BackupStack => 2
    MSCONFIG\Services: GamingWonderlandService => 2
    MSCONFIG\Services: InternetUpdater => 2
    MSCONFIG\Services: PCKeeper2Service => 2
    MSCONFIG\Services: PCKeeperOcfService => 2
    MSCONFIG\Services: RecipeHub_2jService => 2
    MSCONFIG\Services: Retrogamer_4wService => 2
    MSCONFIG\Services: vToolbarUpdater17.3.0 => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^crossbrowse.lnk => C:\Windows\pss\crossbrowse.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Lightning.lnk => C:\Windows\pss\Desktop Lightning.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Temperature Monitor.lnk => C:\Windows\pss\Desktop Temperature Monitor.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StormWatch.lnk => C:\Windows\pss\StormWatch.lnk.Startup
    MSCONFIG\startupreg: 3D BubbleSound => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
    MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
    MSCONFIG\startupreg: BoBrowser => "C:\Users\MITCH\AppData\Local\BoBrowser\Application\bobrowser.exe" --no-proxy-server
    MSCONFIG\startupreg: Boost => C:\Program Files (x86)\Boost\Boost.exe
    MSCONFIG\startupreg: cdloader => "C:\Users\MITCH\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
    MSCONFIG\startupreg: Gameo => C:\Users\MITCH\AppData\Roaming\Gameo\gameo.exe "C:\Users\MITCH\AppData\Roaming\Gameo\gameo.dat" mode:minimized
    MSCONFIG\startupreg: GamingWonderland Browser Plugin Loader => C:\PROGRA~1\GAMING~2\bar\2.bin\gtbrmon.exe
    MSCONFIG\startupreg: GamingWonderland EPM Support => "C:\PROGRA~1\GAMING~2\bar\3.bin\gtmedint.exe" T8EPMSUP.DLL,S
    MSCONFIG\startupreg: GamingWonderland Home Page Guard 64 bit => "C:\PROGRA~1\GAMING~2\bar\2.bin\AppIntegrator64.exe"
    MSCONFIG\startupreg: GamingWonderland Search Scope Monitor => "C:\PROGRA~1\GAMING~2\bar\2.bin\gtsrchmn.exe" /m=2 /w /h
    MSCONFIG\startupreg: GardeningEnthusiast EPM Support => "C:\PROGRA~1\GARDEN~2\bar\1.bin\7jmedint.exe" T8EPMSUP.DLL,S
    MSCONFIG\startupreg: GardeningEnthusiast Home Page Guard 64 bit => "C:\PROGRA~1\GARDEN~2\bar\1.bin\AppIntegrator64.exe"
    MSCONFIG\startupreg: GardeningEnthusiast Search Scope Monitor => "C:\PROGRA~1\GARDEN~2\bar\1.bin\7jsrchmn.exe" /m=2 /w /h
    MSCONFIG\startupreg: GardeningEnthusiast_7j Browser Plugin Loader => C:\PROGRA~1\GARDEN~2\bar\1.bin\7jbrmon.exe
    MSCONFIG\startupreg: GenieoSystemTray => "C:\Users\MITCH\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe"
    MSCONFIG\startupreg: GenieoUpdaterService => "C:\Users\MITCH\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5
    MSCONFIG\startupreg: Google Update => "C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: GoogleChromeAutoLaunch_1966301AF37C65D1ED1179E7CBD99E72 => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
    MSCONFIG\startupreg: HowToSimplified EPM Support => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\8emedint.exe" T8EPMSUP.DLL,S
    MSCONFIG\startupreg: HowToSimplified Home Page Guard 64 bit => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\AppIntegrator64.exe"
    MSCONFIG\startupreg: HowToSimplified Search Scope Monitor => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\8esrchmn.exe" /m=2 /w /h
    MSCONFIG\startupreg: HowToSimplified_8e Browser Plugin Loader => C:\PROGRA~1\HOWTOS~2\bar\1.bin\8ebrmon.exe
    MSCONFIG\startupreg: InboxToolbar => "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
    MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro 3.20\OptProLauncher.exe
    MSCONFIG\startupreg: PackageTracer AppIntegrator 32-bit => C:\PROGRA~1\PACKAG~2\bar\1.bin\AppIntegrator.exe
    MSCONFIG\startupreg: PackageTracer AppIntegrator 64-bit => C:\PROGRA~1\PACKAG~2\bar\1.bin\AppIntegrator64.exe
    MSCONFIG\startupreg: PackageTracer EPM Support => "C:\PROGRA~1\PACKAG~2\bar\1.bin\69medint.exe" T8EPMSUP.DLL,S
    MSCONFIG\startupreg: PackageTracer Search Scope Monitor => "C:\PROGRA~1\PACKAG~2\bar\1.bin\69srchmn.exe" /m=2 /w /h
    MSCONFIG\startupreg: PC Cleaners => "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize
    MSCONFIG\startupreg: PC Health Kit => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
    MSCONFIG\startupreg: PCFixSpeed => "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup
    MSCONFIG\startupreg: PCKeeper2 => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
    MSCONFIG\startupreg: PCTechHotline => "C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe" /STARTUP
    MSCONFIG\startupreg: Recipe Hub Home Page Guard 64 bit => "C:\PROGRA~1\RECIPE~2\bar\2.bin\AppIntegrator64.exe"
    MSCONFIG\startupreg: Recipe Hub Search Scope Monitor => "C:\PROGRA~1\RECIPE~2\bar\2.bin\2jsrchmn.exe" /m=2 /w /h
    MSCONFIG\startupreg: RecipeHub_2j Browser Plugin Loader => C:\PROGRA~1\RECIPE~2\bar\2.bin\2jbrmon.exe
    MSCONFIG\startupreg: Retrogamer Search Scope Monitor => "C:\PROGRA~1\RETROG~2\bar\2.bin\4wsrchmn.exe" /m=2 /w /h
    MSCONFIG\startupreg: Retrogamer_4w Browser Plugin Loader => C:\PROGRA~1\RETROG~2\bar\2.bin\4wbrmon.exe
    MSCONFIG\startupreg: Salus CrashMon => "C:\Program Files (x86)\f552dd4c52e3\a7d12b5975b4.exe" "b786bdb3c67d.exe" "http://log.data-url.com/salus/crash"
    MSCONFIG\startupreg: Search Protection => "C:\Users\MITCH\AppData\Roaming\Search Protection\SP.EXE" /autostart
    MSCONFIG\startupreg: SearchProtect => C:\Users\MITCH\AppData\Roaming\SearchProtect\bin\cltmng.exe
    MSCONFIG\startupreg: SearchProtectAll => "C:\Program Files (x86)\SearchProtect\bin\cltmng.exe"
    MSCONFIG\startupreg: SelectRebates => "C:\Program Files (x86)\SelectRebates\SelectRebates.exe"
    MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\MITCH\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
    MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\MITCH\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    MSCONFIG\startupreg: shopperz => C:\Program Files\shopperz\wrex.exe
    MSCONFIG\startupreg: shopperz64 => C:\Program Files\shopperz\wrex64.exe
    MSCONFIG\startupreg: SpywareClearShield => "C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe"
    MSCONFIG\startupreg: SpywareClearUpdater => "C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe"
    MSCONFIG\startupreg: StormWatch => "C:\Program Files (x86)\StormWatch\StormWatchApp.exe"
    MSCONFIG\startupreg: Super Optimizer => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
    MSCONFIG\startupreg: TSMAgent => "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
    MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
    MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    MSCONFIG\startupreg: UpdatePDIRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    MSCONFIG\startupreg: WebBar => C:\Users\MITCH\AppData\Local\WebBar\2.0.5343.21616\wb.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{2D720E0B-FB17-4C8A-9F86-B55938CFA8A9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
    FirewallRules: [{2EE9D486-776E-4A38-BC02-BD5F65BD28BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
    FirewallRules: [{8900904A-1EE6-4C87-96CB-7D86BA6CF64C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
    FirewallRules: [{E8290F9D-7197-4FCE-88B6-80063D832BC5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
    FirewallRules: [{C7963FE5-36CE-4FFA-8459-0F879C4A0E7B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
    FirewallRules: [{A107B0DE-B6D8-4607-9F2E-7665B44C7B33}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
    FirewallRules: [{D4905A67-ED93-4AF3-A217-99D2C0F551A0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
    FirewallRules: [{E66EA628-13EB-4B6B-BFFC-5A9E5C1E10F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
    FirewallRules: [{6FE01D9B-EB0F-4788-8DCC-EC59AF93C650}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
    FirewallRules: [{B19F4E26-A53A-46E2-B47B-6E93B76D4D24}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
    FirewallRules: [{8C2326A8-FEBD-456F-9CC0-0A8B70DDE8D7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    FirewallRules: [{9D4CA0E9-1209-4B35-B8A9-CEF5A320674E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    FirewallRules: [{37948C4D-AFDB-4E8B-8FDE-E113AD9A1A5F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QP.exe
    FirewallRules: [{D231B7E7-FA3B-4432-BF83-D93D9F897BD9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QPService.exe
    FirewallRules: [{5CD0FD8E-FC7E-4F04-850C-E6D8C86FB0F2}] => (Allow) LPort=80
    FirewallRules: [{A9B3E1B3-D13A-4871-A0CE-F75D2638C6AA}] => (Allow) LPort=80
    FirewallRules: [{0077EA1C-8965-4DA9-8255-7701AC4063E1}] => (Allow) LPort=80
    FirewallRules: [TCP Query User{DA0631B7-7E96-4808-B2D5-9F0641460FC4}C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe
    FirewallRules: [UDP Query User{00448820-4586-4DBA-B7AC-EE49FE0A898D}C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe
    FirewallRules: [TCP Query User{B7F8A776-007E-4C64-A28F-550E9D4602C5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{875B22E8-B606-4C64-98EB-E19F3D004A9B}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [{1FFC6C13-530F-4C20-B161-D609D94DC4FC}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
    FirewallRules: [{BCD33088-CBC3-4791-B171-23CA234BE409}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
    FirewallRules: [{8046D6BC-6A93-4EF2-9C67-31E758EB034D}] => (Allow) C:\Users\MITCH\AppData\Local\Temp\ibtmp3f6c444\component_514
    FirewallRules: [{FD29D261-A29C-409E-B37A-5AAED6162D36}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe
    FirewallRules: [{2DE2CBC0-830F-4902-836A-3786D03873DE}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
    FirewallRules: [{0FF8F62A-3271-4F1C-AC53-5665DFAAA8FA}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
    FirewallRules: [TCP Query User{6BBFA39E-AD5C-4406-95F3-446C4716EE75}C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
    FirewallRules: [UDP Query User{977C99A4-24D8-4D66-B45C-71F685BFABFD}C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
    FirewallRules: [TCP Query User{C6117AF1-7B22-46EA-BF08-2ADE597FFE9C}C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
    FirewallRules: [UDP Query User{0540A14D-E985-4766-9D4F-E6C68B7D3461}C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
    FirewallRules: [{33580EE5-CAD7-4CE9-992C-FC393CCEAC16}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{908B6D24-BD5A-42E3-B776-2551860859DB}] => (Allow) LPort=2869
    FirewallRules: [{C1520C1F-25AC-459D-87AF-F696CC7BCCBD}] => (Allow) LPort=1900
    FirewallRules: [{87EAD9F9-E3BB-4B21-8AAF-D7BB98002636}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{893C92B2-7F86-43D0-AE3E-6533E7347F0D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [TCP Query User{345584AC-AFCD-43A8-BBAF-184C821686DE}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe
    FirewallRules: [UDP Query User{387DBBA5-ACF8-44B3-90E8-C2579A546F02}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe
    FirewallRules: [TCP Query User{B396CADD-5AFD-418A-B83C-B0056A1D7CF3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
    FirewallRules: [UDP Query User{6C81C147-C618-4E57-8EC9-A39482E6A5CE}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
    FirewallRules: [TCP Query User{03BEA1CC-4967-4248-B683-821220DC922B}C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe
    FirewallRules: [UDP Query User{912186A5-B513-4198-8FE6-A1A35E7809C6}C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe
    FirewallRules: [{0659870B-2E91-458D-9905-0CA47E7AF388}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft 6to4 Adapter #2
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: 6TO4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Could not start eventlog service, could not read events.

    The Windows Event Log service is starting.
    The Windows Event Log service could not be started.

    A system error has occurred.

    More help is available by typing NET HELPMSG 4201.


    ==================== Memory info ===========================

    Processor: AMD Turion™ X2 Dual-Core Mobile RM-74
    Percentage of memory in use: 38%
    Total physical RAM: 3836.89 MB
    Available physical RAM: 2372.27 MB
    Total Virtual: 7860.3 MB
    Available Virtual: 6185.76 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:285.18 GB) (Free:215.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:12.9 GB) (Free:1.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: 89900F6B)
    Partition 1: (Active) - (Size=285.2 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=12.9 GB) - (Type=07 NTFS)

    ==================== End of log ============================



    #6 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 10 July 2015 - 06:22 PM

    You have a lot going on, you have many infections, I know this is inconvenient but until we get the internet connection resolved you will still have to transfer stuff back and forth

     

     

     
    -AdwCleaner-by Xplode
     
    Click on this link to download : ADWCleaner TO YOUR DESKTOP
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
    Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers
     
     
    Do not click on any links in the top Advertisment.
     
    AdwCleaner4.201_zpsxrbk2llq.jpg
     
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  •  
     
    ===============================================================================
     
     
    thisisujrt.gif Please download Junkware Removal Tool TO YOUR DESKTOP
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    ===============================================================================
     
    Download Malwarebytes' Anti-Malware  TO YOUR DESKTOP
     
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM_zpsr1ew7hep.png
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #7 mickey7

    mickey7

      Silver Member

    • Authentic Member
    • PipPipPip
    • 254 posts

    Posted 10 July 2015 - 09:41 PM

    OK here's the latest:

    ADWCleaner Log:

     

     

    # AdwCleaner v4.208 - Logfile created 10/07/2015 at 20:45:29
    # Updated 09/07/2015 by Xplode
    # Database : 2015-07-09.2 [Local]
    # Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
    # Username : MITCH - MITCH-PC
    # Running from : C:\Users\MITCH\Desktop\AdwCleaner(1).exe
    # Option : Cleaning

    ***** [ Services ] *****

    Service Deleted : APNMCP
    [#] Service Deleted : globalUpdate
    [#] Service Deleted : globalUpdatem
    [#] Service Deleted : swdumon
    [#] Service Deleted : UpdateCheck

    ***** [ Files / Folders ] *****

    [!] Folder Deleted : C:\ProgramData\apn
    [!] Folder Deleted : C:\ProgramData\AskPartnerNetwork
    [!] Folder Deleted : C:\ProgramData\MailUpdate
    [!] Folder Deleted : C:\ProgramData\Kromtech
    [!] Folder Deleted : C:\ProgramData\PC Booster
    [!] Folder Deleted : C:\ProgramData\InstallSightSDK
    [!] Folder Deleted : C:\ProgramData\PorOSuhoepper
    [!] Folder Deleted : C:\ProgramData\5a33d5f6a5bbac86
    [!] Folder Deleted : C:\ProgramData\6499773942544968838
    [!] Folder Deleted : C:\ProgramData\{0da777ff-38fc-fbab-0da7-777ff38fdffc}
    [!] Folder Deleted : C:\ProgramData\{d59329e7-058a-cbd1-d593-329e7058a79c}
    [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
    [!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightspark 0.5.3-git
    [!] Folder Deleted : C:\Program Files (x86)\AmiExt
    [!] Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
    [!] Folder Deleted : C:\Program Files (x86)\Lightspark 0.5.3-git
    [!] Folder Deleted : C:\Program Files (x86)\predm
    [!] Folder Deleted : C:\Program Files (x86)\Tweaks
    [!] Folder Deleted : C:\Program Files (x86)\Driver Support
    [!] Folder Deleted : C:\Program Files (x86)\Music Remote
    [!] Folder Deleted : C:\Program Files (x86)\CloudScout Parental Control
    [!] Folder Deleted : C:\Program Files (x86)\fun4us
    [!] Folder Deleted : C:\Program Files (x86)\coupoon
    [!] Folder Deleted : C:\Program Files (x86)\suprize
    [!] Folder Deleted : C:\Program Files (x86)\WinZip Driver Updater
    [!] Folder Deleted : C:\Program Files (x86)\WebProtectorPlus
    [!] Folder Deleted : C:\Program Files (x86)\driverupdate
    [!] Folder Deleted : C:\Program Files (x86)\apppsavue
    [!] Folder Deleted : C:\Program Files (x86)\appsAve
    [!] Folder Deleted : C:\Program Files (x86)\BetterePriceChec
    [!] Folder Deleted : C:\Program Files (x86)\BEttteerPriCeoCheec
    [!] Folder Deleted : C:\Program Files (x86)\BettterPRiceoCoheEac
    [!] Folder Deleted : C:\Program Files (x86)\CClickFOrSalle
    [!] Folder Deleted : C:\Program Files (x86)\CeOolSaaleCoUpoN
    [!] Folder Deleted : C:\Program Files (x86)\CliCCkFFOOrSualle
    [!] Folder Deleted : C:\Program Files (x86)\ClIckFaorSSale
    [!] Folder Deleted : C:\Program Files (x86)\Coupoon
    [!] Folder Deleted : C:\Program Files (x86)\deal2dealiiT
    [!] Folder Deleted : C:\Program Files (x86)\deala4reall
    [!] Folder Deleted : C:\Program Files (x86)\dowaNloaditKeepo
    [!] Folder Deleted : C:\Program Files (x86)\downlloadItkoeepu
    [!] Folder Deleted : C:\Program Files (x86)\ExtraaShopopeR
    [!] Folder Deleted : C:\Program Files (x86)\Fastsalerr
    [!] Folder Deleted : C:\Program Files (x86)\FlashhCCOupioNu
    [!] Folder Deleted : C:\Program Files (x86)\FLasuhhCoupOn
    [!] Folder Deleted : C:\Program Files (x86)\foastsaler
    [!] Folder Deleted : C:\Program Files (x86)\KIngCouupon
    [!] Folder Deleted : C:\Program Files (x86)\lowaprices
    [!] Folder Deleted : C:\Program Files (x86)\LuckyCoupOen
    [!] Folder Deleted : C:\Program Files (x86)\nittrOdeual
    [!] Folder Deleted : C:\Program Files (x86)\offerrsaLe
    [!] Folder Deleted : C:\Program Files (x86)\offersalee
    [!] Folder Deleted : C:\Program Files (x86)\PrinceCouponi
    [!] Folder Deleted : C:\Program Files (x86)\QuEeanCoeupon
    [!] Folder Deleted : C:\Program Files (x86)\QueenCCoupon
    [!] Folder Deleted : C:\Program Files (x86)\QueeNNCCouupOan
    [!] Folder Deleted : C:\Program Files (x86)\quicckshOp
    [!] Folder Deleted : C:\Program Files (x86)\RioyAlShopperrApp
    [!] Folder Deleted : C:\Program Files (x86)\rocccketssaLe
    [!] Folder Deleted : C:\Program Files (x86)\roccKetasale
    [!] Folder Deleted : C:\Program Files (x86)\roucKuetdeal
    [!] Folder Deleted : C:\Program Files (x86)\RoyalCoaupon
    [!] Folder Deleted : C:\Program Files (x86)\RoyalCoupoN
    [!] Folder Deleted : C:\Program Files (x86)\ROyalShopppErAppu
    [!] Folder Deleted : C:\Program Files (x86)\SaaveerPPrro
    [!] Folder Deleted : C:\Program Files (x86)\SahoppaeruMMasteer
    [!] Folder Deleted : C:\Program Files (x86)\SaLesMauggneT
    [!] Folder Deleted : C:\Program Files (x86)\SaverProo
    [!] Folder Deleted : C:\Program Files (x86)\SHHoppeRMaster
    [!] Folder Deleted : C:\Program Files (x86)\ShOppeReMaster
    [!] Folder Deleted : C:\Program Files (x86)\ShopperMastter
    [!] Folder Deleted : C:\Program Files (x86)\ShopperrMasoter
    [!] Folder Deleted : C:\Program Files (x86)\ShoupperMMaster
    [!] Folder Deleted : C:\Program Files (x86)\SiAlesCahecker
    [!] Folder Deleted : C:\Program Files (x86)\SSalEsChiecker
    [!] Folder Deleted : C:\Program Files (x86)\surfkeeepiit
    [!] Folder Deleted : C:\Program Files (x86)\surfkeeepit
    [!] Folder Deleted : C:\Users\MITCH\AppData\Local\Temp\apn
    [!] Folder Deleted : C:\Users\MITCH\AppData\Local\Temp\VuuPC
    [!] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
    [!] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\StormWatch
    [!] Folder Deleted : C:\Program Files\BubbleSound
    [!] Folder Deleted : C:\Users\MITCH\AppData\Local\AskPartnerNetwork
    [!] Folder Deleted : C:\Users\MITCH\AppData\Local\Gameo
    [!] Folder Deleted : C:\Users\MITCH\AppData\Local\Crossbrowse
    [!] Folder Deleted : C:\Users\MITCH\AppData\Local\UnicoBrowser
    [!] Folder Deleted : C:\Users\MITCH\AppData\Local\slimware utilities inc
    [!] Folder Deleted : C:\Users\MITCH\AppData\LocalLow\ShopAtHome
    [!] Folder Deleted : C:\Users\MITCH\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    [!] Folder Deleted : C:\Users\MITCH\AppData\Roaming\DigitalSites
    [!] Folder Deleted : C:\Users\MITCH\AppData\Roaming\Systweak
    [!] Folder Deleted : C:\Users\MITCH\AppData\Roaming\WebExtend
    [!] Folder Deleted : C:\Users\MITCH\AppData\Roaming\MailUpdate
    [!] Folder Deleted : C:\Users\MITCH\AppData\Roaming\ShopAtHome
    [!] Folder Deleted : C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BubbleSound 1.0
    [!] Folder Deleted : C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg
    File Deleted : C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nemfjadlboooiffmcelkafilagddogim
    File Deleted : C:\claraInstaller.txt
    File Deleted : C:\Users\Public\Desktop\FileOpener.lnk
    File Deleted : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
    File Deleted : C:\Program Files (x86)\prefs.js
    File Deleted : C:\Windows\efix.ini
    File Deleted : C:\Windows\Reimage.ini
    File Deleted : C:\Windows\System32\roboot64.exe
    File Deleted : C:\Windows\System32\drivers\SPPD.sys
    File Deleted : C:\Windows\System32\drivers\swdumon.sys
    File Deleted : C:\Users\MITCH\AppData\Roaming\TFNRF
    File Deleted : C:\Users\MITCH\AppData\Roaming\Wqs3RURQofhshHTo
    File Deleted : C:\Users\MITCH\Desktop\3D BubbleSound.lnk
    File Deleted : C:\Users\MITCH\Desktop\Live PC Help.lnk
    File Deleted : C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\user.js
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\my.cfg
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\my-prefs.js

    ***** [ Scheduled tasks ] *****

    Task Deleted : Driver Pro Schedule
    Task Deleted : gameo_update
    Task Deleted : LaunchSignup
    Task Deleted : Smart Driver Updater Schedule
    Task Deleted : FastAgain PC Booster
    Task Deleted : FastAgain PC Booster_DEFAULT
    Task Deleted : FastAgain PC Booster_UPDATES
    Task Deleted : Wqs3RURQofhshHTo

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [lyrix@lyrixeeker.co]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmbmildjdmppofnohldicmnkojfhggmb
    Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CrashMon]
    Key Deleted : HKLM\SOFTWARE\Classes\Extension.jshep
    Key Deleted : HKLM\SOFTWARE\Classes\Extension.jshep.1
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
    Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
    Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderlandInstaller.Start
    Key Deleted : HKLM\SOFTWARE\Classes\GamingWonderlandInstaller.Start.1
    Key Deleted : HKLM\SOFTWARE\Classes\GardeningEnthusiast_7j.FeedManager
    Key Deleted : HKLM\SOFTWARE\Classes\GardeningEnthusiast_7j.FeedManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\GardeningEnthusiast_7j.HTMLPanel
    Key Deleted : HKLM\SOFTWARE\Classes\GardeningEnthusiast_7j.HTMLPanel.1
    Key Deleted : HKLM\SOFTWARE\Classes\GardeningEnthusiast_7j.SettingsPlugin
    Key Deleted : HKLM\SOFTWARE\Classes\GardeningEnthusiast_7j.SettingsPlugin.1
    Key Deleted : HKLM\SOFTWARE\Classes\GardeningEnthusiast_7j.ToolbarProtector
    Key Deleted : HKLM\SOFTWARE\Classes\GardeningEnthusiast_7j.ToolbarProtector.1
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.DynamicBarButton
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.DynamicBarButton.1
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.FeedManager
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.FeedManager.1
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.HTMLMenu
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.HTMLMenu.1
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.HTMLPanel
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.HTMLPanel.1
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.MultipleButton
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.MultipleButton.1
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.PseudoTransparentPlugin
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.PseudoTransparentPlugin.1
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.Radio
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.Radio.1
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.RadioSettings
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.RadioSettings.1
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.ScriptButton
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.ScriptButton.1
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.SettingsPlugin
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.SettingsPlugin.1
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.SkinLauncher
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.SkinLauncher.1
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.ThirdPartyInstaller
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.ThirdPartyInstaller.1
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.UrlAlertButton
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.UrlAlertButton.1
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.XMLSessionPlugin
    Key Deleted : HKLM\SOFTWARE\Classes\GasGlance_5i.XMLSessionPlugin.1
    Key Deleted : HKLM\SOFTWARE\Classes\HowToSimplified_8e.SettingsPlugin
    Key Deleted : HKLM\SOFTWARE\Classes\HowToSimplified_8e.SettingsPlugin.1
    Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39Installer.Start
    Key Deleted : HKLM\SOFTWARE\Classes\MapsGalaxy_39Installer.Start.1
    Key Deleted : HKLM\SOFTWARE\Classes\PackageTracer_69.HTMLPanel
    Key Deleted : HKLM\SOFTWARE\Classes\PackageTracer_69.HTMLPanel.1
    Key Deleted : HKLM\SOFTWARE\Classes\PackageTracer_69.PseudoTransparentPlugin
    Key Deleted : HKLM\SOFTWARE\Classes\PackageTracer_69.PseudoTransparentPlugin.1
    Key Deleted : HKLM\SOFTWARE\Classes\PackageTracer_69.SettingsPlugin
    Key Deleted : HKLM\SOFTWARE\Classes\PackageTracer_69.SettingsPlugin.1
    Key Deleted : HKLM\SOFTWARE\0cb0f815-d87c-fc21-ffce-3412c1ecfd05
    Key Deleted : HKLM\SOFTWARE\0f2a7b4f-969f-4c1f-acfb-20f19e0bc146
    Key Deleted : HKLM\SOFTWARE\fa1ac5ef-9167-40cc-9d97-3788521ed091
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5081D2D4-1637-404C-B74F-50526718257D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{318C7F13-3498-459E-BF35-12865E6D005C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{43C44539-11A6-4DAB-A69B-1B7D71ECFF99}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4DDEC9FF-96A3-4B1B-ADCA-0B31EC700151}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5D9FB48A-5CE2-4118-B19F-F88ADDB0F814}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5DEBC66A-136E-4F2C-84CC-8A984EBA1195}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{829DD016-D322-481B-8BA3-10064B09EAC4}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1965763-A486-4E1E-B574-19E44B3842E8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4D1C553-99C0-48E5-B0A7-B1E00163715C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5081D2D4-1637-404C-B74F-50526718257D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D2C31D2B-35BE-4C2B-ACCB-A78877274E60}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5081D2D4-1637-404C-B74F-50526718257D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BB66D3-9F1A-479A-AA5C-DB34B618B965}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a3e1d674-04ee-4c9e-b143-442555830fb7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}
    Key Deleted : HKCU\Software\AskPartnerNetwork
    Key Deleted : HKCU\Software\Boost
    Key Deleted : HKCU\Software\Compete
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\systweak
    Key Deleted : HKCU\Software\Tune
    Key Deleted : HKCU\Software\Reimage
    Key Deleted : HKCU\Software\DriverSupport
    Key Deleted : HKCU\Software\CoinisRS
    Key Deleted : HKCU\Software\SpeeditUp
    Key Deleted : HKCU\Software\Super Optimizer
    Key Deleted : HKCU\Software\efixpro
    Key Deleted : HKCU\Software\eFix
    Key Deleted : HKCU\Software\WebBar
    Key Deleted : HKCU\Software\Crossbrowse
    Key Deleted : HKCU\Software\reimagerepair
    Key Deleted : HKCU\Software\PC Booster
    Key Deleted : HKCU\Software\suprize
    Key Deleted : HKCU\Software\PRODUCTSETUP
    Key Deleted : HKCU\Software\Kromtech
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Software\AmiExt
    Key Deleted : HKCU\Software\AppDataLow\Software\Compete
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
    Key Deleted : HKLM\SOFTWARE\Boost
    Key Deleted : HKLM\SOFTWARE\CompeteInc
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
    Key Deleted : HKLM\SOFTWARE\Lightspark Team
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKLM\SOFTWARE\Tune
    Key Deleted : HKLM\SOFTWARE\V9Software
    Key Deleted : HKLM\SOFTWARE\StormWatchApp
    Key Deleted : HKLM\SOFTWARE\Clara
    Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    Key Deleted : HKLM\SOFTWARE\Better-Surf
    Key Deleted : HKLM\SOFTWARE\Crossbrowse
    Key Deleted : HKLM\SOFTWARE\Universal
    Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
    Key Deleted : HKU\.DEFAULT\Software\IBUpdaterService
    Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lightspark
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks FileOpener
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3119AFD3-545C-0955-573A-494F62E61990}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Digital Sites
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\EZ Software Updater_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Lightspark
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Tweaks FileOpener
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Tuneup Pro_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BoBrowser
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StormWatch
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Salus
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Super Optimizer_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE_Vosteran
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vosteran
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1C52B8B6-FFA2-12F6-0A5A-E8301F96A568}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\gameo
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Desktop Temperature Monitor
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{35E0D123-1F22-9AE6-F973-B7ECA46E8BFE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Setup Support for Consumer Input
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Consumer Input Installer
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Converter Free Online_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE_Binkiland
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2FA77785-00C3-A920-6452-D4FE5C9C129F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BubbleSound
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{594FD08C-0622-F9B8-CB02-7C1355D33CB8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E1527582-8509-4011-B922-29E3FB548882}_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{49F8B4F8-0CD4-4BE4-A9E8-B13A071F7C90}_is1
    Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
    Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
    Key Deleted : [x64] HKLM\SOFTWARE\Reimage
    Key Deleted : [x64] HKLM\SOFTWARE\eFix
    Key Deleted : [x64] HKLM\SOFTWARE\BubbleSound
    Key Deleted : [x64] HKLM\SOFTWARE\Kromtech
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BubbleSound
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\binkiland.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v9.0.8112.16659


    -\\ Mozilla Firefox v34.0.5 (x86 en-US)

    [sbpv9us6.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://search.v9.com/favicon.ico");
    [sbpv9us6.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://search.v9.com/web/?type=ds&ts=1420537787&from=pjr&uid=FUJITSUXMHZ2320BHXG2_K618T8B2WCU5&i=psd&t=34eb4dd52&q={searchTerms}");
    [sbpv9us6.default\prefs.js] - Line Deleted : user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22anthrop[...]
    [sbpv9us6.default\prefs.js] - Line Deleted : user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22hxxp%3A//www.holasearch.com[...]
    [sbpv9us6.default\prefs.js] - Line Deleted : user_pref("extensions.aMGKN37049485ACPSC11936960com61365.61365.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%[...]
    [sbpv9us6.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_coinis_15_01_ie&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0BtB0EyCtA0E0D0F0AyE0DtN0D0Tzu0StCtDzyzytN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzyt[...]
    [sbpv9us6.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_coinis_15_01_ie&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0BtB0EyCtA0E0D0F0AyE0DtN0D0Tzu0StCtDzyzytN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBz[...]
    [sbpv9us6.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_coinis_15_01_ie&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0BtB0EyCtA0E0D0F0AyE0DtN0D0Tzu0StCtDzyzytN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEt[...]

    -\\ Google Chrome v43.0.2357.130

    [C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [73429 bytes] - [02/12/2014 08:06:44]
    AdwCleaner[R1].txt - [1157 bytes] - [03/12/2014 10:54:24]
    AdwCleaner[R2].txt - [34261 bytes] - [10/07/2015 20:31:44]
    AdwCleaner[S0].txt - [60048 bytes] - [02/12/2014 08:08:41]
    AdwCleaner[S1].txt - [1192 bytes] - [03/12/2014 11:03:44]
    AdwCleaner[S2].txt - [31454 bytes] - [10/07/2015 20:45:29]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [31514  bytes] ##########
     

     

    JRT LOG:

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 7.4.1 (07.10.2015:2)
    OS: Windows ™ Vista Home Premium x64
    Ran by MITCH on Fri 07/10/2015 at 21:04:35.52
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks

    Successfully deleted: [Task] C:\Windows\system32\tasks\Bidaily Synchronize Task[8da6]
    Successfully deleted: [Task] C:\Windows\tasks\Bidaily Synchronize Task[8da6].job



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9}
    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{534D542D-5637-006A-76A7-7A786E7484D7}
    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Torch
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Torch.LQEENEHX2XMOE2LONWPT5WTVEM
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111251155}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{934BCD49-C81A-4ED0-86DF-56EE1B6DA341}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111251155}



    ~~~ Files

    Successfully deleted: [File] C:\Users\MITCH\AppData\Roaming\appdataFr25.bin
    Successfully deleted: [File] C:\Users\MITCH\AppData\Roaming\appdataFr3.bin



    ~~~ Folders

    Successfully deleted: [Folder] C:\Program Files (x86)\opensoftwareupdater
    Successfully deleted: [Folder] C:\ProgramData\pc1data
    Successfully deleted: [Folder] C:\ProgramData\pchealthboost
    Successfully deleted: [Folder] C:\Users\MITCH\appdata\locallow\company
    Successfully deleted: [Folder] C:\Users\MITCH\appdata\locallow\gamingwonderlandei
    Successfully deleted: [Folder] C:\Users\MITCH\AppData\Roaming\compete
    Successfully deleted: [Folder] C:\Users\MITCH\AppData\Roaming\goldengate
    Successfully deleted: [Folder] C:\Users\MITCH\AppData\Roaming\opensoftwareupdater
    Successfully deleted: [Folder] C:\Users\MITCH\AppData\Roaming\pc cleaners
    Successfully deleted: [Folder] C:\Users\MITCH\AppData\Roaming\pcpro
    Successfully deleted: [Folder] C:\Users\MITCH\documents\add-in express
    Successfully deleted: [Folder] C:\Users\MITCH\documents\optimizer pro
    Successfully deleted: [Folder] C:\users\public\documents\downloaded installers
    Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
    Successfully deleted: [Folder] C:\Users\MITCH\appdata\local\12009



    ~~~ FireFox

    Successfully deleted: [File] C:\user.js
    Successfully deleted: [File] C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\sbpv9us6.default\searchplugins\my-homepage.xml
    Successfully deleted: [Folder] C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net
    Successfully deleted: [Folder] C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@packagetracer_69.com/plugin
    Successfully deleted the following from C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\sbpv9us6.default\prefs.js

    user_pref(browser.search.searchengine.alias, v9);
    user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
    user_pref(browser.search.searchengine.name, v9);
    user_pref(browser.search.searchengine.ptid, pjr);
    user_pref(browser.search.searchengine.uid, FUJITSUXMHZ2320BHXG2_K618T8B2WCU5);
    user_pref(extensions.3gu8AewXeqQRDZ6n.scode, (function(){try{if(window.self.location.href.indexOf(\rjnErdY8rHs6rdk7qHCGqTa7rjk\)>-1){return;}}catch(e){}try{var d=[[\tria
    user_pref(extensions.DRVnZ5k8RiEUxmF9.scode, (function(){try{if(window.self.location.href.indexOf(\rjnErdY8rHs6rdk7qHCGqTa7rjk\)>-1){return;}}catch(e){}try{var d=[[\tria
    user_pref(extensions.Oj73lj6w5uOHSEyF.scode, (function(){try{if(window.self.location.href.indexOf(\rjnErdY8rHs6rdk7qHCGqTa7rjk\)>-1){return;}}catch(e){}try{var d=[[\tria
    user_pref(extensions.TM90IVkezomQsnUc.scode, (function(){try{if(window.self.location.href.indexOf(\rjnErdY8rHs6rdk7qHCGqTa7rjk\)>-1){return;}}catch(e){}try{var d=[[\tria
    user_pref(extensions.WR6xGbeIajT7fc4D.scode, (function(){try{if(window.self.location.href.indexOf(\rjnErdY8rHs6rdk7qHCGqTa7rjk\)>-1){return;}}catch(e){}try{var d=[[\tria
    user_pref(extensions.srchvstrn.prtnrId, WSE_Vosteran);
    user_pref(extensions.srchvstrn.srchPrvdr, Vosteran);
    Emptied folder: C:\Users\MITCH\AppData\Roaming\mozilla\firefox\profiles\sbpv9us6.default\minidumps [1 files]



    ~~~ Chrome


    [C:\Users\MITCH\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

    [C:\Users\MITCH\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

    [C:\Users\MITCH\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

    [C:\Users\MITCH\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
    [
      ogminpmldncgcmokldnmmapddoccmhfl
    ]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 07/10/2015 at 21:15:09.97
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    Had a hard time getting the Malwarebytes to run.   It would open and sit in the systray and do nothing.  Eventually it started but again I could not update it due to connection problem. It was still running at midnight.  Had to let it go.  Have work in the morning.  I will post that log when I can.  But here are the others as a start.



    #8 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 11 July 2015 - 04:17 AM

    Wow, lots of bad stuff removed. With Windows Vista 64 bit what you need to do is right click on Malwarebytes and select RUN AS ADMINISTRATOR

     

     

     

    Try running Malwarebytes in Safemode. 

     


    To Enter Safemode
  • Go to  Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
  •   this will bring up a menu.
  • Use the  Up and Down Arrow Keys to scroll up to  Safemode with Networking
  • Then press the  Enter Key on your Keyboard
  • Tutorial if you need it How to boot into Safemode


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #9 mickey7

    mickey7

      Silver Member

    • Authentic Member
    • PipPipPip
    • 254 posts

    Posted 11 July 2015 - 07:29 AM

    I thought it would be done before I had to get to bed, but it just seemed to stay on that very last area forever.  But here are the logs.

     

    Scan log:

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 7/10/2015
    Scan Time: 9:57:26 PM
    Logfile: scanlog.txt
    Administrator: Yes

    Version: 2.1.8.1057
    Malware Database: v2015.06.03.03
    Rootkit Database: v2015.06.02.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x64
    File System: NTFS
    User: MITCH

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 427803
    Time Elapsed: 2 hr, 6 min, 51 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 148
    PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, Quarantined, [d8771a9c444610265bd9f3af73904ab6],
    PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, Quarantined, [d8771a9c444610265bd9f3af73904ab6],
    PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, Quarantined, [d8771a9c444610265bd9f3af73904ab6],
    PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, Quarantined, [d8771a9c444610265bd9f3af73904ab6],
    PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, Quarantined, [d8771a9c444610265bd9f3af73904ab6],
    PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, Quarantined, [d8771a9c444610265bd9f3af73904ab6],
    PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\APPID\ConsumerInputUpdate.exe, Quarantined, [9eb186302e5cf145dbeb9a4fe61d0af6],
    PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\ConsumerInputUpdate.exe, Quarantined, [60ef764049412016c3031acfa063a060],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26EAFF8B-3CD5-42C3-8D9C-BE5FFF9F32DF}, Quarantined, [8dc26452d4b6ed4928efbac4cd3858a8],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B81DD85E-EB4F-470E-B394-CCD3E4A4FCE2}, Quarantined, [09465462f694a3939c7be89622e3ea16],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C4C0A26E-DBAE-49AD-B080-B8804953E551}, Quarantined, [b699c7efee9c1e18f524ef8fea1b0000],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C83DDCBF-AEC5-45E2-8B74-9CB877607BE6}, Quarantined, [301fb5010f7b30060217fe80c73e6c94],
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [3e1100b61179cf67bb44e997e32227d9],
    PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\ConsumerInput, Quarantined, [fa551e98701a91a530fe12d439ca2fd1],
    PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [68e76d4954363df97fb12fb718ebb848],
    PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\ConsumerInputUpdate.exe, Quarantined, [3d12882efe8c6ec87e48c52431d211ef],
    PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\DPIMGLHOJAPIKOEEIFCIFANBEINEPHDM, Quarantined, [bf906f47f59579bdb9966a7cf60d15eb],
    PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\LGGJOCKDKHAHIHJFEHMOCMJAKCHIHNJB, Quarantined, [c08f476f3e4c1c1afe517571e91a4fb1],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{113DDEDD-85B0-4F48-B9B0-7A727DB38CB5}, Quarantined, [ec63f3c3444638fe6036d8a443c2da26],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{16D0011B-A05D-4891-9DB2-7979236BB50E}, Quarantined, [ef60a313addd36004551007c9f669e62],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111251155}, Quarantined, [d27d3c7a5238eb4b011669153fc606fa],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26EAFF8B-3CD5-42C3-8D9C-BE5FFF9F32DF}, Quarantined, [d47bd1e52c5e6dc932e58cf28382df21],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B9BF8F6-0D9B-4C80-97F8-F8AF20888CE6}, Quarantined, [b798a80e2a6092a49105fe7e8f762ed2],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4F8A7EA8-CDEF-4393-8191-38DC6448F967}, Quarantined, [b9964e687515f73f5e38c7b5ed1839c7],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5806AF45-491A-4080-B99E-D5045B11D21E}, Quarantined, [2e21278f7713d85e5d3913695fa6f709],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68ED2974-ECDA-46DA-B5C8-0DBCDE795731}, Quarantined, [d57a9c1ae5a5cd6999fdf88421e451af],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{777651E4-13CA-4A6A-A605-79CD54B1CB08}, Quarantined, [301fad09a5e5a393f3a3e09c50b525db],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{88A61F12-5BEA-461B-878A-E9E310975F4D}, Quarantined, [4609b40296f49e98e8ae86f6010419e7],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89826354-5A6B-4BB5-B222-C350684DF0A7}, Quarantined, [ea6584322763c571781ec3b9996c6c94],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9299B102-415C-41D0-ABD4-9371283A0FFA}, Quarantined, [1837595dd2b8280e1581354754b1649c],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99F5CFDE-6252-4035-B820-BD521960F59F}, Quarantined, [56f9872f39511125ecaaff7da164e21e],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AB2BFE44-B528-416E-A56F-EE9BBAA114A4}, Quarantined, [d17ea511800ab680afe79ce01aeb7987],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B38CC7F3-9561-4AA5-9907-25724A4BB87B}, Quarantined, [a3ac3f77870390a6b1e50b71bf46f40c],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B81DD85E-EB4F-470E-B394-CCD3E4A4FCE2}, Quarantined, [2629b105f991072f8c8b86f834d1af51],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C4C0A26E-DBAE-49AD-B080-B8804953E551}, Quarantined, [0946e7cfacde87af76a3c8b6b352cd33],
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C83DDCBF-AEC5-45E2-8B74-9CB877607BE6}, Quarantined, [ed628e28abdfb97dd04999e580855ba5],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CE12DC0F-3015-4D30-B186-BF9808558177}, Quarantined, [aba44076830771c5e3b3027a44c129d7],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1149832-ABE6-4A57-933D-5D5A6045EE9D}, Quarantined, [60eff5c1b4d61e18b3e395e72ed75fa1],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E24DE5E8-9C8F-4E23-8B0B-712F42992059}, Quarantined, [cd82ddd95c2ed066e5b1d9a32fd65ea2],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E4E0DA0E-CFCA-4BF5-865F-3E86093F6515}, Quarantined, [38178630aedcab8bcec81765fe07ee12],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E9B0ECA1-54C2-4E9D-9CA7-12E1C474185D}, Quarantined, [53fc278f52383ff7d8be7705689d8a76],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EDBBA871-43D1-4303-B495-31AF5BDB9242}, Quarantined, [0f40b8fefa90c4723165bdbf61a42cd4],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@ei.MapsGalaxy_39.com/Plugin, Quarantined, [e768edc9731741f590909ae47b8aa45c],
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@ei.RadioRage_4j.com/Plugin, Quarantined, [0a45189ef199b086e83895e99d68916f],
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [0b445a5c088239fda7588ef2fc09cd33],
    PUP.Optional.ConsumerInput.C, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\ConsumerInput, Quarantined, [4b0404b27218d066412ba93f976cca36],
    PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\DPIMGLHOJAPIKOEEIFCIFANBEINEPHDM, Quarantined, [212e486e0a8073c3fb5541a59b68c63a],
    PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\LGGJOCKDKHAHIHJFEHMOCMJAKCHIHNJB, Quarantined, [cc839b1b0e7cbb7bf0602abced1635cb],
    PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\nmhostct3306926, Quarantined, [d27d625472184fe7aa7a176a897c8e72],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1005EAE3-FDF4-4EE2-B1E0-DD4AE79B2164}, Quarantined, [ada2d5e134560d29d63f3e40f90c1be5],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14387D2E-409A-4D73-82F1-3E15494824CF}, Quarantined, [311e773f2b5fc076c253fd81798ce61a],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{145E8993-BFE0-4C6E-82A8-401EACF1334E}, Quarantined, [c7884d698ffbc1750c0a5c22f90c6997],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{16C48B8D-C848-4758-B56E-375344FECDA5}, Quarantined, [3619387e2664da5cc1555f1f1ce99e62],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{185411BE-5BA3-4300-AB61-6CFBC9EFDF98}, Quarantined, [2a25f5c12c5e67cf60b52e50dc29f40c],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B3FA243-D23E-4FB8-87F4-3DF8FD49B5F6}, Quarantined, [0d42595d1f6b0c2a55c0daa4de27e21e],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2280A4DD-F987-4C94-A322-7451A59B63B7}, Quarantined, [6de2b0063a5047ef43d3f38b000517e9],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{234C64BC-5785-45CE-8F7E-11D5D91B6FC7}, Quarantined, [2c23f3c30f7b6bcb3ed82955788d8d73],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26EAFF8B-3CD5-42C3-8D9C-BE5FFF9F32DF}, Quarantined, [b897882ec7c3f244a66e89f5ef161ae6],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{289B7AAC-5838-428A-ACB1-455E4175CCFA}, Quarantined, [0b440babfe8ce35323f3205e828335cb],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{303C20DC-71A0-4D6E-96CE-D515301D67FB}, Quarantined, [a0afa2145238092dfa1c92ecff06ab55],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{38B24EE3-E6AE-4E42-9779-D0241A2CEC40}, Quarantined, [2827dfd7fe8c87aff71eacd271948a76],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A6AA4A9-AACC-4211-91FF-9F5ED751C45E}, Quarantined, [81cee2d46921b87ea96d6717d332ca36],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B476F89-B1A0-4FAA-83A9-D72088412E9A}, Quarantined, [88c7c3f3e8a2c5715eb84f2f11f4f709],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3DADDD9F-792D-4584-99B6-978AF658F45F}, Quarantined, [cf80c9ed97f322148c892d511ee73ac6],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3F315681-1361-41D9-94B5-E3B6DA2170B0}, Quarantined, [133cefc77e0ce254a57128568a7b25db],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4339B9F6-2C73-4C64-A3E8-6899B231BCB5}, Quarantined, [f35ca0162d5d9b9be432c8b6c2434cb4],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{447BF11D-4015-41C1-8B32-9DE47A2CF661}, Quarantined, [f35c288e38521224dd381c6244c1ac54],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{486A6257-988B-4E42-A273-1599C353DF7C}, Quarantined, [4d023e78771351e58e881f5f7b8a58a8],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{498AD811-9A75-4520-9665-BBD05AB7A015}, Quarantined, [b699fbbbec9e1d190f071866bd4807f9],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E4966CA-2F82-45A3-8FEA-6428796FB813}, Quarantined, [64eb70462c5e1f175fb783fbeb1a5ba5],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5212ADAB-111C-4BEE-91B0-6AC4B339FB34}, Quarantined, [6be49125117993a347ce136b709539c7],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5390B4F3-AE71-44D9-A833-C2EA216095CA}, Quarantined, [014e6353aae0f343bc5a443a8b7a6f91],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{569F2943-7CB3-4B08-82DA-163EF6705FD9}, Quarantined, [420d278f048675c157be235be61f6f91],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{57032DF5-61FD-405C-82E8-8C6614C18563}, Quarantined, [430c9b1ba1e951e50c095628e42102fe],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5B550B0B-997E-4459-9096-3B88E9DCFCB4}, Quarantined, [e26d05b119711c1a3cdaed9146bf50b0],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5F003FDD-9375-46E8-BBEC-B6B63CA6A4F7}, Quarantined, [5bf4a3132c5e62d475a1f38bea1bed13],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6185136A-FD3E-43BB-A5DD-2AFD6BFDB8F2}, Quarantined, [79d6a3135931979fc254a8d6b550c739],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{645E0C72-38C2-4A79-A03B-45448396BCA2}, Quarantined, [3718b8fe1575b97d38dddda18b7a1be5],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{66429CAB-47E3-4034-A4FB-DEFBE4BC8CA2}, Quarantined, [e6691a9c3951171fde38730b8d78817f],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C47FB69-45C4-44E0-BE4D-22B045BE76FE}, Quarantined, [65eaa70f1476a59118fecab447be619f],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C570F6A-AD7F-45BB-80C5-E466D5B448A4}, Quarantined, [c58ad1e51674c57164b23a446c990ef2],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C6650F5-D111-4D1C-844C-B731E4E35DE8}, Quarantined, [b996ddd96228d66026ef1b63cb3afa06],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6D2ED67B-3037-4605-93DF-63E563A8AF23}, Quarantined, [a6a93f77acde0432f71e38464db8b14f],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6E474ADB-6A77-4F92-9926-2B787EA5DB80}, Quarantined, [c48b8f277c0e290d3dd81965669feb15],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6EEBF7DA-E35F-4A6B-BE81-88AEB9C37967}, Quarantined, [cb845b5ba5e5ca6c47ce87f72cd9c937],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D3087B9-3A43-4720-BE25-5BDB35DB746B}, Quarantined, [301f0caa99f192a41df81f5fc73e629e],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7EC659CD-6C1E-4EC5-9087-AF7D304BA094}, Quarantined, [50ff12a495f5c571888e83fb35d044bc],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F23342E-7744-4596-8C52-13F1B1E2293C}, Quarantined, [88c76353fd8de94d1105daa450b5de22],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F9E5B18-E556-46D9-A4B4-6624DA593E93}, Quarantined, [61eecaec0f7b1b1b898c3e409d68df21],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7FD4B26B-3B7B-4730-97D2-3C518C4CBDAE}, Quarantined, [1d328d298604a3935cbad5a9af56f60a],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{832329D0-D53F-4F89-A915-F041C2AFA83F}, Quarantined, [90bf3e78e3a77bbb39dce9952dd8f907],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{86081724-EA76-4483-B45D-DAF43B6C5F92}, Quarantined, [6ce315a1bcce37ff9086245a9a6bd729],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E9830C1-50ED-46D2-943C-9071E9D335AF}, Quarantined, [034c93232f5b59dd59bce59927defc04],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{920E18FD-4574-4284-BA21-668F4A13458C}, Quarantined, [68e7e9cd4446e155769f146a23e20000],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{92ECDBDE-180C-4E4F-84D5-EE94B1BDF953}, Quarantined, [5bf4e8cebdcdf1459e78304eee17ba46],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{96D86980-8CC5-4BA1-8559-778B2DA92DA1}, Quarantined, [d679338373179d998591611ddd28b44c],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{97A84DBC-1EDD-48D1-B1BD-BB6ED3D6EA8E}, Quarantined, [b49b0ea8b7d3d75fc452dca235d0ae52],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{97E5199E-60B9-4F57-99C7-D736E7A5BEA3}, Quarantined, [81ce7046e6a4b185c254077723e2d030],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9AF41F6C-A0E3-411D-8A4A-D1304632984C}, Quarantined, [cc83ae089eec69cda372403e34d104fc],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9C89F270-5B1D-4A31-902C-1017322B2942}, Quarantined, [282706b0d5b5e74f68ad8ef0e42118e8],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CE574D4-E529-449A-BBD8-CBC143C8D73E}, Quarantined, [f15e2a8c5931221436dfc0be6c9926da],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9F25C6CB-3FC6-4F23-986C-BCF6F3AF881D}, Quarantined, [b699981ecdbdb97db56025596e9734cc],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A1A5B4EC-7000-4AD8-85E1-67BC6D90B619}, Quarantined, [b39cf0c6612957dfa1751965f3125ea2],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A537DDCF-22B6-4BAF-A5C8-A31B2C317FCB}, Quarantined, [92bd6452b1d9f1451afce49a26df5ca4],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5A2CB79-ECC3-49FC-8C97-64279C4A9B40}, Quarantined, [55fa65510e7c43f357be601efb0a10f0],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5E955BA-5B65-4FEE-8582-487996631BD2}, Quarantined, [55fad6e0503add595bba087635d0ce32],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A73710F0-5976-4995-8FFF-56C5CE86C454}, Quarantined, [f7581f97c5c53105e62fd8a624e1b34d],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A9501A40-86E2-49F6-B444-14B969211F5A}, Quarantined, [97b866509befa78fb660a3dbab5ac040],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A9BC7F9D-7C68-4E7B-91C8-CEDCAF86987D}, Quarantined, [f956585ed5b5d75fa96ce8960afb4eb2],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AB2E008A-18B4-4E21-B34C-52CF7457A517}, Quarantined, [e06f575fe9a1280e080e443a32d37b85],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC1DA0EE-1324-47CE-9515-F5A6FAB66728}, Quarantined, [064944727218211525f00f6f7590c23e],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC82E4B3-47BC-4C62-B565-B076CA77C7E3}, Quarantined, [e06fb7ffddad241248cd1e6083824eb2],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE495342-C116-4C03-99DA-A94B5A30639A}, Quarantined, [242b9b1b612989ad60b60777cb3a44bc],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2584893-C4D2-46F7-B6F4-9BAA818B96B7}, Quarantined, [aaa5bff7800a270fdc39ea9459ac1ee2],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B5F0B833-6DB4-49C0-9397-A4C8E1B953D7}, Quarantined, [4f00b7fff09a13235abbef8fbe47d12f],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B81DD85E-EB4F-470E-B394-CCD3E4A4FCE2}, Quarantined, [89c63e78bdcdbd7960b485f9bf4640c0],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAE6EB76-F1F3-4AFF-AF3F-3FE52C86C554}, Quarantined, [95ba744277134de972a4c7b7cd38ce32],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BCE8F6F8-4FAC-4640-9D23-7E4E4BC2CB36}, Quarantined, [0a4563539cee37ff9a7c710d42c3c739],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BDB0C6B8-C641-433C-94AB-4164CF9A56FC}, Quarantined, [aba4991d01899c9aea2bccb26d98cb35],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BEA2D321-DB79-4616-BCAE-D447EA4ACB30}, Quarantined, [f956f4c24d3d5bdbda3bdba3a95c1ae6],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BEC8EB92-8542-4678-8C3E-115A523CF3D7}, Quarantined, [75daedc9f298aa8c8590abd3c0456b95],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BEF02BE0-F126-43FC-B522-45AA88B75836}, Quarantined, [1d327e38404a14224bcbd9a519ecb54b],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BFB86BCF-79D9-442F-A5D4-B721D371EAF6}, Quarantined, [cf803c7afd8db3838a8ccdb1aa5bab55],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C3019572-86F7-4F2F-A038-BA5DE19324BE}, Quarantined, [7cd3dcdaa4e6f73fc254730b966fa55b],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C4C0A26E-DBAE-49AD-B080-B8804953E551}, Quarantined, [94bbb40299f100369284fe80010406fa],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C5558BC8-488A-476E-AEF9-D49E13E2A723}, Quarantined, [fc5361558703d85e7d98d2acbe472bd5],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C83DDCBF-AEC5-45E2-8B74-9CB877607BE6}, Quarantined, [252a5264434756e08a8cdda101046d93],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CA3BFF74-46CA-4CC2-9EFD-CA32122076FF}, Quarantined, [83cc10a6d2b8a29436e0a5d93acb9e62],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CC1853F4-C7C4-4F77-A12E-F6A39996D3AC}, Quarantined, [e36cf6c0701abf777a9cef8fb94c8f71],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD8B2202-DA3A-4DA7-8CC4-ABF7E166AF7F}, Quarantined, [85cab6008efcdb5b0b0b0c72a0658779],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D599B948-1BBD-40F0-8CFC-33FF3EFD6396}, Quarantined, [a6a9aa0cee9c0e28b3628df1768fad53],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D5EEF6B9-3CDC-404C-9442-DBCE7517933C}, Quarantined, [87c8cee8c1c9c373a075245a6b9a9e62],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D63C0C54-8324-4A07-B942-D8FD824CDB6B}, Quarantined, [ada246704149ad89060f3f3fa362ee12],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D66A74C1-29F4-4C69-BE56-65244B4046C4}, Quarantined, [ce81793d0f7bb2841303e49a32d3ce32],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0A63BB8-AF81-4FB6-93D6-A5556BA8BE64}, Quarantined, [d57ad7df26640333cc490975aa5b2bd5],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E16ECDED-74AA-4856-ABC0-5254EDC8F2D9}, Quarantined, [0b443c7a09817abc27ee7b03f510d22e],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E825842C-98B5-4AD2-B8B5-DA52936BEED1}, Quarantined, [d57a3d79d2b8979f3ed7b0ce47be06fa],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E9439D2F-1A50-458B-9DCF-56CF5F563862}, Quarantined, [d679902696f4d165da3c344ad53039c7],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EB21693A-D0D8-4E84-A3E7-9EF12C4FA4E9}, Quarantined, [341b5363325862d4070f2f4fc83dad53],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EB533284-E69E-417F-BC99-53795AD98A56}, Quarantined, [94bbdadce1a9b97df71f453909fc7c84],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EE0E7C43-93C9-4C5A-827A-DAF35A7B7DAF}, Quarantined, [ca852f872a603df94cc9423ca26340c0],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F193AB0A-D5C1-4916-81E2-BFF28C45D3A9}, Quarantined, [2b24b10504862313a1752a54679eb24e],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F3278990-E9CE-4AB7-B944-C9B7984CBC6D}, Quarantined, [e06feccac1c96ec8b561344aca3b46ba],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F592ADDE-D939-40EE-A6F0-9AB9FF6CB52A}, Quarantined, [90bfae084347f24458be0579e520d32d],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F70A9C1F-4A07-44AF-94FD-A527C55E5AC6}, Quarantined, [1639199dfa90f83ee72ef5892dd8d030],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FAC758A6-169B-4A18-9C11-5E3F43F48A73}, Quarantined, [212e4e68ddadfc3a8194c0bee322f40c],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FB111A72-67FB-4BF4-A284-ADE7B5D9B232}, Quarantined, [ada2a70fe6a49a9c72a4ccb253b212ee],
    PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHCT3306926, Quarantined, [bf90278f5a30e84e9690344d2ed749b7],

    Registry Values: 134
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26eaff8b-3cd5-42c3-8d9c-be5fff9f32df}|AppName, HDtubeV1.6V11.11-bg.exe, Quarantined, [8dc26452d4b6ed4928efbac4cd3858a8]
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b81dd85e-eb4f-470e-b394-ccd3e4a4fce2}|AppName, I - Cinema-bg.exe, Quarantined, [09465462f694a3939c7be89622e3ea16]
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c4c0a26e-dbae-49ad-b080-b8804953e551}|AppName, I - Cinema-codedownloader.exe, Quarantined, [b699c7efee9c1e18f524ef8fea1b0000]
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c83ddcbf-aec5-45e2-8b74-9cb877607be6}|AppName, HDtubeV1.6V11.11-codedownloader.exe, Quarantined, [301fb5010f7b30060217fe80c73e6c94]
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [3e1100b61179cf67bb44e997e32227d9]
    PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dpimglhojapikoeeifcifanbeinephdm|path, C:\Users\MITCH\AppData\Local\CRE\dpimglhojapikoeeifcifanbeinephdm.crx, Quarantined, [bf906f47f59579bdb9966a7cf60d15eb]
    PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\lggjockdkhahihjfehmocmjakchihnjb|path, C:\Users\MITCH\AppData\Local\CRE\lggjockdkhahihjfehmocmjakchihnjb.crx, Quarantined, [c08f476f3e4c1c1afe517571e91a4fb1]
    PUP.Optional.Binkiland.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Binkiland\\, Quarantined, [470842749eec85b1c560658106fd37c9]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{113ddedd-85b0-4f48-b9b0-7a727db38cb5}|AppPath, C:\Program Files (x86)\PackageTracer_69\bar\1.bin, Quarantined, [ec63f3c3444638fe6036d8a443c2da26]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{16d0011b-a05d-4891-9db2-7979236bb50e}|AppPath, C:\Program Files (x86)\PackageTracer_69\bar\1.bin, Quarantined, [ef60a313addd36004551007c9f669e62]
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111251155}|AppName, JollyWallet-bg.exe, Quarantined, [d27d3c7a5238eb4b011669153fc606fa]
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26eaff8b-3cd5-42c3-8d9c-be5fff9f32df}|AppName, HDtubeV1.6V11.11-bg.exe, Quarantined, [d47bd1e52c5e6dc932e58cf28382df21]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3b9bf8f6-0d9b-4c80-97f8-f8af20888ce6}|AppPath, C:\Program Files (x86)\PackageTracer_69\bar\1.bin, Quarantined, [b798a80e2a6092a49105fe7e8f762ed2]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4f8a7ea8-cdef-4393-8191-38dc6448f967}|AppPath, C:\Program Files (x86)\PackageTracer_69\bar\1.bin, Quarantined, [b9964e687515f73f5e38c7b5ed1839c7]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5806af45-491a-4080-b99e-d5045b11d21e}|AppPath, C:\Program Files (x86)\GasGlance_5i\bar\1.bin, Quarantined, [2e21278f7713d85e5d3913695fa6f709]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68ed2974-ecda-46da-b5c8-0dbcde795731}|AppPath, C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin, Quarantined, [d57a9c1ae5a5cd6999fdf88421e451af]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{777651e4-13ca-4a6a-a605-79cd54b1cb08}|AppPath, C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin, Quarantined, [301fad09a5e5a393f3a3e09c50b525db]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{88a61f12-5bea-461b-878a-e9e310975f4d}|AppPath, C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin, Quarantined, [4609b40296f49e98e8ae86f6010419e7]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89826354-5a6b-4bb5-b222-c350684df0a7}|AppPath, C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin, Quarantined, [ea6584322763c571781ec3b9996c6c94]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9299b102-415c-41d0-abd4-9371283a0ffa}|AppPath, C:\Program Files (x86)\GardeningEnthusiast_7j\bar\1.bin, Quarantined, [1837595dd2b8280e1581354754b1649c]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99f5cfde-6252-4035-b820-bd521960f59f}|AppPath, C:\Program Files (x86)\HowToSimplified_8e\bar\1.bin, Quarantined, [56f9872f39511125ecaaff7da164e21e]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ab2bfe44-b528-416e-a56f-ee9bbaa114a4}|AppPath, C:\Program Files (x86)\GasGlance_5i\bar\1.bin, Quarantined, [d17ea511800ab680afe79ce01aeb7987]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b38cc7f3-9561-4aa5-9907-25724a4bb87b}|AppPath, C:\Program Files (x86)\GasGlance_5i\bar\1.bin, Quarantined, [a3ac3f77870390a6b1e50b71bf46f40c]
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b81dd85e-eb4f-470e-b394-ccd3e4a4fce2}|AppName, I - Cinema-bg.exe, Quarantined, [2629b105f991072f8c8b86f834d1af51]
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c4c0a26e-dbae-49ad-b080-b8804953e551}|AppName, I - Cinema-codedownloader.exe, Quarantined, [0946e7cfacde87af76a3c8b6b352cd33]
    PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c83ddcbf-aec5-45e2-8b74-9cb877607be6}|AppName, HDtubeV1.6V11.11-codedownloader.exe, Quarantined, [ed628e28abdfb97dd04999e580855ba5]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ce12dc0f-3015-4d30-b186-bf9808558177}|AppPath, C:\Program Files (x86)\GardeningEnthusiast_7j\bar\1.bin, Quarantined, [aba44076830771c5e3b3027a44c129d7]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{d1149832-abe6-4a57-933d-5d5a6045ee9d}|AppPath, C:\Program Files (x86)\PackageTracer_69\bar\1.bin, Quarantined, [60eff5c1b4d61e18b3e395e72ed75fa1]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e24de5e8-9c8f-4e23-8b0b-712f42992059}|AppPath, C:\Program Files (x86)\PackageTracer_69\bar\1.bin, Quarantined, [cd82ddd95c2ed066e5b1d9a32fd65ea2]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e4e0da0e-cfca-4bf5-865f-3e86093f6515}|AppPath, C:\Program Files (x86)\GardeningEnthusiast_7j\bar\1.bin, Quarantined, [38178630aedcab8bcec81765fe07ee12]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{e9b0eca1-54c2-4e9d-9ca7-12e1c474185d}|AppPath, C:\Program Files (x86)\GardeningEnthusiast_7j\bar\1.bin, Quarantined, [53fc278f52383ff7d8be7705689d8a76]
    PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{edbba871-43d1-4303-b495-31af5bdb9242}|AppPath, C:\Program Files (x86)\GasGlance_5i\bar\1.bin, Quarantined, [0f40b8fefa90c4723165bdbf61a42cd4]
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [0b445a5c088239fda7588ef2fc09cd33]
    PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dpimglhojapikoeeifcifanbeinephdm|path, C:\Users\MITCH\AppData\Local\CRE\dpimglhojapikoeeifcifanbeinephdm.crx, Quarantined, [212e486e0a8073c3fb5541a59b68c63a]
    PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\lggjockdkhahihjfehmocmjakchihnjb|path, C:\Users\MITCH\AppData\Local\CRE\lggjockdkhahihjfehmocmjakchihnjb.crx, Quarantined, [cc839b1b0e7cbb7bf0602abced1635cb]
    PUP.Optional.RelevantKnowledge.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\GUPPY\RKSURVEY|survey, 0, Quarantined, [351a42744149a3935238db0d12f1ec14]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1005EAE3-FDF4-4EE2-B1E0-DD4AE79B2164}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [ada2d5e134560d29d63f3e40f90c1be5]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14387D2E-409A-4D73-82F1-3E15494824CF}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [311e773f2b5fc076c253fd81798ce61a]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{145E8993-BFE0-4C6E-82A8-401EACF1334E}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [c7884d698ffbc1750c0a5c22f90c6997]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{16C48B8D-C848-4758-B56E-375344FECDA5}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [3619387e2664da5cc1555f1f1ce99e62]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{185411BE-5BA3-4300-AB61-6CFBC9EFDF98}|AppName, e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2.exe-buttonutil.exe, Quarantined, [2a25f5c12c5e67cf60b52e50dc29f40c]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B3FA243-D23E-4FB8-87F4-3DF8FD49B5F6}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [0d42595d1f6b0c2a55c0daa4de27e21e]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2280A4DD-F987-4C94-A322-7451A59B63B7}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [6de2b0063a5047ef43d3f38b000517e9]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{234C64BC-5785-45CE-8F7E-11D5D91B6FC7}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [2c23f3c30f7b6bcb3ed82955788d8d73]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26eaff8b-3cd5-42c3-8d9c-be5fff9f32df}|AppName, HDtubeV1.6V11.11-bg.exe, Quarantined, [b897882ec7c3f244a66e89f5ef161ae6]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{289B7AAC-5838-428A-ACB1-455E4175CCFA}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [0b440babfe8ce35323f3205e828335cb]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{303C20DC-71A0-4D6E-96CE-D515301D67FB}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [a0afa2145238092dfa1c92ecff06ab55]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{38B24EE3-E6AE-4E42-9779-D0241A2CEC40}|AppName, e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2.exe-buttonutil.exe, Quarantined, [2827dfd7fe8c87aff71eacd271948a76]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A6AA4A9-AACC-4211-91FF-9F5ED751C45E}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [81cee2d46921b87ea96d6717d332ca36]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3B476F89-B1A0-4FAA-83A9-D72088412E9A}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [88c7c3f3e8a2c5715eb84f2f11f4f709]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3DADDD9F-792D-4584-99B6-978AF658F45F}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [cf80c9ed97f322148c892d511ee73ac6]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3F315681-1361-41D9-94B5-E3B6DA2170B0}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [133cefc77e0ce254a57128568a7b25db]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4339B9F6-2C73-4C64-A3E8-6899B231BCB5}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [f35ca0162d5d9b9be432c8b6c2434cb4]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{447BF11D-4015-41C1-8B32-9DE47A2CF661}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [f35c288e38521224dd381c6244c1ac54]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{486A6257-988B-4E42-A273-1599C353DF7C}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [4d023e78771351e58e881f5f7b8a58a8]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{498AD811-9A75-4520-9665-BBD05AB7A015}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [b699fbbbec9e1d190f071866bd4807f9]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4E4966CA-2F82-45A3-8FEA-6428796FB813}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [64eb70462c5e1f175fb783fbeb1a5ba5]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5212ADAB-111C-4BEE-91B0-6AC4B339FB34}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [6be49125117993a347ce136b709539c7]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5390B4F3-AE71-44D9-A833-C2EA216095CA}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [014e6353aae0f343bc5a443a8b7a6f91]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{569F2943-7CB3-4B08-82DA-163EF6705FD9}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [420d278f048675c157be235be61f6f91]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{57032DF5-61FD-405C-82E8-8C6614C18563}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [430c9b1ba1e951e50c095628e42102fe]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5B550B0B-997E-4459-9096-3B88E9DCFCB4}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [e26d05b119711c1a3cdaed9146bf50b0]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5F003FDD-9375-46E8-BBEC-B6B63CA6A4F7}|AppName, e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2.exe-codedownloader.exe, Quarantined, [5bf4a3132c5e62d475a1f38bea1bed13]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6185136A-FD3E-43BB-A5DD-2AFD6BFDB8F2}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [79d6a3135931979fc254a8d6b550c739]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{645E0C72-38C2-4A79-A03B-45448396BCA2}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [3718b8fe1575b97d38dddda18b7a1be5]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{66429CAB-47E3-4034-A4FB-DEFBE4BC8CA2}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [e6691a9c3951171fde38730b8d78817f]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C47FB69-45C4-44E0-BE4D-22B045BE76FE}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [65eaa70f1476a59118fecab447be619f]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C570F6A-AD7F-45BB-80C5-E466D5B448A4}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [c58ad1e51674c57164b23a446c990ef2]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C6650F5-D111-4D1C-844C-B731E4E35DE8}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [b996ddd96228d66026ef1b63cb3afa06]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6D2ED67B-3037-4605-93DF-63E563A8AF23}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [a6a93f77acde0432f71e38464db8b14f]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6E474ADB-6A77-4F92-9926-2B787EA5DB80}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [c48b8f277c0e290d3dd81965669feb15]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6EEBF7DA-E35F-4A6B-BE81-88AEB9C37967}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [cb845b5ba5e5ca6c47ce87f72cd9c937]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D3087B9-3A43-4720-BE25-5BDB35DB746B}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [301f0caa99f192a41df81f5fc73e629e]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7EC659CD-6C1E-4EC5-9087-AF7D304BA094}|AppName, e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2.exe-codedownloader.exe, Quarantined, [50ff12a495f5c571888e83fb35d044bc]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F23342E-7744-4596-8C52-13F1B1E2293C}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [88c76353fd8de94d1105daa450b5de22]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F9E5B18-E556-46D9-A4B4-6624DA593E93}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [61eecaec0f7b1b1b898c3e409d68df21]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7FD4B26B-3B7B-4730-97D2-3C518C4CBDAE}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [1d328d298604a3935cbad5a9af56f60a]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{832329D0-D53F-4F89-A915-F041C2AFA83F}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [90bf3e78e3a77bbb39dce9952dd8f907]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{86081724-EA76-4483-B45D-DAF43B6C5F92}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [6ce315a1bcce37ff9086245a9a6bd729]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E9830C1-50ED-46D2-943C-9071E9D335AF}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [034c93232f5b59dd59bce59927defc04]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{920E18FD-4574-4284-BA21-668F4A13458C}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [68e7e9cd4446e155769f146a23e20000]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{92ECDBDE-180C-4E4F-84D5-EE94B1BDF953}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [5bf4e8cebdcdf1459e78304eee17ba46]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{96D86980-8CC5-4BA1-8559-778B2DA92DA1}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [d679338373179d998591611ddd28b44c]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{97A84DBC-1EDD-48D1-B1BD-BB6ED3D6EA8E}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [b49b0ea8b7d3d75fc452dca235d0ae52]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{97E5199E-60B9-4F57-99C7-D736E7A5BEA3}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [81ce7046e6a4b185c254077723e2d030]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9AF41F6C-A0E3-411D-8A4A-D1304632984C}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [cc83ae089eec69cda372403e34d104fc]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9C89F270-5B1D-4A31-902C-1017322B2942}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [282706b0d5b5e74f68ad8ef0e42118e8]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9CE574D4-E529-449A-BBD8-CBC143C8D73E}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [f15e2a8c5931221436dfc0be6c9926da]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9F25C6CB-3FC6-4F23-986C-BCF6F3AF881D}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [b699981ecdbdb97db56025596e9734cc]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A1A5B4EC-7000-4AD8-85E1-67BC6D90B619}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [b39cf0c6612957dfa1751965f3125ea2]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A537DDCF-22B6-4BAF-A5C8-A31B2C317FCB}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [92bd6452b1d9f1451afce49a26df5ca4]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5A2CB79-ECC3-49FC-8C97-64279C4A9B40}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [55fa65510e7c43f357be601efb0a10f0]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A5E955BA-5B65-4FEE-8582-487996631BD2}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [55fad6e0503add595bba087635d0ce32]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A73710F0-5976-4995-8FFF-56C5CE86C454}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [f7581f97c5c53105e62fd8a624e1b34d]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A9501A40-86E2-49F6-B444-14B969211F5A}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [97b866509befa78fb660a3dbab5ac040]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A9BC7F9D-7C68-4E7B-91C8-CEDCAF86987D}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [f956585ed5b5d75fa96ce8960afb4eb2]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AB2E008A-18B4-4E21-B34C-52CF7457A517}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [e06f575fe9a1280e080e443a32d37b85]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC1DA0EE-1324-47CE-9515-F5A6FAB66728}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [064944727218211525f00f6f7590c23e]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC82E4B3-47BC-4C62-B565-B076CA77C7E3}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [e06fb7ffddad241248cd1e6083824eb2]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AE495342-C116-4C03-99DA-A94B5A30639A}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [242b9b1b612989ad60b60777cb3a44bc]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2584893-C4D2-46F7-B6F4-9BAA818B96B7}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [aaa5bff7800a270fdc39ea9459ac1ee2]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B5F0B833-6DB4-49C0-9397-A4C8E1B953D7}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [4f00b7fff09a13235abbef8fbe47d12f]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b81dd85e-eb4f-470e-b394-ccd3e4a4fce2}|AppName, I - Cinema-bg.exe, Quarantined, [89c63e78bdcdbd7960b485f9bf4640c0]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAE6EB76-F1F3-4AFF-AF3F-3FE52C86C554}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [95ba744277134de972a4c7b7cd38ce32]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BCE8F6F8-4FAC-4640-9D23-7E4E4BC2CB36}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [0a4563539cee37ff9a7c710d42c3c739]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BDB0C6B8-C641-433C-94AB-4164CF9A56FC}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [aba4991d01899c9aea2bccb26d98cb35]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BEA2D321-DB79-4616-BCAE-D447EA4ACB30}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [f956f4c24d3d5bdbda3bdba3a95c1ae6]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BEC8EB92-8542-4678-8C3E-115A523CF3D7}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [75daedc9f298aa8c8590abd3c0456b95]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BEF02BE0-F126-43FC-B522-45AA88B75836}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [1d327e38404a14224bcbd9a519ecb54b]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BFB86BCF-79D9-442F-A5D4-B721D371EAF6}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [cf803c7afd8db3838a8ccdb1aa5bab55]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C3019572-86F7-4F2F-A038-BA5DE19324BE}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [7cd3dcdaa4e6f73fc254730b966fa55b]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c4c0a26e-dbae-49ad-b080-b8804953e551}|AppName, I - Cinema-codedownloader.exe, Quarantined, [94bbb40299f100369284fe80010406fa]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C5558BC8-488A-476E-AEF9-D49E13E2A723}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [fc5361558703d85e7d98d2acbe472bd5]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{c83ddcbf-aec5-45e2-8b74-9cb877607be6}|AppName, HDtubeV1.6V11.11-codedownloader.exe, Quarantined, [252a5264434756e08a8cdda101046d93]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CA3BFF74-46CA-4CC2-9EFD-CA32122076FF}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [83cc10a6d2b8a29436e0a5d93acb9e62]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CC1853F4-C7C4-4F77-A12E-F6A39996D3AC}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [e36cf6c0701abf777a9cef8fb94c8f71]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD8B2202-DA3A-4DA7-8CC4-ABF7E166AF7F}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [85cab6008efcdb5b0b0b0c72a0658779]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D599B948-1BBD-40F0-8CFC-33FF3EFD6396}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [a6a9aa0cee9c0e28b3628df1768fad53]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D5EEF6B9-3CDC-404C-9442-DBCE7517933C}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [87c8cee8c1c9c373a075245a6b9a9e62]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D63C0C54-8324-4A07-B942-D8FD824CDB6B}|AppName, e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2.exe-buttonutil.exe, Quarantined, [ada246704149ad89060f3f3fa362ee12]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D66A74C1-29F4-4C69-BE56-65244B4046C4}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [ce81793d0f7bb2841303e49a32d3ce32]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0A63BB8-AF81-4FB6-93D6-A5556BA8BE64}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [d57ad7df26640333cc490975aa5b2bd5]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E16ECDED-74AA-4856-ABC0-5254EDC8F2D9}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [0b443c7a09817abc27ee7b03f510d22e]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E825842C-98B5-4AD2-B8B5-DA52936BEED1}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [d57a3d79d2b8979f3ed7b0ce47be06fa]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E9439D2F-1A50-458B-9DCF-56CF5F563862}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [d679902696f4d165da3c344ad53039c7]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EB21693A-D0D8-4E84-A3E7-9EF12C4FA4E9}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [341b5363325862d4070f2f4fc83dad53]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EB533284-E69E-417F-BC99-53795AD98A56}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [94bbdadce1a9b97df71f453909fc7c84]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EE0E7C43-93C9-4C5A-827A-DAF35A7B7DAF}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [ca852f872a603df94cc9423ca26340c0]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F193AB0A-D5C1-4916-81E2-BFF28C45D3A9}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [2b24b10504862313a1752a54679eb24e]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F3278990-E9CE-4AB7-B944-C9B7984CBC6D}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [e06feccac1c96ec8b561344aca3b46ba]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F592ADDE-D939-40EE-A6F0-9AB9FF6CB52A}|AppName, e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2.exe-codedownloader.exe, Quarantined, [90bfae084347f24458be0579e520d32d]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F70A9C1F-4A07-44AF-94FD-A527C55E5AC6}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [1639199dfa90f83ee72ef5892dd8d030]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FAC758A6-169B-4A18-9C11-5E3F43F48A73}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-buttonutil.exe, Quarantined, [212e4e68ddadfc3a8194c0bee322f40c]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FB111A72-67FB-4BF4-A284-ADE7B5D9B232}|AppName, 669797b0-170b-44cc-abd6-69bc3ae30570-2.exe-codedownloader.exe, Quarantined, [ada2a70fe6a49a9c72a4ccb253b212ee]

    Registry Data: 0
    (No malicious items detected)

    Folders: 2
    PUP.Optional.PullUpdate.A, C:\ProgramData\atpfbZ\dat, Quarantined, [8cc3773f5c2ef93d089eaac78284659b],
    PUP.Optional.PullUpdate.A, C:\ProgramData\atpfbZ, Quarantined, [8cc3773f5c2ef93d089eaac78284659b],

    Files: 107
    PUP.Optional.PullUpdate.A, C:\ProgramData\atpfbZ\dat\dTRbyThYcEX.dll, Quarantined, [d6799323e1a90b2b243d303f5aac03fd],
    PUP.Optional.Crossbrowse.C, C:\Users\MITCH\AppData\Local\Temp\698.exe, Quarantined, [bd92c2f47a10f73f376481d7e41eb24e],
    PUP.Optional.APNToolBar.A, C:\Users\MITCH\AppData\Local\Temp\APNSetup.exe, Quarantined, [94bb8f270684a294863741220bf7f40c],
    PUP.Optional.Compete, C:\Users\MITCH\AppData\Local\Temp\ConsumerInputSetup.exe, Quarantined, [b6997f370981f442d746432dd3338c74],
    PUP.Optional.SuperOptimizer.A, C:\Users\MITCH\AppData\Local\Temp\supoptsetup.exe, Quarantined, [311ee4d202888ea81482b9a7df23857b],
    PUP.Optional.Shopperz.A, C:\Users\MITCH\AppData\Local\Temp\setup_489.exe, Quarantined, [fd52dcdafe8ce551fc03adc031d5867a],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-2TP7K.tmp\gentlemjmp_ieeuu.exe, Quarantined, [fe51dfd78a002d095f34254a38ce6a96],
    PUP.Optional.Bundle, C:\Users\MITCH\AppData\Local\Temp\is-3D3DS.tmp\pcoupoon.exe, Quarantined, [08476452e7a34ceaf25c81f89e62df21],
    PUP.Optional.Taplika, C:\Users\MITCH\AppData\Local\Temp\is-4NM9U.tmp\150.exe, Quarantined, [55fa0bab1e6cca6ca0e806719b65619f],
    PUP.Optional.WebBar.A, C:\Users\MITCH\AppData\Local\Temp\is-4NM9U.tmp\package_airwebbar_installer_multilang.exe, Quarantined, [a6a93383008a3ef841df5f1032d444bc],
    PUP.Optional.Amonetize.A, C:\Users\MITCH\AppData\Local\Temp\is-4NM9U.tmp\package_AmNuvision_installer_multilang.exe, Quarantined, [8fc042748dfda492a187a7c83acc7e82],
    PUP.Optional.CubepileShopperz.A, C:\Users\MITCH\AppData\Local\Temp\is-4NM9U.tmp\package_CubepileShopperz_installer_multilang.exe, Quarantined, [8bc4476ff991ca6cb354353ab45229d7],
    PUP.Optional.SafeGuard.A, C:\Users\MITCH\AppData\Local\Temp\is-4NM9U.tmp\package_psafeguard_installer_multilang.exe, Quarantined, [1e314b6b06841026927b501f976f6a96],
    PUP.Optional.SpeedItUp.A, C:\Users\MITCH\AppData\Local\Temp\is-4NM9U.tmp\package_speeditup_installer_multilang.exe, Quarantined, [b49b03b38109c2745bb393dc2adce41c],
    PUP.Optional.StromWatch.A, C:\Users\MITCH\AppData\Local\Temp\is-4NM9U.tmp\package_StormWatch_Boost_Verti_installer_multilang.exe, Quarantined, [b8978432f5955bdbda623738c6405aa6],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-5G181.tmp\gentlemjmp_ieeuu.exe, Quarantined, [4d02edc999f184b2048ff37ccb3baa56],
    PUP.Optional.Taplika, C:\Users\MITCH\AppData\Local\Temp\is-FP0S5.tmp\150.exe, Quarantined, [eb6433839feb072f3a4e94e3cb35e51b],
    PUP.Optional.WebBar.A, C:\Users\MITCH\AppData\Local\Temp\is-FP0S5.tmp\package_airwebbar_installer_multilang.exe, Quarantined, [9cb35e58aae023133de3f57ac442db25],
    PUP.Optional.StromWatch.A, C:\Users\MITCH\AppData\Local\Temp\is-FP0S5.tmp\package_StormWatch_Boost_Verti_installer_multilang.exe, Quarantined, [1837c7ef9cee5fd73903b9b681851ee2],
    PUP.Optional.Taplika, C:\Users\MITCH\AppData\Local\Temp\is-G1OVG.tmp\150.exe, Quarantined, [440b3185ed9d7eb8d7b1680f916ffc04],
    PUP.Optional.WebBar.A, C:\Users\MITCH\AppData\Local\Temp\is-G1OVG.tmp\package_airwebbar_installer_multilang.exe, Quarantined, [d9768f277d0d22140818df90db2b09f7],
    PUP.Optional.Amonetize.A, C:\Users\MITCH\AppData\Local\Temp\is-G1OVG.tmp\package_AmNuvision_installer_multilang.exe, Quarantined, [a2ad595daedc201678b0b8b70600ce32],
    PUP.Optional.CubepileShopperz.A, C:\Users\MITCH\AppData\Local\Temp\is-G1OVG.tmp\package_CubepileShopperz_installer_multilang.exe, Quarantined, [be913c7ae2a88fa731d6fc73c44202fe],
    PUP.Optional.SafeGuard.A, C:\Users\MITCH\AppData\Local\Temp\is-G1OVG.tmp\package_psafeguard_installer_multilang.exe, Quarantined, [bf90feb87e0c181e888571febe486f91],
    PUP.Optional.SpeedItUp.A, C:\Users\MITCH\AppData\Local\Temp\is-G1OVG.tmp\package_speeditup_installer_multilang.exe, Quarantined, [004f8d29860431056ea018571ceabc44],
    PUP.Optional.StromWatch.A, C:\Users\MITCH\AppData\Local\Temp\is-G1OVG.tmp\package_StormWatch_Boost_Verti_installer_multilang.exe, Quarantined, [8bc4288eaedc142294a87cf363a3c838],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-GASKJ.tmp\11.exe, Quarantined, [e669179f3f4bfa3c1083de91e71fe41c],
    PUP.Optional.BrowseFox, C:\Users\MITCH\AppData\Local\Temp\is-GBI7R.tmp\mountainbike_soft_partner.exe, Quarantined, [a8a7c7eff991d660a16eda8823df0df3],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-GC4O5.tmp\gentlemjmp_ieeuu.exe, Quarantined, [e96605b16f1bb0868211412e26e07d83],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-T42D9.tmp\package_spyouyahoo_installer_multilang.exe, Quarantined, [004fe9cd5a3049ed2073b8b76a9cce32],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-TQ3OC.tmp\gentlemjmp_ieeuu.exe, Quarantined, [6ae5a90d2367f83e870c6609bb4ba759],
    PUP.Optional.PullUpdate.A, C:\Users\MITCH\AppData\Local\Temp\nsc5F95.tmp\Helper.dll, Quarantined, [fd5273431b6fb48281e0ef809d69d42c],
    PUP.Optional.OptimizerPro, C:\Users\MITCH\AppData\Local\Temp\WPR\OptimizerPro.exe, Quarantined, [62ed179fc3c75bdba4f849fc4db5768a],
    PUP.Optional.OfferInstaller.C, C:\Users\MITCH\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\OfferInstaller.exe, Quarantined, [054a4571e0aabd7940d38eb1df230ff1],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-7L1B8.tmp\gentlemjmp_ieeuu.exe, Quarantined, [c48bb10515754fe7ddb6b4bb6f9710f0],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-82M5I.tmp\gentlemjmp_ieeuu.exe, Quarantined, [fc53e4d2226873c397fcafc04eb8c43c],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-88RE4.tmp\gentlemjmp_ieeuu.exe, Quarantined, [4f00d8def59542f42370b3bc3dc96b95],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-ASDN8.tmp\gentlemjmp_ieeuu.exe, Quarantined, [5af522947c0edd596132313ec24454ac],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-IR1NK.tmp\gentlemjmp_ieeuu.exe, Quarantined, [aaa5754145453df9c9ca82ed15f15ba5],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-JGKA8.tmp\gentlemjmp_ieeuu.exe, Quarantined, [85ca96203b4f57dffb985f10000625db],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-JS3LN.tmp\gentlemjmp_ieeuu.exe, Quarantined, [c28dd0e66b1f0036f3a007689274ae52],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-JT3SN.tmp\gentlemjmp_ieeuu.exe, Quarantined, [dc730da91b6f21156d2674fb5bab11ef],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-OROPQ.tmp\gentlemjmp_ieeuu.exe, Quarantined, [4d021d99a7e35adc8211e7880afc33cd],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-P2I3I.tmp\gentlemjmp_ieeuu.exe, Quarantined, [7ed1dfd7761478be2e65f47b0ef844bc],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-PC09I.tmp\gentlemjmp_ieeuu.exe, Quarantined, [3c13d8dee0aa83b3345fdd92a66028d8],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-QDPOQ.tmp\gentlemjmp_ieeuu.exe, Quarantined, [4708d5e1fb8f75c1fe95cfa00204bc44],
    PUP.Optional.Crossbrowse.C, C:\Users\MITCH\AppData\Local\Temp\5929\setup.exe, Quarantined, [46092a8c6921db5b4fdd2b448a7cd729],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-5H1BC.tmp\gentlemjmp_ieeuu.exe, Quarantined, [0847f6c0eb9f7bbb9bf8096649bd6c94],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-EECCD.tmp\gentlemjmp_ieeuu.exe, Quarantined, [202f9620cdbdd26490035f10e323ba46],
    PUP.Optional.CheckOffer, C:\Users\MITCH\AppData\Local\Temp\is-IHKJE.tmp\InstallManager.exe, Quarantined, [c18e298de7a33cfaa6eec89acf338080],
    PUP.Optional.Tuto4PC.A, C:\Users\MITCH\AppData\Local\Temp\is-IHKJE.tmp\package_spyouyahoo_installer_multilang.exe, Quarantined, [e16e11a5701ad95dfc97a2cd699d629e],
    PUP.Optional.Clara.A, C:\Windows\Temp\SienUpdater\s2u0.exe, Quarantined, [331c3a7c34564aec0d9fd69944c20000],
    PUP.Optional.Bundle, C:\Users\MITCH\Downloads\FPP_Setup (6).exe, Quarantined, [50fffeb8e9a12412402dc49ba75b9b65],
    PUP.Optional.Bundle, C:\Users\MITCH\Downloads\FPP_Setup.exe, Quarantined, [490600b67119eb4b07665708ef13da26],
    PUP.Optional.Bundlore.C, C:\Users\MITCH\Downloads\Setup (3).exe, Quarantined, [8ec15c5a53371620c5e7f14a38ca49b7],
    PUP.Optional.Bundlore.C, C:\Users\MITCH\Downloads\Setup (4).exe, Quarantined, [0f40cee83753ec4ad7d51a215ca6ea16],
    PUP.Optional.Bundlore.C, C:\Users\MITCH\Downloads\Setup(1).exe, Quarantined, [d47b75415b2f8aac793387b4ec16a55b],
    PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(11).exe, Quarantined, [66e93e78008a5cda52e2005e11f1b050],
    PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(12).exe, Quarantined, [e26d882ef298bb7b1f15a1bdbc46fd03],
    PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(13).exe, Quarantined, [87c8cbebd9b1d56149eba5b9d0329769],
    PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(14).exe, Quarantined, [fd52d0e6c9c191a5aa8a92cc867c8d73],
    PUP.Optional.Bundlore.C, C:\Users\MITCH\Downloads\Setup(2).exe, Quarantined, [9db2eacc91f9fa3cb5f72f0c0cf6e818],
    PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(20).exe, Quarantined, [cb84ab0b3a50b77f03314c12ef13a957],
    PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(21).exe, Quarantined, [153afcbad6b4e551b97baeb08b77dd23],
    PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(22).exe, Quarantined, [62ed1c9a5535a29490a44d11dc266997],
    PUP.Optional.Bundle, C:\Users\MITCH\Downloads\FPP_Setup (1).exe, Quarantined, [9db2249229611a1c4528a8b78181a65a],
    PUP.Optional.Bundle, C:\Users\MITCH\Downloads\FPP_Setup (2).exe, Quarantined, [ec63b10589018fa725481c4343bf07f9],
    PUP.Optional.Bundle, C:\Users\MITCH\Downloads\FPP_Setup (3).exe, Quarantined, [a7a8c8ee187261d587e65e011fe354ac],
    PUP.Optional.Bundle, C:\Users\MITCH\Downloads\FPP_Setup (4).exe, Quarantined, [113e50665535999d79f4cf902fd35ba5],
    PUP.Optional.InstallCore.SID.A, C:\Users\MITCH\Downloads\adobe_flash_setup (1).exe, Quarantined, [4e018333dab020166b05422d64a2ad53],
    PUP.Optional.InstallCore.A, C:\Users\MITCH\Downloads\adobe_flash_setup(1).exe, Quarantined, [133cdadcb1d975c1d58da9c7aa5cc33d],
    PUP.Optional.InstallCore.A, C:\Users\MITCH\Downloads\adobe_flash_setup(2).exe, Quarantined, [ada2eec818723006b6ac4d23de28748c],
    PUP.Optional.InstallCore.SID.C, C:\Users\MITCH\Downloads\adobe_flash_setup(3).exe, Quarantined, [232cccea9cee14221de0bcb3ad59768a],
    PUP.Optional.InstallCore.A, C:\Users\MITCH\Downloads\adobe_flash_setup.exe, Quarantined, [6de24274c1c93303cd95e58bd036e917],
    PUP.Optional.Bundlore.C, C:\Users\MITCH\Downloads\Setup(3).exe, Quarantined, [3f1064524248e84e6448f04b5ea4d22e],
    PUP.Optional.Bundlore.C, C:\Users\MITCH\Downloads\Setup(4).exe, Quarantined, [c48bf2c497f31323307ccb7013efea16],
    PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(5).exe, Quarantined, [2b248432b8d275c170c4342a33cfd62a],
    PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(6).exe, Quarantined, [450aa412a9e166d036feee70a35f37c9],
    PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(8).exe, Quarantined, [b69902b48bff52e4ba7ac09e5fa39b65],
    PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(9).exe, Quarantined, [400feacc1e6c71c545efef6f0ff3738d],
    PUP.Optional.InstallCore.SID.A, C:\Users\MITCH\Downloads\Unconfirmed 887848.crdownload, Quarantined, [2c234571ff8bef478cec333ca26409f7],
    PUP.Optional.Bundle, C:\Users\MITCH\Downloads\FPP_Setup (5).exe, Quarantined, [7bd4bbfbb5d51224c4a94e1144bebe42],
    PUP.Optional.BundleInstaller.A, C:\Users\MITCH\Downloads\setup(10).exe, Quarantined, [3718b7ffb7d3b28430040e507a888779],
    PUP.Optional.SweetGamer.C, C:\Users\Public\GameNutt\gamenutt.exe, Quarantined, [d57a793dc2c847effc87d87a4db5cf31],
    PUP.Optional.Mindspark.A, C:\Users\Public\Videos\GamingWonderlandSetup2.5.14.31.^Z7^man000^YYA^.exe, Quarantined, [c48bc5f1ff8b50e6c320bbb45caac63a],
    PUP.Optional.DsiLoad, C:\Users\MITCH\AppData\Local\1754699dsisetup17581152.exe, Quarantined, [430c5b5bacde73c38a74f7687b87827e],
    PUP.Optional.DsiLoad, C:\Users\MITCH\AppData\Local\dsisetup14924302.exe, Quarantined, [9eb16551deacf244af4f9ac5f80a2fd1],
    PUP.Optional.DsiLoad, C:\Users\MITCH\AppData\Local\dsisetup24596202.exe, Quarantined, [c986b006ccbefd39c836cb944fb309f7],
    PUP.Optional.DsiLoad, C:\Users\MITCH\AppData\Local\dsisetup2751072.exe, Quarantined, [232c5660602a87af837bce9159a9cc34],
    PUP.Optional.DsiLoad, C:\Users\MITCH\AppData\Local\dsisetup80848292.exe, Quarantined, [8fc0eaccf99191a5be40194622e0e917],
    PUP.Optional.Binkiland.C, C:\Users\MITCH\AppData\LocalLow\Microsoft\Internet Explorer\Services\FavIcon.icoWSE_Binkiland, Quarantined, [ce81575fb5d5e254a377697d32d1b947],
    PUP.Optional.PullUpdate.A, C:\ProgramData\atpfbZ\dat\noNgeUyb.exe.config, Quarantined, [8cc3773f5c2ef93d089eaac78284659b],
    PUP.Optional.PullUpdate.A, C:\ProgramData\atpfbZ\dat\QWBmADv.exe.config, Quarantined, [8cc3773f5c2ef93d089eaac78284659b],
    PUP.Optional.PullUpdate.A, C:\ProgramData\atpfbZ\info.dat, Quarantined, [8cc3773f5c2ef93d089eaac78284659b],
    PUP.Optional.PullUpdate.A, C:\ProgramData\atpfbZ\SZSiITyB.dat, Quarantined, [8cc3773f5c2ef93d089eaac78284659b],
    PUP.Optional.PullUpdate.A, C:\ProgramData\atpfbZ\SZSiITyB.exe.config, Quarantined, [8cc3773f5c2ef93d089eaac78284659b],
    PUP.Optional.Spigot.A, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://search.yahoo...=238417&p=");),Replaced,[ada2f7bff49675c1a843026f0600e818]
    PUP.Optional.Spigot.A, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "https://search.yahoo...=238417&p=");),Replaced,[103f377f65251620ad3ecfa244c220e0]
    PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (user_pref("extensions.ciff.dca.lastDcaConfigUrl", "https://dcs-config.c...a=20140910");),Replaced,[75daa1152466bc7a35ffb8bdee18946c]
    PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (To make a manual change to preferences, you can visit the URL about:config
     */

    user_pref("app.update.a), Replaced,[410e42740b7f58defb396f06b15502fe]
    PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (se);
    user_pref("app.update.enabled", false);
    user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1436401781);
    use), Replaced,[6fe0c1f509815adce94b7afb887e4ab6]
    PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (out:config
     */

    user_pref("app.update.auto", false);
    user_pref("app.update.enabled", false);
    user_pref("app.update.lastUpdateT), Replaced,[07487244602a69cdf93bc6af0600dc24]
    PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (s.
     *
     * To make a manual change to preferences, you can visit the URL about:config
     */

    user_pref("app.update.auto", false);
    user_), Replaced,[1b3493236e1c082e7bb9cbaabe48ac54]
    PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (make changes to this file while the application is running,
     * the changes will be overwritten when the application exits.
     *), Replaced,[2a252294088203337aba0d6863a3d32d]
    PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (n exits.
     *
     * To make a manual change to preferences, you can visit the URL about:config
     */

    user_pref("app.update.auto", false);
    user_pref("app.update.enabled", false);
    user_pref("app.update.lastUpdateTime.addon-back), Replaced,[0f403f77404a44f27abae293a85eb54b]
    PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (er_pref("app.update.enabled", false);
    user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1436401781);
    user_pref(), Replaced,[2a25b9fddcaeae88151fbfb6b84e5aa6]
    PUP.Optional.ConsumerInput.C, C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\prefs.js, Good: (), Bad: (mer", 1436401660);
    user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1428374667);
    user_pref("app.update.l), Replaced,[7cd31c9a6b1f70c62c0890e520e69967]

    Physical Sectors: 0
    (No malicious items detected)


    (end)

     

    Protection Log:

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Scan, 7/11/2015 7:37:41 AM, SYSTEM, MITCH-PC, Manual, Start:7/10/2015 9:57:26 PM, Duration:2 hr 6 min 51 sec, Threat Scan, Completed, 0 Malware Detections, 391 Non-Malware Detections,

    (end)

     

    (FYI: Will be able to see your advice but not act on it until after 4 pm EST.  Thanks again.)



    #10 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 11 July 2015 - 07:37 AM

    Whoever used or owned this laptop previously really did a number on it :(

     

    Open up FRST, make sure to put a checkmark in Additions, run a new scan and post both the FRST and Additions logs



     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

      Advertisements

    Register to Remove


    #11 mickey7

    mickey7

      Silver Member

    • Authentic Member
    • PipPipPip
    • 254 posts

    Posted 11 July 2015 - 07:45 AM

    I know, I took one look and did a facepalm and long shake of the head. I should have known I would need help then. I try to tell them about clicking on stuff etc and the importance of antivirus and malware screeners (and to USE them), but alas...  maybe I should try to install a filter or block sites.. lol...

     

    But anyway,  will rerun scan when I return home. Thanks.



    #12 mickey7

    mickey7

      Silver Member

    • Authentic Member
    • PipPipPip
    • 254 posts

    Posted 11 July 2015 - 03:54 PM

    here are the logs:

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015
    Ran by MITCH (administrator) on MITCH-PC on 11-07-2015 16:18:33
    Running from C:\Users\MITCH\Desktop
    Loaded Profiles: MITCH (Available Profiles: MITCH)
    Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\stacsv64.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Agere Systems) C:\Windows\System32\agr64svc.exe
    () C:\Program Files (x86)\SMINST\BLService.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Microsoft Corporation) C:\Windows\System32\PresentationSettings.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    (Google Inc.) C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    (Google Inc.) C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
    (Farbar) C:\Users\MITCH\Desktop\FRST64(1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Windows Defender] => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [456192 2009-08-13] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-10-08] ( Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
    HKLM-x32\...\Run: [DVDAgent] => "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-09-25] (CyberLink)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre1.8.0_25\bin\jusched.exe"
    HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKU\S-1-5-21-499354876-3266562091-500007027-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
    HKU\S-1-5-21-499354876-3266562091-500007027-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
    SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
    SearchScopes: HKLM -> {934BCD49-C81A-4ED0-86DF-56EE1B6DA341} URL = http://search.live.c...ms}&FORM=HPNTDF
    SearchScopes: HKLM -> {a3e1d674-04ee-4c9e-b143-442555830fb7} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {4F5E3C10-FEB0-467A-A7CD-FD0C05FDA134} URL = http://www.flickr.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
    SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {CFE23308-78C6-44BE-99F5-8A42DE00E17B} URL = http://search.yahoo....f-8&fr=chr-yie9
    SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {EFA0BB11-5A96-43DF-A6CC-F172A691CAB1} URL = http://delicious.com...p={searchTerms}
    Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-05-30] (Microsoft Corporation)
    DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
    Hosts: 127.0.0.1    localhost
    Tcpip\Parameters: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.0.180
    Tcpip\..\Interfaces\{28A4C540-8B9E-470A-9135-F3AE6A55F184}: [NameServer] 208.67.222.222,208.67.220.220
    Tcpip\..\Interfaces\{28A4C540-8B9E-470A-9135-F3AE6A55F184}: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.0.180
    Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [NameServer] 82.163.143.150,82.163.142.152
    Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.80.251

    FireFox:
    ========
    FF ProfilePath: C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default
    FF DefaultSearchEngine: Binkiland
    FF SearchEngineOrder.3: Bing
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-25] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-25] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @ei.GamingWonderland.com/Plugin -> C:\Program Files (x86)\GamingWonderlandEI\Installr\2.bin\NPgtEISB.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-16] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-16] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-30] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-30] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2015-01-02] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
    FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @tools.google.com/Google Update;version=3 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @tools.google.com/Google Update;version=9 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\generic_search.xml [2014-11-13]
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-14]
    FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\MGKN37049485@ACPSC11936960.com [not found]
    FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\vriyjhvpjcaii@wkthnvmbgqrmsmmjo.net [not found]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Docs) - C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-22]
    CHR HKLM\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
    CHR HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
    CHR HKLM-x32\...\Chrome\Extension: [Äÿ] - No Path Or update_url value

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
    R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-06-29] () [File not signed]
    R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe [240640 2009-08-13] (IDT, Inc.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
    S3 cpuz134; \??\C:\Users\MITCH\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    U4 eabfiltr; No ImagePath
    S4 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-11 16:18 - 2015-07-11 16:21 - 00016066 _____ C:\Users\MITCH\Desktop\FRST.txt
    2015-07-11 16:15 - 2015-07-11 16:15 - 00003436 _____ C:\Windows\System32\Tasks\PresentationSettingsTurnOff_MITCH-PC_MITCH
    2015-07-11 07:37 - 2015-07-11 07:37 - 00001064 _____ C:\mbl.txt
    2015-07-10 21:18 - 2015-07-10 21:18 - 00005846 _____ C:\Users\MITCH\Documents\JRT.txt
    2015-07-10 21:01 - 2015-07-10 20:55 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\MITCH\Desktop\mbam-setup-2.1.8.1057.exe
    2015-07-10 21:00 - 2015-07-10 20:34 - 03033806 _____ (Malwarebytes Corporation) C:\Users\MITCH\Desktop\JRT.exe
    2015-07-10 20:31 - 2015-07-10 20:27 - 02248704 _____ C:\Users\MITCH\Desktop\AdwCleaner(1).exe
    2015-07-10 17:33 - 2015-07-10 17:30 - 02112512 _____ (Farbar) C:\Users\MITCH\Desktop\FRST64(1).exe
    2015-07-10 14:29 - 2015-07-11 16:18 - 00000000 ____D C:\FRST
    2015-07-10 14:17 - 2015-07-10 14:17 - 00006717 _____ C:\Users\MITCH\Desktop\dds.zip
    2015-07-10 14:17 - 2015-07-10 14:17 - 00003205 _____ C:\Users\MITCH\Desktop\attach.zip
    2015-07-10 14:02 - 2015-07-10 14:03 - 00011433 _____ C:\Users\MITCH\Documents\hijackthis.log
    2015-07-10 13:58 - 2015-07-10 13:59 - 00002519 _____ C:\Users\MITCH\Desktop\HiJackThis.lnk
    2015-07-10 13:58 - 2015-07-10 13:59 - 00000000 ____D C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2015-07-10 13:58 - 2015-07-10 13:58 - 00000000 ____D C:\Program Files (x86)\Trend Micro
    2015-07-10 13:57 - 2014-10-31 13:30 - 00688992 ____R (Swearware) C:\Users\MITCH\Desktop\dds.com
    2015-07-10 13:57 - 2014-04-12 15:05 - 01402880 _____ C:\Users\MITCH\Desktop\HijackThis.msi
    2015-07-10 08:57 - 2014-10-29 21:33 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\MITCH\Desktop\mbam-setup-2.0.3.1025.exe
    2015-07-09 20:27 - 2015-07-09 22:53 - 00000000 ____D C:\Users\MITCH\Desktop\mbar
    2015-07-09 20:24 - 2015-07-09 15:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\MITCH\Desktop\tdsskiller.exe
    2015-07-09 19:14 - 2015-07-09 15:24 - 21971528 _____ C:\Users\MITCH\Desktop\RogueKillerX64.exe
    2015-07-09 19:10 - 2015-07-09 15:19 - 05200384 _____ (AVAST Software) C:\Users\MITCH\Desktop\aswMBR.exe
    2015-07-07 21:05 - 2015-07-07 15:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MITCH\Desktop\revosetup.exe
    2015-07-07 17:59 - 2015-07-07 17:59 - 00000000 _____ C:\Users\MITCH\AppData\Local\Temp.dat
    2015-07-07 17:51 - 2015-07-07 17:51 - 00001861 _____ C:\Users\MITCH\Desktop\chrome.lnk
    2015-07-07 17:42 - 2015-07-07 21:05 - 00001059 _____ C:\Users\MITCH\Desktop\Revo Uninstaller.lnk
    2015-07-07 17:42 - 2015-07-07 21:05 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
    2015-07-07 08:31 - 2015-07-07 08:31 - 00000949 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    2015-07-05 01:32 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-07-05 01:32 - 2015-04-30 11:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-07-05 01:18 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Gravity Highlighter
    2015-07-05 01:07 - 2015-04-10 19:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-07-05 01:07 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
    2015-07-05 01:02 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Looper for YouTube
    2015-07-03 17:18 - 2015-07-03 17:22 - 00004097 _____ C:\Windows\system32\dummy.002
    2015-06-30 18:08 - 2015-06-30 18:08 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (38).exe
    2015-06-27 22:14 - 2015-05-08 19:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-06-27 22:14 - 2015-05-08 19:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-06-27 22:10 - 2015-05-04 18:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-06-27 22:10 - 2015-05-04 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-06-27 22:10 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-06-27 22:10 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-06-27 22:10 - 2015-05-04 18:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-06-27 22:10 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-06-27 22:10 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-06-27 22:10 - 2015-05-04 18:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-06-27 22:10 - 2015-05-04 17:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-06-27 22:10 - 2015-05-04 17:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-06-27 22:09 - 2015-05-21 10:36 - 02795520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-06-27 21:40 - 2015-04-24 11:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
    2015-06-27 21:40 - 2015-04-24 11:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2015-06-27 21:39 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Redbooth for Gmail
    2015-06-24 18:46 - 2015-06-24 18:46 - 00000680 _____ C:\Users\MITCH\AppData\Local\d3d9caps.dat
    2015-06-24 17:11 - 2015-06-24 17:11 - 02808824 _____ (tuneuppro.com ) C:\Users\MITCH\Downloads\setup (5).exe
    2015-06-22 23:35 - 2015-06-22 23:35 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\Unconfirmed 680101.crdownload
    2015-06-22 23:33 - 2015-06-26 16:40 - 00001985 _____ C:\Users\MITCH\Desktop\Google Chrome.lnk
    2015-06-22 23:22 - 2015-06-22 23:24 - 00000000 ____D C:\94d4568a-ad62-4a6e-a62b-238f2297a462
    2015-06-22 23:20 - 2015-06-22 23:20 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (37).exe
    2015-06-22 22:22 - 2015-05-30 20:48 - 02343424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-06-22 22:21 - 2015-05-30 20:42 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-06-22 22:21 - 2015-05-30 20:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-06-22 22:21 - 2015-05-30 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-06-22 22:21 - 2015-05-30 20:40 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-06-22 22:21 - 2015-05-30 20:40 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-06-22 22:21 - 2015-05-30 20:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-06-22 22:21 - 2015-05-30 19:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-06-22 22:21 - 2015-05-30 19:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-06-22 22:21 - 2015-05-30 19:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-06-22 22:21 - 2015-05-30 19:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-06-22 22:21 - 2015-05-30 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-06-22 22:21 - 2015-05-30 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-06-22 22:21 - 2015-05-30 19:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-06-22 22:21 - 2015-05-30 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-06-22 22:21 - 2015-05-30 19:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-06-22 22:20 - 2015-05-30 21:05 - 17884672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-06-22 22:20 - 2015-05-30 20:41 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-06-22 22:20 - 2015-05-30 20:40 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-06-22 22:20 - 2015-05-30 20:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-06-22 22:19 - 2015-05-30 20:41 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-06-22 22:19 - 2015-05-30 20:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-06-22 22:19 - 2015-05-30 19:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-06-22 22:19 - 2015-05-30 19:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2015-06-22 22:19 - 2015-05-30 19:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2015-06-22 22:18 - 2015-05-30 20:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-06-22 22:18 - 2015-05-30 20:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-06-22 22:18 - 2015-05-30 20:41 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-06-22 22:18 - 2015-05-30 20:41 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-06-22 22:18 - 2015-05-30 20:41 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-06-22 22:18 - 2015-05-30 20:41 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-06-22 22:18 - 2015-05-30 20:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-06-22 22:18 - 2015-05-30 19:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-06-22 22:18 - 2015-05-30 19:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-06-22 22:18 - 2015-05-30 19:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-06-22 22:18 - 2015-05-30 19:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-06-22 22:18 - 2015-05-30 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2015-06-22 22:17 - 2015-05-30 20:49 - 10935296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-06-22 22:17 - 2015-05-30 20:41 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-06-22 22:17 - 2015-05-30 20:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-06-22 22:17 - 2015-05-30 19:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-06-22 22:17 - 2015-05-30 19:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-06-22 22:17 - 2015-05-30 19:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-06-22 22:17 - 2015-05-30 19:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2015-06-21 14:24 - 2015-04-19 17:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
    2015-06-21 14:24 - 2015-04-19 17:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
    2015-06-21 14:24 - 2015-04-19 17:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
    2015-06-21 14:24 - 2015-04-19 17:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
    2015-06-21 14:24 - 2015-04-19 16:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2015-06-21 14:24 - 2015-04-19 16:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2015-06-21 14:24 - 2015-04-19 16:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2015-06-21 14:24 - 2015-04-19 16:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-06-21 14:24 - 2015-04-17 20:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
    2015-06-21 14:24 - 2015-04-17 20:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
    2015-06-21 14:24 - 2015-04-17 20:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
    2015-06-21 14:24 - 2015-04-17 20:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
    2015-06-21 14:24 - 2015-04-17 19:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-06-21 14:24 - 2015-04-17 19:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2015-06-21 14:24 - 2015-04-17 19:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2015-06-21 14:24 - 2015-04-17 19:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-06-21 14:24 - 2015-04-17 19:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-06-20 17:43 - 2015-06-20 17:43 - 00000000 ____D C:\Program Files (x86)\Galaxy New Tab
    2015-06-20 17:01 - 2015-06-20 17:01 - 00000000 ____D C:\Program Files (x86)\saVeerabbOOx
    2015-06-20 16:57 - 2015-06-20 17:04 - 00000000 ____D C:\Program Files (x86)\saverabOx
    2015-06-20 16:53 - 2015-06-20 17:38 - 00000000 ____D C:\Program Files (x86)\JavaScript Popup Blocker
    2015-06-13 03:11 - 2015-06-13 03:42 - 00763984 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (36).exe
    2015-06-13 03:10 - 2015-06-13 03:30 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (35).exe
    2015-06-13 03:09 - 2015-06-13 03:20 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (33).exe
    2015-06-13 03:09 - 2015-06-13 03:19 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (34).exe
    2015-06-13 03:03 - 2015-06-13 03:17 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (31).exe
    2015-06-13 03:03 - 2015-06-13 03:13 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (32).exe
    2015-06-13 02:56 - 2015-06-13 02:56 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (30).exe
    2015-06-13 02:55 - 2015-06-13 02:55 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (29).exe
    2015-06-13 02:35 - 2015-06-13 02:37 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (28).exe
    2015-06-13 02:33 - 2015-06-13 02:33 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (27).exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-11 16:24 - 2014-11-15 20:12 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA.job
    2015-07-11 16:21 - 2011-08-08 22:41 - 01278983 _____ C:\Windows\WindowsUpdate.log
    2015-07-11 16:18 - 2012-09-10 13:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-07-11 16:18 - 2008-10-23 05:54 - 00003580 _____ C:\Windows\System32\Tasks\HP Health Check
    2015-07-11 16:14 - 2014-11-21 21:35 - 00000414 _____ C:\Windows\Tasks\Quick PC Booster64 startups.job
    2015-07-11 16:14 - 2014-09-23 16:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-07-11 16:14 - 2013-12-08 15:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b.job
    2015-07-11 16:14 - 2013-08-11 15:29 - 04084900 _____ C:\Windows\PFRO.log
    2015-07-11 16:14 - 2011-12-22 01:42 - 00065536 _____ C:\Windows\system32\Ikeext.etl
    2015-07-11 16:14 - 2011-10-15 20:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-07-11 16:14 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-07-11 16:14 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-07-11 16:14 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-07-11 16:14 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\security
    2015-07-11 07:43 - 2008-10-23 03:45 - 00000012 _____ C:\Windows\bthservsdp.dat
    2015-07-11 07:43 - 2006-11-02 11:42 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-07-11 07:37 - 2013-01-24 17:42 - 00000000 ____D C:\Users\Public\GameNutt
    2015-07-11 03:00 - 2012-05-04 11:50 - 00002313 _____ C:\Windows\epplauncher.mif
    2015-07-10 21:50 - 2014-09-23 16:56 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-07-10 21:37 - 2014-09-23 16:54 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-07-10 21:37 - 2014-09-23 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-07-10 20:48 - 2014-12-02 08:06 - 00000000 ____D C:\AdwCleaner
    2015-07-10 20:48 - 2012-07-28 18:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-07-10 20:45 - 2014-11-15 20:12 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core.job
    2015-07-10 17:27 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\Help
    2015-07-10 14:34 - 2015-04-18 12:47 - 00000000 ____D C:\Program Files (x86)\Tab Hibernation
    2015-07-10 14:34 - 2015-01-06 02:55 - 00000000 ____D C:\Program Files (x86)\ce88c4aa-b86a-4c1e-bb45-d6da615fde68
    2015-07-10 14:34 - 2014-11-11 01:11 - 00000000 ____D C:\Program Files (x86)\360a619a-0cf8-4762-bee6-45c5335152cc
    2015-07-10 14:22 - 2015-04-06 00:06 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    2015-07-09 22:53 - 2014-12-02 01:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-07-09 20:24 - 2014-12-03 08:40 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-07-09 19:34 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\tracing
    2015-07-09 19:15 - 2014-12-03 08:40 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-07-09 19:13 - 2006-11-02 08:46 - 00005086 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-07-07 23:23 - 2015-05-05 03:18 - 00000000 ____D C:\Users\MITCH\AppData\Local\CrashDumps
    2015-07-07 23:15 - 2012-10-08 16:39 - 00000000 ____D C:\Windows\Minidump
    2015-07-07 08:31 - 2011-09-27 01:39 - 00000934 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-07-07 08:30 - 2011-09-27 01:38 - 00000915 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
    2015-07-07 03:12 - 2014-01-11 07:47 - 00000000 ____D C:\Windows\pss
    2015-07-06 19:48 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache
    2015-07-05 02:01 - 2008-10-23 05:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-07-05 01:54 - 2008-10-23 05:11 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-07-05 01:11 - 2014-12-07 19:21 - 00116019 _____ C:\Windows\system32\ScanResults.xml
    2015-07-05 01:06 - 2011-08-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-07-05 00:42 - 2014-11-11 21:56 - 00000188 _____ C:\Users\MITCH\AppData\Roaming\WB.CFG
    2015-07-05 00:35 - 2014-12-07 19:12 - 00000464 _____ C:\Windows\system32\ScannerSettings
    2015-07-03 21:08 - 2006-11-02 08:33 - 77594624 _____ C:\Windows\system32\config\software_previous
    2015-07-03 21:07 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\spool
    2015-07-03 21:07 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\Msdtc
    2015-07-03 21:07 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\registration
    2015-07-03 21:07 - 2006-11-02 08:33 - 22544384 _____ C:\Windows\system32\config\system_previous
    2015-07-03 21:02 - 2006-11-02 08:33 - 66322432 _____ C:\Windows\system32\config\components_previous
    2015-07-03 21:01 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
    2015-07-03 17:09 - 2011-08-09 07:14 - 00000000 ____D C:\Users\MITCH
    2015-07-03 16:20 - 2006-11-02 08:33 - 00524288 _____ C:\Windows\system32\config\default_previous
    2015-07-03 16:20 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\security_previous
    2015-06-27 22:30 - 2006-11-02 11:21 - 00317688 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-06-27 22:09 - 2013-11-20 01:25 - 00000000 ____D C:\Windows\system32\MRT
    2015-06-26 17:03 - 2014-12-26 00:40 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2015-06-25 20:21 - 2012-09-10 13:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-06-25 20:21 - 2012-09-10 13:33 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-06-25 20:21 - 2011-08-14 13:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-22 22:32 - 2015-01-25 22:35 - 00000000 ____D C:\Program Files (x86)\Strong Password Generator
    2015-06-21 00:09 - 2006-11-02 09:33 - 00000000 __RSD C:\Windows\Media
    2015-06-19 23:45 - 2013-05-12 21:04 - 00000000 ____D C:\temp
    2015-06-18 08:41 - 2014-09-23 16:51 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-06-18 08:41 - 2014-09-23 16:51 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-06-18 08:41 - 2013-01-03 10:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

    ==================== Files in the root of some directories =======

    2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\MITCH\AppData\Roaming\QV
    2011-09-04 18:51 - 2011-09-04 18:51 - 0029216 _____ () C:\Users\MITCH\AppData\Roaming\UserTile.png
    2014-11-11 21:56 - 2015-07-05 00:42 - 0000188 _____ () C:\Users\MITCH\AppData\Roaming\WB.CFG
    2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\AtStart.txt
    2015-06-24 18:46 - 2015-06-24 18:46 - 0000680 _____ () C:\Users\MITCH\AppData\Local\d3d9caps.dat
    2011-08-09 07:45 - 2014-01-11 18:49 - 0007680 _____ () C:\Users\MITCH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\DSwitch.txt
    2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\QSwitch.txt
    2015-07-07 17:59 - 2015-07-07 17:59 - 0000000 _____ () C:\Users\MITCH\AppData\Local\Temp.dat
    2014-01-27 03:19 - 2014-01-28 16:45 - 0002763 _____ () C:\ProgramData\connector.swf
    2011-08-08 23:17 - 2011-08-08 23:17 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2008-10-23 05:36 - 2008-10-23 05:37 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2011-08-08 23:16 - 2011-08-08 23:16 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2008-10-23 05:24 - 2008-10-23 05:27 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2011-08-08 23:14 - 2011-08-08 23:14 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2011-08-08 23:16 - 2011-08-08 23:16 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    2008-10-23 05:22 - 2008-10-23 05:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2008-10-23 05:27 - 2008-10-23 05:36 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    2011-08-08 23:17 - 2011-08-08 23:17 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    Files to move or delete:
    ====================
    C:\Users\Public\AlexaNSISPlugin.8428.dll


    Some files in TEMP:
    ====================
    C:\Users\MITCH\AppData\Local\Temp\2cedfc8d-10f8-498f-8e56-6c2bc70b001e.exe
    C:\Users\MITCH\AppData\Local\Temp\ASPackage.exe
    C:\Users\MITCH\AppData\Local\Temp\CloudBackup1299.exe
    C:\Users\MITCH\AppData\Local\Temp\CloudBackup4488.exe
    C:\Users\MITCH\AppData\Local\Temp\component_634-1C80.exe
    C:\Users\MITCH\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\MITCH\AppData\Local\Temp\eFixProPackage.exe
    C:\Users\MITCH\AppData\Local\Temp\jre-8u25-windows-au.exe
    C:\Users\MITCH\AppData\Local\Temp\ms.exe
    C:\Users\MITCH\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\MITCH\AppData\Local\Temp\optprosetup.exe
    C:\Users\MITCH\AppData\Local\Temp\Quarantine.exe
    C:\Users\MITCH\AppData\Local\Temp\ReimagePackage.exe
    C:\Users\MITCH\AppData\Local\Temp\ReiScanner.exe
    C:\Users\MITCH\AppData\Local\Temp\ReiSysUpdate.exe
    C:\Users\MITCH\AppData\Local\Temp\sdf2092.exe
    C:\Users\MITCH\AppData\Local\Temp\sdf33E3.exe
    C:\Users\MITCH\AppData\Local\Temp\sdf4578.exe
    C:\Users\MITCH\AppData\Local\Temp\sdfF834.exe
    C:\Users\MITCH\AppData\Local\Temp\setacl.exe
    C:\Users\MITCH\AppData\Local\Temp\Setup0988111.exe
    C:\Users\MITCH\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    C:\Users\MITCH\AppData\Local\Temp\sqlite3.dll
    C:\Users\MITCH\AppData\Local\Temp\sqlite3.exe
    C:\Users\MITCH\AppData\Local\Temp\updater_uninstall.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-07-11 16:20

    ==================== End of log ============================

     

     

    and..

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015
    Ran by MITCH (administrator) on MITCH-PC on 11-07-2015 16:18:33
    Running from C:\Users\MITCH\Desktop
    Loaded Profiles: MITCH (Available Profiles: MITCH)
    Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\stacsv64.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Agere Systems) C:\Windows\System32\agr64svc.exe
    () C:\Program Files (x86)\SMINST\BLService.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Microsoft Corporation) C:\Windows\System32\PresentationSettings.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    (Google Inc.) C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    (Google Inc.) C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
    (Farbar) C:\Users\MITCH\Desktop\FRST64(1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Windows Defender] => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [456192 2009-08-13] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-09-23] (Hewlett-Packard)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-10-08] ( Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [hpWirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Health Check Scheduler] => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard)
    HKLM-x32\...\Run: [DVDAgent] => "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-09-25] (CyberLink)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Java\jre1.8.0_25\bin\jusched.exe"
    HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [HPAdvisor] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-499354876-3266562091-500007027-1000\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKU\S-1-5-21-499354876-3266562091-500007027-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
    HKU\S-1-5-21-499354876-3266562091-500007027-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
    SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
    SearchScopes: HKLM -> {934BCD49-C81A-4ED0-86DF-56EE1B6DA341} URL = http://search.live.c...ms}&FORM=HPNTDF
    SearchScopes: HKLM -> {a3e1d674-04ee-4c9e-b143-442555830fb7} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {4F5E3C10-FEB0-467A-A7CD-FD0C05FDA134} URL = http://www.flickr.co...q={searchTerms}
    SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/...=MSSEDF&pc=MSSE
    SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {CFE23308-78C6-44BE-99F5-8A42DE00E17B} URL = http://search.yahoo....f-8&fr=chr-yie9
    SearchScopes: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> {EFA0BB11-5A96-43DF-A6CC-F172A691CAB1} URL = http://delicious.com...p={searchTerms}
    Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-05-30] (Microsoft Corporation)
    DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
    Hosts: 127.0.0.1    localhost
    Tcpip\Parameters: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.0.180
    Tcpip\..\Interfaces\{28A4C540-8B9E-470A-9135-F3AE6A55F184}: [NameServer] 208.67.222.222,208.67.220.220
    Tcpip\..\Interfaces\{28A4C540-8B9E-470A-9135-F3AE6A55F184}: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.0.180
    Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [NameServer] 82.163.143.150,82.163.142.152
    Tcpip\..\Interfaces\{68E1D355-F539-4C48-9BF8-A8AA8237B7FA}: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.80.251

    FireFox:
    ========
    FF ProfilePath: C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default
    FF DefaultSearchEngine: Binkiland
    FF SearchEngineOrder.3: Bing
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-25] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-25] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @ei.GamingWonderland.com/Plugin -> C:\Program Files (x86)\GamingWonderlandEI\Installr\2.bin\NPgtEISB.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-16] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-16] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-30] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-30] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2015-01-02] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
    FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @tools.google.com/Google Update;version=3 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
    FF Plugin HKU\S-1-5-21-499354876-3266562091-500007027-1000: @tools.google.com/Google Update;version=9 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-11-15] (Google Inc.)
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\generic_search.xml [2014-11-13]
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-14]
    FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
    FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\MGKN37049485@ACPSC11936960.com [not found]
    FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\vriyjhvpjcaii@wkthnvmbgqrmsmmjo.net [not found]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Docs) - C:\Users\MITCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-22]
    CHR HKLM\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
    CHR HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
    CHR HKLM-x32\...\Chrome\Extension: [Äÿ] - No Path Or update_url value

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
    R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-06-29] () [File not signed]
    R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe [240640 2009-08-13] (IDT, Inc.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
    S3 cpuz134; \??\C:\Users\MITCH\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    U4 eabfiltr; No ImagePath
    S4 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-11 16:18 - 2015-07-11 16:21 - 00016066 _____ C:\Users\MITCH\Desktop\FRST.txt
    2015-07-11 16:15 - 2015-07-11 16:15 - 00003436 _____ C:\Windows\System32\Tasks\PresentationSettingsTurnOff_MITCH-PC_MITCH
    2015-07-11 07:37 - 2015-07-11 07:37 - 00001064 _____ C:\mbl.txt
    2015-07-10 21:18 - 2015-07-10 21:18 - 00005846 _____ C:\Users\MITCH\Documents\JRT.txt
    2015-07-10 21:01 - 2015-07-10 20:55 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\MITCH\Desktop\mbam-setup-2.1.8.1057.exe
    2015-07-10 21:00 - 2015-07-10 20:34 - 03033806 _____ (Malwarebytes Corporation) C:\Users\MITCH\Desktop\JRT.exe
    2015-07-10 20:31 - 2015-07-10 20:27 - 02248704 _____ C:\Users\MITCH\Desktop\AdwCleaner(1).exe
    2015-07-10 17:33 - 2015-07-10 17:30 - 02112512 _____ (Farbar) C:\Users\MITCH\Desktop\FRST64(1).exe
    2015-07-10 14:29 - 2015-07-11 16:18 - 00000000 ____D C:\FRST
    2015-07-10 14:17 - 2015-07-10 14:17 - 00006717 _____ C:\Users\MITCH\Desktop\dds.zip
    2015-07-10 14:17 - 2015-07-10 14:17 - 00003205 _____ C:\Users\MITCH\Desktop\attach.zip
    2015-07-10 14:02 - 2015-07-10 14:03 - 00011433 _____ C:\Users\MITCH\Documents\hijackthis.log
    2015-07-10 13:58 - 2015-07-10 13:59 - 00002519 _____ C:\Users\MITCH\Desktop\HiJackThis.lnk
    2015-07-10 13:58 - 2015-07-10 13:59 - 00000000 ____D C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2015-07-10 13:58 - 2015-07-10 13:58 - 00000000 ____D C:\Program Files (x86)\Trend Micro
    2015-07-10 13:57 - 2014-10-31 13:30 - 00688992 ____R (Swearware) C:\Users\MITCH\Desktop\dds.com
    2015-07-10 13:57 - 2014-04-12 15:05 - 01402880 _____ C:\Users\MITCH\Desktop\HijackThis.msi
    2015-07-10 08:57 - 2014-10-29 21:33 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\MITCH\Desktop\mbam-setup-2.0.3.1025.exe
    2015-07-09 20:27 - 2015-07-09 22:53 - 00000000 ____D C:\Users\MITCH\Desktop\mbar
    2015-07-09 20:24 - 2015-07-09 15:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\MITCH\Desktop\tdsskiller.exe
    2015-07-09 19:14 - 2015-07-09 15:24 - 21971528 _____ C:\Users\MITCH\Desktop\RogueKillerX64.exe
    2015-07-09 19:10 - 2015-07-09 15:19 - 05200384 _____ (AVAST Software) C:\Users\MITCH\Desktop\aswMBR.exe
    2015-07-07 21:05 - 2015-07-07 15:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\MITCH\Desktop\revosetup.exe
    2015-07-07 17:59 - 2015-07-07 17:59 - 00000000 _____ C:\Users\MITCH\AppData\Local\Temp.dat
    2015-07-07 17:51 - 2015-07-07 17:51 - 00001861 _____ C:\Users\MITCH\Desktop\chrome.lnk
    2015-07-07 17:42 - 2015-07-07 21:05 - 00001059 _____ C:\Users\MITCH\Desktop\Revo Uninstaller.lnk
    2015-07-07 17:42 - 2015-07-07 21:05 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
    2015-07-07 08:31 - 2015-07-07 08:31 - 00000949 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    2015-07-05 01:32 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-07-05 01:32 - 2015-04-30 11:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-07-05 01:18 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Gravity Highlighter
    2015-07-05 01:07 - 2015-04-10 19:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-07-05 01:07 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
    2015-07-05 01:02 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Looper for YouTube
    2015-07-03 17:18 - 2015-07-03 17:22 - 00004097 _____ C:\Windows\system32\dummy.002
    2015-06-30 18:08 - 2015-06-30 18:08 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (38).exe
    2015-06-27 22:14 - 2015-05-08 19:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-06-27 22:14 - 2015-05-08 19:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-06-27 22:10 - 2015-05-04 18:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-06-27 22:10 - 2015-05-04 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-06-27 22:10 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-06-27 22:10 - 2015-05-04 18:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-06-27 22:10 - 2015-05-04 18:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-06-27 22:10 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-06-27 22:10 - 2015-05-04 18:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-06-27 22:10 - 2015-05-04 18:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-06-27 22:10 - 2015-05-04 17:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-06-27 22:10 - 2015-05-04 17:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-06-27 22:09 - 2015-05-21 10:36 - 02795520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-06-27 21:40 - 2015-04-24 11:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
    2015-06-27 21:40 - 2015-04-24 11:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2015-06-27 21:39 - 2015-07-10 14:34 - 00000000 ____D C:\Program Files (x86)\Redbooth for Gmail
    2015-06-24 18:46 - 2015-06-24 18:46 - 00000680 _____ C:\Users\MITCH\AppData\Local\d3d9caps.dat
    2015-06-24 17:11 - 2015-06-24 17:11 - 02808824 _____ (tuneuppro.com ) C:\Users\MITCH\Downloads\setup (5).exe
    2015-06-22 23:35 - 2015-06-22 23:35 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\Unconfirmed 680101.crdownload
    2015-06-22 23:33 - 2015-06-26 16:40 - 00001985 _____ C:\Users\MITCH\Desktop\Google Chrome.lnk
    2015-06-22 23:22 - 2015-06-22 23:24 - 00000000 ____D C:\94d4568a-ad62-4a6e-a62b-238f2297a462
    2015-06-22 23:20 - 2015-06-22 23:20 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (37).exe
    2015-06-22 22:22 - 2015-05-30 20:48 - 02343424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-06-22 22:21 - 2015-05-30 20:42 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-06-22 22:21 - 2015-05-30 20:41 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-06-22 22:21 - 2015-05-30 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-06-22 22:21 - 2015-05-30 20:40 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-06-22 22:21 - 2015-05-30 20:40 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-06-22 22:21 - 2015-05-30 20:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-06-22 22:21 - 2015-05-30 19:55 - 01809920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-06-22 22:21 - 2015-05-30 19:49 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-06-22 22:21 - 2015-05-30 19:49 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-06-22 22:21 - 2015-05-30 19:49 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-06-22 22:21 - 2015-05-30 19:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-06-22 22:21 - 2015-05-30 19:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-06-22 22:21 - 2015-05-30 19:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-06-22 22:21 - 2015-05-30 19:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-06-22 22:21 - 2015-05-30 19:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-06-22 22:20 - 2015-05-30 21:05 - 17884672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-06-22 22:20 - 2015-05-30 20:41 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-06-22 22:20 - 2015-05-30 20:40 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-06-22 22:20 - 2015-05-30 20:03 - 12385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-06-22 22:19 - 2015-05-30 20:41 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-06-22 22:19 - 2015-05-30 20:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-06-22 22:19 - 2015-05-30 19:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-06-22 22:19 - 2015-05-30 19:48 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2015-06-22 22:19 - 2015-05-30 19:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2015-06-22 22:18 - 2015-05-30 20:50 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-06-22 22:18 - 2015-05-30 20:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-06-22 22:18 - 2015-05-30 20:41 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-06-22 22:18 - 2015-05-30 20:41 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-06-22 22:18 - 2015-05-30 20:41 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-06-22 22:18 - 2015-05-30 20:41 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-06-22 22:18 - 2015-05-30 20:40 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-06-22 22:18 - 2015-05-30 19:50 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-06-22 22:18 - 2015-05-30 19:48 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-06-22 22:18 - 2015-05-30 19:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-06-22 22:18 - 2015-05-30 19:48 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-06-22 22:18 - 2015-05-30 19:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2015-06-22 22:17 - 2015-05-30 20:49 - 10935296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-06-22 22:17 - 2015-05-30 20:41 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-06-22 22:17 - 2015-05-30 20:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-06-22 22:17 - 2015-05-30 19:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-06-22 22:17 - 2015-05-30 19:53 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-06-22 22:17 - 2015-05-30 19:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-06-22 22:17 - 2015-05-30 19:47 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2015-06-21 14:24 - 2015-04-19 17:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
    2015-06-21 14:24 - 2015-04-19 17:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
    2015-06-21 14:24 - 2015-04-19 17:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
    2015-06-21 14:24 - 2015-04-19 17:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
    2015-06-21 14:24 - 2015-04-19 16:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2015-06-21 14:24 - 2015-04-19 16:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2015-06-21 14:24 - 2015-04-19 16:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2015-06-21 14:24 - 2015-04-19 16:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-06-21 14:24 - 2015-04-17 20:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
    2015-06-21 14:24 - 2015-04-17 20:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
    2015-06-21 14:24 - 2015-04-17 20:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
    2015-06-21 14:24 - 2015-04-17 20:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
    2015-06-21 14:24 - 2015-04-17 19:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-06-21 14:24 - 2015-04-17 19:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2015-06-21 14:24 - 2015-04-17 19:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2015-06-21 14:24 - 2015-04-17 19:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-06-21 14:24 - 2015-04-17 19:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-06-20 17:43 - 2015-06-20 17:43 - 00000000 ____D C:\Program Files (x86)\Galaxy New Tab
    2015-06-20 17:01 - 2015-06-20 17:01 - 00000000 ____D C:\Program Files (x86)\saVeerabbOOx
    2015-06-20 16:57 - 2015-06-20 17:04 - 00000000 ____D C:\Program Files (x86)\saverabOx
    2015-06-20 16:53 - 2015-06-20 17:38 - 00000000 ____D C:\Program Files (x86)\JavaScript Popup Blocker
    2015-06-13 03:11 - 2015-06-13 03:42 - 00763984 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (36).exe
    2015-06-13 03:10 - 2015-06-13 03:30 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (35).exe
    2015-06-13 03:09 - 2015-06-13 03:20 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (33).exe
    2015-06-13 03:09 - 2015-06-13 03:19 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (34).exe
    2015-06-13 03:03 - 2015-06-13 03:17 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (31).exe
    2015-06-13 03:03 - 2015-06-13 03:13 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (32).exe
    2015-06-13 02:56 - 2015-06-13 02:56 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (30).exe
    2015-06-13 02:55 - 2015-06-13 02:55 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (29).exe
    2015-06-13 02:35 - 2015-06-13 02:37 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (28).exe
    2015-06-13 02:33 - 2015-06-13 02:33 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (27).exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-07-11 16:24 - 2014-11-15 20:12 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA.job
    2015-07-11 16:21 - 2011-08-08 22:41 - 01278983 _____ C:\Windows\WindowsUpdate.log
    2015-07-11 16:18 - 2012-09-10 13:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-07-11 16:18 - 2008-10-23 05:54 - 00003580 _____ C:\Windows\System32\Tasks\HP Health Check
    2015-07-11 16:14 - 2014-11-21 21:35 - 00000414 _____ C:\Windows\Tasks\Quick PC Booster64 startups.job
    2015-07-11 16:14 - 2014-09-23 16:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-07-11 16:14 - 2013-12-08 15:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b.job
    2015-07-11 16:14 - 2013-08-11 15:29 - 04084900 _____ C:\Windows\PFRO.log
    2015-07-11 16:14 - 2011-12-22 01:42 - 00065536 _____ C:\Windows\system32\Ikeext.etl
    2015-07-11 16:14 - 2011-10-15 20:30 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-07-11 16:14 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-07-11 16:14 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-07-11 16:14 - 2006-11-02 11:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-07-11 16:14 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\security
    2015-07-11 07:43 - 2008-10-23 03:45 - 00000012 _____ C:\Windows\bthservsdp.dat
    2015-07-11 07:43 - 2006-11-02 11:42 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-07-11 07:37 - 2013-01-24 17:42 - 00000000 ____D C:\Users\Public\GameNutt
    2015-07-11 03:00 - 2012-05-04 11:50 - 00002313 _____ C:\Windows\epplauncher.mif
    2015-07-10 21:50 - 2014-09-23 16:56 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-07-10 21:37 - 2014-09-23 16:54 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-07-10 21:37 - 2014-09-23 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-07-10 20:48 - 2014-12-02 08:06 - 00000000 ____D C:\AdwCleaner
    2015-07-10 20:48 - 2012-07-28 18:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-07-10 20:45 - 2014-11-15 20:12 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core.job
    2015-07-10 17:27 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\Help
    2015-07-10 14:34 - 2015-04-18 12:47 - 00000000 ____D C:\Program Files (x86)\Tab Hibernation
    2015-07-10 14:34 - 2015-01-06 02:55 - 00000000 ____D C:\Program Files (x86)\ce88c4aa-b86a-4c1e-bb45-d6da615fde68
    2015-07-10 14:34 - 2014-11-11 01:11 - 00000000 ____D C:\Program Files (x86)\360a619a-0cf8-4762-bee6-45c5335152cc
    2015-07-10 14:22 - 2015-04-06 00:06 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    2015-07-09 22:53 - 2014-12-02 01:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-07-09 20:24 - 2014-12-03 08:40 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-07-09 19:34 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\tracing
    2015-07-09 19:15 - 2014-12-03 08:40 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-07-09 19:13 - 2006-11-02 08:46 - 00005086 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-07-07 23:23 - 2015-05-05 03:18 - 00000000 ____D C:\Users\MITCH\AppData\Local\CrashDumps
    2015-07-07 23:15 - 2012-10-08 16:39 - 00000000 ____D C:\Windows\Minidump
    2015-07-07 08:31 - 2011-09-27 01:39 - 00000934 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-07-07 08:30 - 2011-09-27 01:38 - 00000915 _____ C:\Users\MITCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
    2015-07-07 03:12 - 2014-01-11 07:47 - 00000000 ____D C:\Windows\pss
    2015-07-06 19:48 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\rescache
    2015-07-05 02:01 - 2008-10-23 05:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-07-05 01:54 - 2008-10-23 05:11 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-07-05 01:11 - 2014-12-07 19:21 - 00116019 _____ C:\Windows\system32\ScanResults.xml
    2015-07-05 01:06 - 2011-08-19 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-07-05 00:42 - 2014-11-11 21:56 - 00000188 _____ C:\Users\MITCH\AppData\Roaming\WB.CFG
    2015-07-05 00:35 - 2014-12-07 19:12 - 00000464 _____ C:\Windows\system32\ScannerSettings
    2015-07-03 21:08 - 2006-11-02 08:33 - 77594624 _____ C:\Windows\system32\config\software_previous
    2015-07-03 21:07 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\spool
    2015-07-03 21:07 - 2006-11-02 09:34 - 00000000 ____D C:\Windows\system32\Msdtc
    2015-07-03 21:07 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\registration
    2015-07-03 21:07 - 2006-11-02 08:33 - 22544384 _____ C:\Windows\system32\config\system_previous
    2015-07-03 21:02 - 2006-11-02 08:33 - 66322432 _____ C:\Windows\system32\config\components_previous
    2015-07-03 21:01 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
    2015-07-03 17:09 - 2011-08-09 07:14 - 00000000 ____D C:\Users\MITCH
    2015-07-03 16:20 - 2006-11-02 08:33 - 00524288 _____ C:\Windows\system32\config\default_previous
    2015-07-03 16:20 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\security_previous
    2015-06-27 22:30 - 2006-11-02 11:21 - 00317688 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-06-27 22:09 - 2013-11-20 01:25 - 00000000 ____D C:\Windows\system32\MRT
    2015-06-26 17:03 - 2014-12-26 00:40 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2015-06-25 20:21 - 2012-09-10 13:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-06-25 20:21 - 2012-09-10 13:33 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-06-25 20:21 - 2011-08-14 13:06 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-06-22 22:32 - 2015-01-25 22:35 - 00000000 ____D C:\Program Files (x86)\Strong Password Generator
    2015-06-21 00:09 - 2006-11-02 09:33 - 00000000 __RSD C:\Windows\Media
    2015-06-19 23:45 - 2013-05-12 21:04 - 00000000 ____D C:\temp
    2015-06-18 08:41 - 2014-09-23 16:51 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-06-18 08:41 - 2014-09-23 16:51 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-06-18 08:41 - 2013-01-03 10:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

    ==================== Files in the root of some directories =======

    2014-09-01 04:18 - 2014-09-01 04:18 - 0002086 _____ () C:\Users\MITCH\AppData\Roaming\QV
    2011-09-04 18:51 - 2011-09-04 18:51 - 0029216 _____ () C:\Users\MITCH\AppData\Roaming\UserTile.png
    2014-11-11 21:56 - 2015-07-05 00:42 - 0000188 _____ () C:\Users\MITCH\AppData\Roaming\WB.CFG
    2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\AtStart.txt
    2015-06-24 18:46 - 2015-06-24 18:46 - 0000680 _____ () C:\Users\MITCH\AppData\Local\d3d9caps.dat
    2011-08-09 07:45 - 2014-01-11 18:49 - 0007680 _____ () C:\Users\MITCH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\DSwitch.txt
    2015-05-05 03:15 - 2015-05-05 03:15 - 0000000 _____ () C:\Users\MITCH\AppData\Local\QSwitch.txt
    2015-07-07 17:59 - 2015-07-07 17:59 - 0000000 _____ () C:\Users\MITCH\AppData\Local\Temp.dat
    2014-01-27 03:19 - 2014-01-28 16:45 - 0002763 _____ () C:\ProgramData\connector.swf
    2011-08-08 23:17 - 2011-08-08 23:17 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2008-10-23 05:36 - 2008-10-23 05:37 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2011-08-08 23:16 - 2011-08-08 23:16 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2008-10-23 05:24 - 2008-10-23 05:27 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2011-08-08 23:14 - 2011-08-08 23:14 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2011-08-08 23:16 - 2011-08-08 23:16 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    2008-10-23 05:22 - 2008-10-23 05:24 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2008-10-23 05:27 - 2008-10-23 05:36 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    2011-08-08 23:17 - 2011-08-08 23:17 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    Files to move or delete:
    ====================
    C:\Users\Public\AlexaNSISPlugin.8428.dll


    Some files in TEMP:
    ====================
    C:\Users\MITCH\AppData\Local\Temp\2cedfc8d-10f8-498f-8e56-6c2bc70b001e.exe
    C:\Users\MITCH\AppData\Local\Temp\ASPackage.exe
    C:\Users\MITCH\AppData\Local\Temp\CloudBackup1299.exe
    C:\Users\MITCH\AppData\Local\Temp\CloudBackup4488.exe
    C:\Users\MITCH\AppData\Local\Temp\component_634-1C80.exe
    C:\Users\MITCH\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\MITCH\AppData\Local\Temp\eFixProPackage.exe
    C:\Users\MITCH\AppData\Local\Temp\jre-8u25-windows-au.exe
    C:\Users\MITCH\AppData\Local\Temp\ms.exe
    C:\Users\MITCH\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\MITCH\AppData\Local\Temp\optprosetup.exe
    C:\Users\MITCH\AppData\Local\Temp\Quarantine.exe
    C:\Users\MITCH\AppData\Local\Temp\ReimagePackage.exe
    C:\Users\MITCH\AppData\Local\Temp\ReiScanner.exe
    C:\Users\MITCH\AppData\Local\Temp\ReiSysUpdate.exe
    C:\Users\MITCH\AppData\Local\Temp\sdf2092.exe
    C:\Users\MITCH\AppData\Local\Temp\sdf33E3.exe
    C:\Users\MITCH\AppData\Local\Temp\sdf4578.exe
    C:\Users\MITCH\AppData\Local\Temp\sdfF834.exe
    C:\Users\MITCH\AppData\Local\Temp\setacl.exe
    C:\Users\MITCH\AppData\Local\Temp\Setup0988111.exe
    C:\Users\MITCH\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    C:\Users\MITCH\AppData\Local\Temp\sqlite3.dll
    C:\Users\MITCH\AppData\Local\Temp\sqlite3.exe
    C:\Users\MITCH\AppData\Local\Temp\updater_uninstall.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-07-11 16:20

    ==================== End of log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-07-2015
    Ran by MITCH at 2015-07-11 17:03:08
    Running from C:\Users\MITCH\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-499354876-3266562091-500007027-500 - Administrator - Disabled)
    Guest (S-1-5-21-499354876-3266562091-500007027-501 - Limited - Disabled)
    MITCH (S-1-5-21-499354876-3266562091-500007027-1000 - Administrator - Enabled) => C:\Users\MITCH

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
    ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2 - Hewlett-Packard) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player 10 ActiveX) (Version: 10.0.2.13 - Adobe Systems Incorporated)
    Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
    Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - LSI Corporation)
    AMD USB Audio Driver Filter (HKLM-x32\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
    Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
    ATI Catalyst Install Manager (HKLM\...\{7510991E-FE80-7466-2E31-561B52059618}) (Version: 3.0.691.0 - ATI Technologies, Inc.)
    Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cache utility (HKU\.DEFAULT\...\Cache utility) (Version: 1 - Cache utility)
    ccc-core-static (x32 Version: 2008.0917.337.4556 - ATI) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2126 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Display settings (HKU\.DEFAULT\...\Display settings) (Version: 1 - Display settings)
    ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    Hoyle Magic Carpet (x32 Version: 3.0.2.32 - WildTangent) Hidden
    HP Customer Experience Enhancements (HKLM-x32\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)
    HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
    HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.0.0 - Hewlett-Packard Company)
    HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2125 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}) (Version: 2.0.8 - Hewlett-Packard)
    HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.0926 - Hewlett-Packard)
    HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.9.1 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
    HP User Guides 0129 (HKLM-x32\...\{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}) (Version: 1.00.0000 - Hewlett-Packard)
    HP Wireless Assistant (HKLM-x32\...\{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}) (Version: 3.00 K2 - Hewlett-Packard)
    HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
    HPTCSSetup (HKLM-x32\...\{30D3B7BC-5798-45D9-822D-05CA18F39E99}) (Version: 1.1.1955.2793 - Hewlett-Packard Company)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6087.0 - IDT)
    Instant Wireless USB Adapter (HKLM-x32\...\{B78823CD-488F-43B4-80D6-FAEADAE40EC4}) (Version:  - )
    Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    JMicron JMB38X Flash Media Controller (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.17.07 - JMicron Technology Corp.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0919 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.0919 - CyberLink Corp.) Hidden
    Luxor 2 HD (x32 Version: 3.0.2.38 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Monopoly® (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    muvee Reveal (HKLM-x32\...\{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}) (Version: 7.0.35.6951 - muvee Technologies Pte Ltd)
    My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2119 - CyberLink Corp.)
    Power2Go (x32 Version: 6.0.2119 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2119 - CyberLink Corp.)
    PowerDirector (x32 Version: 7.0.2119 - CyberLink Corp.) Hidden
    ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
    QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
    Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1D00}) (Version: 12.29.0.197 - APN, LLC) <==== ATTENTION
    Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
    Skins (x32 Version: 2008.0917.337.4556 - ATI) Hidden
    SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
    System Update (HKLM-x32\...\System Update) (Version: 1 - Network Downloads)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
    Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-499354876-3266562091-500007027-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\MITCH\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    10-07-2015 13:58:20 Installed HiJackThis
    11-07-2015 03:00:20 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 08:34 - 2014-12-02 08:34 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1    localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {011BC47C-CD3D-4075-BC44-E654FC9CB337} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-25] (Adobe Systems Incorporated)
    Task: {0DD27251-64E2-4650-9D4A-C3ADF7018863} - \Bidaily Synchronize Task[8da6] No Task File <==== ATTENTION
    Task: {1561D7EC-89A8-4FBE-AD83-D692307716D9} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION
    Task: {2F92FA4C-3E2A-463E-A873-A4263673B066} - System32\Tasks\SPD\Updater\SPDUpdater => C:\Program Files (x86)\SPDUpdater\updater.exe
    Task: {3534170A-F599-4C07-9A09-91E068AC4146} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5 No Task File <==== ATTENTION
    Task: {358A5B96-24A7-40C9-ACA0-01E66672CC53} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-3 No Task File <==== ATTENTION
    Task: {47FADA48-E1F7-4394-AC82-87D3855E38DF} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-4 No Task File <==== ATTENTION
    Task: {4F056A86-4ECC-46A0-AD5F-E0A1FCE648AB} - System32\Tasks\Norton Security Scan for MITCH => C:\PROGRA~1\NORTON~2\Engine\410~1.31\Nss.exe
    Task: {51C251A7-C5BB-47A5-BD9C-C6E087DA7AD9} - System32\Tasks\User_Feed_Synchronization-{3B747F91-B0D3-4654-9E4B-A4C40BA27FB7}
    Task: {54A904D6-5A97-4A13-BEE9-07810288425F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
    Task: {550197BE-9449-406E-A87E-B4A5D0C5A7E9} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user No Task File <==== ATTENTION
    Task: {5C33F235-D5D5-466A-98C1-ABB2D0D4AD0A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {606604CF-21B5-4097-938E-59ED41B41D34} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5_user No Task File <==== ATTENTION
    Task: {6D6FEC66-1079-4D1C-B170-52A2AFE4832E} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-1 No Task File <==== ATTENTION
    Task: {6D773EDA-08EB-4551-8393-1331CDA6AECA} - System32\Tasks\PresentationSettingsTurnOff_MITCH-PC_MITCH => C:\Windows\system32\PresentationSettings.exe [2009-04-11] (Microsoft Corporation)
    Task: {72DB8461-CBB1-4A87-B856-F19587FED056} - System32\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {74316EC4-62D8-4E24-A976-9EB79DCF5DF5} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5 No Task File <==== ATTENTION
    Task: {78B9017C-6763-46A7-BE4A-27DAE3BDE864} - \LyricXeeker Update No Task File <==== ATTENTION
    Task: {7A558424-DC0E-41CF-8906-0DE8B23AFE4D} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-10_user No Task File <==== ATTENTION
    Task: {86AF4274-9E1B-479E-AE76-096AC9D1ABAA} - \CIMT_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
    Task: {92B3EC2B-547D-4BCA-81D8-432B3EDC48EA} - \WSE_Vosteran No Task File <==== ATTENTION
    Task: {963FF965-5E0E-4CDF-A672-A2259FD12654} - \CIMT_daily_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
    Task: {9955E6D2-E9F2-4CF8-A32E-4584825313F2} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user No Task File <==== ATTENTION
    Task: {9F04B29F-E2C8-463B-A4AC-E05C1D17E1D2} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-6 No Task File <==== ATTENTION
    Task: {9F3A227D-0B84-4572-90B9-7493B3C9E26C} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
    Task: {ADA036F4-E5E7-4468-83AB-B64A1DC2A6E0} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-11 No Task File <==== ATTENTION
    Task: {C1798675-C18C-404F-90F5-7B354082CBE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
    Task: {C3104997-0446-4339-8E33-EDFB711CDE8B} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2 No Task File <==== ATTENTION
    Task: {C4E5BC74-40CC-46DD-9B1B-C9DFF5AF7E28} - \avaxvavya No Task File <==== ATTENTION
    Task: {CB2DFFB6-695A-4CA6-9C22-E23E6A0EF409} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
    Task: {CB3E08E5-2739-4261-95CF-12FD75F1F6DA} - \Wse_binkiland No Task File <==== ATTENTION
    Task: {D027A209-468A-407D-A28B-C48FC816D4F2} - \ConsumerInputUpdateTaskMachineCore No Task File <==== ATTENTION
    Task: {DB62B7FB-D370-4087-8D7E-7B9D5BC9D85F} - System32\Tasks\HPCeeScheduleForMITCH => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-19] (Hewlett-Packard)
    Task: {DC375676-FE95-45E1-865D-18DC07723629} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-7 No Task File <==== ATTENTION
    Task: {E254E739-0480-4F7D-B40D-41E2195AF220} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
    Task: {F27A700D-2399-4465-8225-F76ACCEAD52F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate
    Task: {F4A14272-E385-446D-84AC-898751525AEB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
    Task: {FF7FD197-8DA0-4E29-9261-EF614DAB4123} - \Run_Bobby_Browser No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef44b1d87952b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000Core.job => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499354876-3266562091-500007027-1000UA.job => C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForMITCH.job => C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
    Task: C:\Windows\Tasks\Norton Security Scan for MITCH.job => C:\PROGRA~1\NORTON~2\Engine\410~1.31\Nss.exe
    Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2008-09-17 00:16 - 2008-09-17 00:16 - 00117248 _____ () C:\Windows\system32\atitmm64.dll
    2008-10-23 05:48 - 2008-10-06 12:54 - 00365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe
    2008-10-23 05:36 - 2008-06-29 19:10 - 00241734 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2011-08-08 22:52 - 2011-08-08 22:52 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
    2008-08-22 13:03 - 2008-08-22 13:03 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2009-07-01 15:44 - 2009-07-01 15:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    2008-10-23 05:48 - 2008-10-06 12:54 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll
    2008-10-23 05:36 - 2008-06-29 19:10 - 00028672 _____ () C:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll
    2008-09-25 21:42 - 2008-09-25 21:42 - 00881960 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows\system32\Drivers\zuuqjjlq.sys:changelist
    AlternateDataStreams: C:\ProgramData\Temp:D346F792

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-499354876-3266562091-500007027-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MITCH\AppData\Local\Microsoft\BingDesktop\themes\2014-02-12.jpg
    DNS Servers: 208.67.222.222 - 208.67.220.220

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: BackupStack => 2
    MSCONFIG\Services: GamingWonderlandService => 2
    MSCONFIG\Services: InternetUpdater => 2
    MSCONFIG\Services: PCKeeper2Service => 2
    MSCONFIG\Services: PCKeeperOcfService => 2
    MSCONFIG\Services: RecipeHub_2jService => 2
    MSCONFIG\Services: Retrogamer_4wService => 2
    MSCONFIG\Services: vToolbarUpdater17.3.0 => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk => C:\Windows\pss\Start GeekBuddy.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^crossbrowse.lnk => C:\Windows\pss\crossbrowse.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Lightning.lnk => C:\Windows\pss\Desktop Lightning.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Temperature Monitor.lnk => C:\Windows\pss\Desktop Temperature Monitor.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^MITCH^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StormWatch.lnk => C:\Windows\pss\StormWatch.lnk.Startup
    MSCONFIG\startupreg: 3D BubbleSound => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
    MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
    MSCONFIG\startupreg: BoBrowser => "C:\Users\MITCH\AppData\Local\BoBrowser\Application\bobrowser.exe" --no-proxy-server
    MSCONFIG\startupreg: Boost => C:\Program Files (x86)\Boost\Boost.exe
    MSCONFIG\startupreg: cdloader => "C:\Users\MITCH\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
    MSCONFIG\startupreg: Gameo => C:\Users\MITCH\AppData\Roaming\Gameo\gameo.exe "C:\Users\MITCH\AppData\Roaming\Gameo\gameo.dat" mode:minimized
    MSCONFIG\startupreg: GamingWonderland Browser Plugin Loader => C:\PROGRA~1\GAMING~2\bar\2.bin\gtbrmon.exe
    MSCONFIG\startupreg: GamingWonderland EPM Support => "C:\PROGRA~1\GAMING~2\bar\3.bin\gtmedint.exe" T8EPMSUP.DLL,S
    MSCONFIG\startupreg: GamingWonderland Home Page Guard 64 bit => "C:\PROGRA~1\GAMING~2\bar\2.bin\AppIntegrator64.exe"
    MSCONFIG\startupreg: GamingWonderland Search Scope Monitor => "C:\PROGRA~1\GAMING~2\bar\2.bin\gtsrchmn.exe" /m=2 /w /h
    MSCONFIG\startupreg: GardeningEnthusiast EPM Support => "C:\PROGRA~1\GARDEN~2\bar\1.bin\7jmedint.exe" T8EPMSUP.DLL,S
    MSCONFIG\startupreg: GardeningEnthusiast Home Page Guard 64 bit => "C:\PROGRA~1\GARDEN~2\bar\1.bin\AppIntegrator64.exe"
    MSCONFIG\startupreg: GardeningEnthusiast Search Scope Monitor => "C:\PROGRA~1\GARDEN~2\bar\1.bin\7jsrchmn.exe" /m=2 /w /h
    MSCONFIG\startupreg: GardeningEnthusiast_7j Browser Plugin Loader => C:\PROGRA~1\GARDEN~2\bar\1.bin\7jbrmon.exe
    MSCONFIG\startupreg: GenieoSystemTray => "C:\Users\MITCH\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe"
    MSCONFIG\startupreg: GenieoUpdaterService => "C:\Users\MITCH\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5
    MSCONFIG\startupreg: Google Update => "C:\Users\MITCH\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: GoogleChromeAutoLaunch_1966301AF37C65D1ED1179E7CBD99E72 => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
    MSCONFIG\startupreg: HowToSimplified EPM Support => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\8emedint.exe" T8EPMSUP.DLL,S
    MSCONFIG\startupreg: HowToSimplified Home Page Guard 64 bit => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\AppIntegrator64.exe"
    MSCONFIG\startupreg: HowToSimplified Search Scope Monitor => "C:\PROGRA~1\HOWTOS~2\bar\1.bin\8esrchmn.exe" /m=2 /w /h
    MSCONFIG\startupreg: HowToSimplified_8e Browser Plugin Loader => C:\PROGRA~1\HOWTOS~2\bar\1.bin\8ebrmon.exe
    MSCONFIG\startupreg: InboxToolbar => "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
    MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro 3.20\OptProLauncher.exe
    MSCONFIG\startupreg: PackageTracer AppIntegrator 32-bit => C:\PROGRA~1\PACKAG~2\bar\1.bin\AppIntegrator.exe
    MSCONFIG\startupreg: PackageTracer AppIntegrator 64-bit => C:\PROGRA~1\PACKAG~2\bar\1.bin\AppIntegrator64.exe
    MSCONFIG\startupreg: PackageTracer EPM Support => "C:\PROGRA~1\PACKAG~2\bar\1.bin\69medint.exe" T8EPMSUP.DLL,S
    MSCONFIG\startupreg: PackageTracer Search Scope Monitor => "C:\PROGRA~1\PACKAG~2\bar\1.bin\69srchmn.exe" /m=2 /w /h
    MSCONFIG\startupreg: PC Cleaners => "C:\Program Files (x86)\PC Cleaners\PCCleaners.exe" /minimize
    MSCONFIG\startupreg: PC Health Kit => C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe
    MSCONFIG\startupreg: PCFixSpeed => "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup
    MSCONFIG\startupreg: PCKeeper2 => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
    MSCONFIG\startupreg: PCTechHotline => "C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe" /STARTUP
    MSCONFIG\startupreg: Recipe Hub Home Page Guard 64 bit => "C:\PROGRA~1\RECIPE~2\bar\2.bin\AppIntegrator64.exe"
    MSCONFIG\startupreg: Recipe Hub Search Scope Monitor => "C:\PROGRA~1\RECIPE~2\bar\2.bin\2jsrchmn.exe" /m=2 /w /h
    MSCONFIG\startupreg: RecipeHub_2j Browser Plugin Loader => C:\PROGRA~1\RECIPE~2\bar\2.bin\2jbrmon.exe
    MSCONFIG\startupreg: Retrogamer Search Scope Monitor => "C:\PROGRA~1\RETROG~2\bar\2.bin\4wsrchmn.exe" /m=2 /w /h
    MSCONFIG\startupreg: Retrogamer_4w Browser Plugin Loader => C:\PROGRA~1\RETROG~2\bar\2.bin\4wbrmon.exe
    MSCONFIG\startupreg: Salus CrashMon => "C:\Program Files (x86)\f552dd4c52e3\a7d12b5975b4.exe" "b786bdb3c67d.exe" "http://log.data-url.com/salus/crash"
    MSCONFIG\startupreg: Search Protection => "C:\Users\MITCH\AppData\Roaming\Search Protection\SP.EXE" /autostart
    MSCONFIG\startupreg: SearchProtect => C:\Users\MITCH\AppData\Roaming\SearchProtect\bin\cltmng.exe
    MSCONFIG\startupreg: SearchProtectAll => "C:\Program Files (x86)\SearchProtect\bin\cltmng.exe"
    MSCONFIG\startupreg: SelectRebates => "C:\Program Files (x86)\SelectRebates\SelectRebates.exe"
    MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\MITCH\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
    MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\MITCH\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    MSCONFIG\startupreg: shopperz => C:\Program Files\shopperz\wrex.exe
    MSCONFIG\startupreg: shopperz64 => C:\Program Files\shopperz\wrex64.exe
    MSCONFIG\startupreg: SpywareClearShield => "C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe"
    MSCONFIG\startupreg: SpywareClearUpdater => "C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe"
    MSCONFIG\startupreg: StormWatch => "C:\Program Files (x86)\StormWatch\StormWatchApp.exe"
    MSCONFIG\startupreg: Super Optimizer => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe
    MSCONFIG\startupreg: TSMAgent => "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
    MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
    MSCONFIG\startupreg: UpdateLBPShortCut => "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    MSCONFIG\startupreg: UpdatePDIRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    MSCONFIG\startupreg: WebBar => C:\Users\MITCH\AppData\Local\WebBar\2.0.5343.21616\wb.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{2D720E0B-FB17-4C8A-9F86-B55938CFA8A9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
    FirewallRules: [{2EE9D486-776E-4A38-BC02-BD5F65BD28BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
    FirewallRules: [{8900904A-1EE6-4C87-96CB-7D86BA6CF64C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
    FirewallRules: [{E8290F9D-7197-4FCE-88B6-80063D832BC5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
    FirewallRules: [{C7963FE5-36CE-4FFA-8459-0F879C4A0E7B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
    FirewallRules: [{A107B0DE-B6D8-4607-9F2E-7665B44C7B33}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
    FirewallRules: [{D4905A67-ED93-4AF3-A217-99D2C0F551A0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
    FirewallRules: [{E66EA628-13EB-4B6B-BFFC-5A9E5C1E10F4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
    FirewallRules: [{6FE01D9B-EB0F-4788-8DCC-EC59AF93C650}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
    FirewallRules: [{B19F4E26-A53A-46E2-B47B-6E93B76D4D24}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
    FirewallRules: [{8C2326A8-FEBD-456F-9CC0-0A8B70DDE8D7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    FirewallRules: [{9D4CA0E9-1209-4B35-B8A9-CEF5A320674E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    FirewallRules: [{37948C4D-AFDB-4E8B-8FDE-E113AD9A1A5F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QP.exe
    FirewallRules: [{D231B7E7-FA3B-4432-BF83-D93D9F897BD9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\TV\QPService.exe
    FirewallRules: [{5CD0FD8E-FC7E-4F04-850C-E6D8C86FB0F2}] => (Allow) LPort=80
    FirewallRules: [{A9B3E1B3-D13A-4871-A0CE-F75D2638C6AA}] => (Allow) LPort=80
    FirewallRules: [{0077EA1C-8965-4DA9-8255-7701AC4063E1}] => (Allow) LPort=80
    FirewallRules: [TCP Query User{DA0631B7-7E96-4808-B2D5-9F0641460FC4}C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe
    FirewallRules: [UDP Query User{00448820-4586-4DBA-B7AC-EE49FE0A898D}C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\mitch\appdata\roaming\mjusbsp\magicjack.exe
    FirewallRules: [TCP Query User{B7F8A776-007E-4C64-A28F-550E9D4602C5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{875B22E8-B606-4C64-98EB-E19F3D004A9B}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [{1FFC6C13-530F-4C20-B161-D609D94DC4FC}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
    FirewallRules: [{BCD33088-CBC3-4791-B171-23CA234BE409}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
    FirewallRules: [{8046D6BC-6A93-4EF2-9C67-31E758EB034D}] => (Allow) C:\Users\MITCH\AppData\Local\Temp\ibtmp3f6c444\component_514
    FirewallRules: [{FD29D261-A29C-409E-B37A-5AAED6162D36}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe
    FirewallRules: [{2DE2CBC0-830F-4902-836A-3786D03873DE}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
    FirewallRules: [{0FF8F62A-3271-4F1C-AC53-5665DFAAA8FA}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
    FirewallRules: [TCP Query User{6BBFA39E-AD5C-4406-95F3-446C4716EE75}C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
    FirewallRules: [UDP Query User{977C99A4-24D8-4D66-B45C-71F685BFABFD}C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
    FirewallRules: [TCP Query User{C6117AF1-7B22-46EA-BF08-2ADE597FFE9C}C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
    FirewallRules: [UDP Query User{0540A14D-E985-4766-9D4F-E6C68B7D3461}C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\mitch\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
    FirewallRules: [{33580EE5-CAD7-4CE9-992C-FC393CCEAC16}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{908B6D24-BD5A-42E3-B776-2551860859DB}] => (Allow) LPort=2869
    FirewallRules: [{C1520C1F-25AC-459D-87AF-F696CC7BCCBD}] => (Allow) LPort=1900
    FirewallRules: [{87EAD9F9-E3BB-4B21-8AAF-D7BB98002636}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{893C92B2-7F86-43D0-AE3E-6533E7347F0D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [TCP Query User{345584AC-AFCD-43A8-BBAF-184C821686DE}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe
    FirewallRules: [UDP Query User{387DBBA5-ACF8-44B3-90E8-C2579A546F02}C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.6.0_07\bin\javaw.exe
    FirewallRules: [TCP Query User{B396CADD-5AFD-418A-B83C-B0056A1D7CF3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
    FirewallRules: [UDP Query User{6C81C147-C618-4E57-8EC9-A39482E6A5CE}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
    FirewallRules: [TCP Query User{03BEA1CC-4967-4248-B683-821220DC922B}C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe
    FirewallRules: [UDP Query User{912186A5-B513-4198-8FE6-A1A35E7809C6}C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_20\bin\javaw.exe
    FirewallRules: [{0659870B-2E91-458D-9905-0CA47E7AF388}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft 6to4 Adapter #2
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: 6TO4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Could not start eventlog service, could not read events.

    The Windows Event Log service is starting.
    The Windows Event Log service could not be started.

    A system error has occurred.

    More help is available by typing NET HELPMSG 4201.


    ==================== Memory info ===========================

    Processor: AMD Turion™ X2 Dual-Core Mobile RM-74
    Percentage of memory in use: 38%
    Total physical RAM: 3836.89 MB
    Available physical RAM: 2367.52 MB
    Total Virtual: 7860.3 MB
    Available Virtual: 6236.49 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:285.18 GB) (Free:213.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:12.9 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: 89900F6B)
    Partition 1: (Active) - (Size=285.2 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=12.9 GB) - (Type=07 NTFS)

    ==================== End of log ============================



    #13 ken545

    ken545

      Forum God

    • Retired Classroom Teacher
    • 23,225 posts
    • Interests:Fighting Malware and cooking some great Italian and TexMex food
    • MVP

    Posted 11 July 2015 - 05:37 PM

    Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.
    Please copy the entire contents Inside of the code box below beginning with START and ending with END
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Name the file Fixlist, Save it to your desktop where you have FRST/FRST64 or the fix wont work, . Then open up FRST/FRST64 and click on FIX (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please
     
    Start
    CloseProcesses:
    CreateRestorePoint:
    HKLM-x32\...\Run: [] => [X]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
    SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
    SearchScopes: HKLM -> {934BCD49-C81A-4ED0-86DF-56EE1B6DA341} URL = http://search.live.c...ms}&FORM=HPNTDF
    SearchScopes: HKLM -> {a3e1d674-04ee-4c9e-b143-442555830fb7} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-499354876-3266562091-500007027-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    FF DefaultSearchEngine: Binkiland
    FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\MGKN37049485@ACPSC11936960.com [not found]
    FF Extension: No Name - C:\Users\MITCH\AppData\Roaming\Mozilla\Firefox\Profiles\sbpv9us6.default\extensions\vriyjhvpjcaii@wkthnvmbgqrmsmmjo.net [not found]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\generic_search.xml [2014-11-13]
    CHR HKLM\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
    CHR HKU\S-1-5-21-499354876-3266562091-500007027-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
    CHR HKLM-x32\...\Chrome\Extension: [Äÿ] - No Path Or update_url value
    2015-06-24 17:11 - 2015-06-24 17:11 - 02808824 _____ (tuneuppro.com ) C:\Users\MITCH\Downloads\setup (5).exe
    2015-06-22 23:35 - 2015-06-22 23:35 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\Unconfirmed 680101.crdownload
    2015-06-22 23:20 - 2015-06-22 23:20 - 00772016 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (37).exe
    2015-06-20 17:01 - 2015-06-20 17:01 - 00000000 ____D C:\Program Files (x86)\saVeerabbOOx
    2015-06-20 16:57 - 2015-06-20 17:04 - 00000000 ____D C:\Program Files (x86)\saverabOx
    2015-06-13 03:11 - 2015-06-13 03:42 - 00763984 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (36).exe
    2015-06-13 03:10 - 2015-06-13 03:30 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (35).exe
    2015-06-13 03:09 - 2015-06-13 03:20 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (33).exe
    2015-06-13 03:09 - 2015-06-13 03:19 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (34).exe
    2015-06-13 03:03 - 2015-06-13 03:17 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (31).exe
    2015-06-13 03:03 - 2015-06-13 03:13 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (32).exe
    2015-06-13 02:56 - 2015-06-13 02:56 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (30).exe
    2015-06-13 02:55 - 2015-06-13 02:55 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (29).exe
    2015-06-13 02:35 - 2015-06-13 02:37 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (28).exe
    2015-06-13 02:33 - 2015-06-13 02:33 - 00768512 _____ (Reimage®) C:\Users\MITCH\Downloads\ReimageRepair (27).exe
    2015-07-11 16:14 - 2014-11-21 21:35 - 00000414 _____ C:\Windows\Tasks\Quick PC Booster64 startups.job
    C:\Users\MITCH\AppData\Local\Temp\2cedfc8d-10f8-498f-8e56-6c2bc70b001e.exe
    C:\Users\MITCH\AppData\Local\Temp\ASPackage.exe
    C:\Users\MITCH\AppData\Local\Temp\CloudBackup1299.exe
    C:\Users\MITCH\AppData\Local\Temp\CloudBackup4488.exe
    C:\Users\MITCH\AppData\Local\Temp\component_634-1C80.exe
    C:\Users\MITCH\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\MITCH\AppData\Local\Temp\eFixProPackage.exe
    C:\Users\MITCH\AppData\Local\Temp\jre-8u25-windows-au.exe
    C:\Users\MITCH\AppData\Local\Temp\ms.exe
    C:\Users\MITCH\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\MITCH\AppData\Local\Temp\optprosetup.exe
    C:\Users\MITCH\AppData\Local\Temp\Quarantine.exe
    C:\Users\MITCH\AppData\Local\Temp\ReimagePackage.exe
    C:\Users\MITCH\AppData\Local\Temp\ReiScanner.exe
    C:\Users\MITCH\AppData\Local\Temp\ReiSysUpdate.exe
    C:\Users\MITCH\AppData\Local\Temp\sdf2092.exe
    C:\Users\MITCH\AppData\Local\Temp\sdf33E3.exe
    C:\Users\MITCH\AppData\Local\Temp\sdf4578.exe
    C:\Users\MITCH\AppData\Local\Temp\sdfF834.exe
    C:\Users\MITCH\AppData\Local\Temp\setacl.exe
    C:\Users\MITCH\AppData\Local\Temp\Setup0988111.exe
    C:\Users\MITCH\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    C:\Users\MITCH\AppData\Local\Temp\sqlite3.dll
    C:\Users\MITCH\AppData\Local\Temp\sqlite3.exe
    C:\Users\MITCH\AppData\Local\Temp\updater_uninstall.exe
    Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1D00}) (Version: 12.29.0.197 - APN, LLC) <==== ATTENTION
    Task: {0DD27251-64E2-4650-9D4A-C3ADF7018863} - \Bidaily Synchronize Task[8da6] No Task File <==== ATTENTION
    Task: {1561D7EC-89A8-4FBE-AD83-D692307716D9} - \ConsumerInputUpdateTaskMachineUA No Task File <==== ATTENTION
    Task: {2F92FA4C-3E2A-463E-A873-A4263673B066} - System32\Tasks\SPD\Updater\SPDUpdater => C:\Program Files (x86)\SPDUpdater\updater.exe
    Task: {3534170A-F599-4C07-9A09-91E068AC4146} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5 No Task File <==== ATTENTION
    Task: {358A5B96-24A7-40C9-ACA0-01E66672CC53} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-3 No Task File <==== ATTENTION
    Task: {47FADA48-E1F7-4394-AC82-87D3855E38DF} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-4 No Task File <==== ATTENTION
    Task: {550197BE-9449-406E-A87E-B4A5D0C5A7E9} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-5_user No Task File <==== ATTENTION
    Task: {606604CF-21B5-4097-938E-59ED41B41D34} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5_user No Task File <==== ATTENTION
    Task: {6D6FEC66-1079-4D1C-B170-52A2AFE4832E} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-1 No Task File <==== ATTENTION
    Task: {74316EC4-62D8-4E24-A976-9EB79DCF5DF5} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-5 No Task File <==== ATTENTION
    Task: {78B9017C-6763-46A7-BE4A-27DAE3BDE864} - \LyricXeeker Update No Task File <==== ATTENTION
    Task: {7A558424-DC0E-41CF-8906-0DE8B23AFE4D} - \0ecf2ffa-7ec3-4baf-9f9e-804a85dd9c8a-10_user No Task File <==== ATTENTION
    Task: {86AF4274-9E1B-479E-AE76-096AC9D1ABAA} - \CIMT_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
    Task: {92B3EC2B-547D-4BCA-81D8-432B3EDC48EA} - \WSE_Vosteran No Task File <==== ATTENTION
    Task: {963FF965-5E0E-4CDF-A672-A2259FD12654} - \CIMT_daily_S-1-5-21-499354876-3266562091-500007027-1000 No Task File <==== ATTENTION
    Task: {9955E6D2-E9F2-4CF8-A32E-4584825313F2} - \a250569a-98c2-4048-95cc-84eb2edcd0f9-10_user No Task File <==== ATTENTION
    Task: {9F04B29F-E2C8-463B-A4AC-E05C1D17E1D2} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-6 No Task File <==== ATTENTION
    Task: {ADA036F4-E5E7-4468-83AB-B64A1DC2A6E0} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-11 No Task File <==== ATTENTION
    Task: {C3104997-0446-4339-8E33-EDFB711CDE8B} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-2 No Task File <==== ATTENTION
    Task: {C4E5BC74-40CC-46DD-9B1B-C9DFF5AF7E28} - \avaxvavya No Task File <==== ATTENTION
    Task: {CB3E08E5-2739-4261-95CF-12FD75F1F6DA} - \Wse_binkiland No Task File <==== ATTENTION
    Task: {D027A209-468A-407D-A28B-C48FC816D4F2} - \ConsumerInputUpdateTaskMachineCore No Task File <==== ATTENTION
    Task: {DC375676-FE95-45E1-865D-18DC07723629} - \e9d689fd-334c-4ca5-92be-ab72eda8d8c6-7 No Task File <==== ATTENTION
    Task: {E254E739-0480-4F7D-B40D-41E2195AF220} - System32\Tasks\Quick PC Booster64 startups => C:\Program Files\Quick PC Booster\StartApps.exe
    Task: {FF7FD197-8DA0-4E29-9261-EF614DAB4123} - \Run_Bobby_Browser No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\Quick PC Booster64 startups.job => C:\Program Files\Quick PC Booster\StartApps.exe
    FirewallRules: [TCP Query User{B7F8A776-007E-4C64-A28F-550E9D4602C5}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [UDP Query User{875B22E8-B606-4C64-98EB-E19F3D004A9B}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
    FirewallRules: [{1FFC6C13-530F-4C20-B161-D609D94DC4FC}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
    FirewallRules: [{BCD33088-CBC3-4791-B171-23CA234BE409}] => (Allow) C:\Users\MITCH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79LSHK86\PCPerformerSetup.exe
    FirewallRules: [{FD29D261-A29C-409E-B37A-5AAED6162D36}] => (Allow) C:\Users\MITCH\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    
     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
     
     
     
    After you run the fix post the FIXLOG, it will be on your desktop after you run the fix
     
     
    After the fix look in Programs and Features in the Control Panel for the Seach App By ASK and uninstall it if you see it
     
     
    You had so much to remove that I may have missed an item or two so after the fix, post the FIXLOG, see if you can uninstall ASK, then open up FRST, checkmark Additions, run a new scan and post both new logs please


     
     
    The forum is staffed by volunteers who donate their time and expertise.
    If you feel you have been helped, please consider a donation.
    donate.gif
     
    Find us on Facebook
    Please LIKE and SHARE
     
     
    Just a reminder that threads will be closed if no reply in 3 days.

    #14 mickey7

    mickey7

      Silver Member

    • Authentic Member
    • PipPipPip
    • 254 posts

    Posted 11 July 2015 - 06:43 PM

    FRST is still running but a message popped up that states:

    "FARBAR Recovery Scan Tool FRST64.exe Corrupt File

    The file or directory C:\Users\MITCH\AppData\Local\Temp\nw5888_27333\

    notificationTemplates is corrupt and unreadable. Please run the Chkdsk utility."



    #15 mickey7

    mickey7

      Silver Member

    • Authentic Member
    • PipPipPip
    • 254 posts

    Posted 11 July 2015 - 07:14 PM

    frst now stopped responding.  Should I end task and try again?


    Related Topics



    1 user(s) are reading this topic

    0 members, 1 guests, 0 anonymous users