[md262]

Hi, having alot of problems with popups and the installation of crossbrowse, anyprotect, etc.  Also, my Google Chrome disappeared.  Appreciate any help.  Here is my OTL log:

 

OTL logfile created on: 6/19/2015 11:48:02 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jklm\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.80 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 26.80% Memory free
15.61 Gb Paging File | 7.65 Gb Available in Paging File | 49.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1383.41 Gb Total Space | 1206.29 Gb Free Space | 87.20% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive Y: | 13.81 Gb Total Space | 5.55 Gb Free Space | 40.19% Space Free | Partition Type: NTFS
 
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2015/06/19 23:37:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
PRC - [2015/06/19 23:01:41 | 000,157,696 | ---- | M] () -- C:\ProgramData\Msouflui\1.0.1.0\uawiemem.exe
PRC - [2015/06/19 23:01:08 | 000,147,456 | ---- | M] () -- C:\Users\jklm\AppData\Local\4C4C4544-1434754844-5610-8048-B7C04F445131\snsrA659.tmp
PRC - [2015/06/19 22:56:32 | 002,730,984 | ---- | M] (Time Lapse Solutions) -- C:\ProgramData\WBRYXRSt\xfrcCqRE.exe
PRC - [2015/06/19 22:56:31 | 000,817,965 | ---- | M] ( ) -- C:\Users\jklm\AppData\Roaming\4C4C4544-1434779849-5610-8048-B7C04F445131\vnspB0B4.tmp
PRC - [2015/06/19 22:55:58 | 000,603,648 | ---- | M] () -- C:\Program Files (x86)\version85IneedSpeed\b4IneedSpeedQ95.exe
PRC - [2015/06/19 22:54:56 | 001,383,504 | ---- | M] (Cinema_Plus-1.2V19.06) -- C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.exe
PRC - [2015/06/19 22:53:46 | 001,570,896 | ---- | M] (Cinema_Plus-1.2V19.06) -- C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10.exe
PRC - [2015/06/19 09:55:46 | 003,319,976 | ---- | M] () -- C:\Users\jklm\AppData\Local\gmsd_us_005010007\upgmsd_us_005010007.exe
PRC - [2015/06/19 09:55:41 | 003,984,040 | ---- | M] () -- C:\Program Files (x86)\gmsd_us_005010007\gmsd_us_005010007.exe
PRC - [2015/06/18 21:06:42 | 002,422,784 | ---- | M] () -- C:\Program Files (x86)\Smwyyntm1ndi1zdz\nwjkm2z2y3mwbdd.exe
PRC - [2015/06/18 21:04:38 | 000,710,144 | ---- | M] () -- C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe
PRC - [2015/06/09 03:50:34 | 000,053,352 | ---- | M] (Games Bot Inc.) -- C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
PRC - [2015/06/05 01:14:30 | 000,359,936 | ---- | M] () -- C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131\bnsl9328.exe
PRC - [2015/05/28 10:06:16 | 001,240,096 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
PRC - [2015/04/22 05:00:56 | 000,311,912 | ---- | M] () -- C:\Program Files (x86)\Games Bot\GamesBot.exe
PRC - [2015/04/10 12:57:08 | 000,278,600 | ---- | M] (Infonaut) -- C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe
PRC - [2015/04/07 07:54:36 | 000,668,264 | ---- | M] (The Chromium Authors) -- C:\Users\jklm\AppData\Local\Games Bot\Explore\Explore.exe
PRC - [2015/02/25 08:32:16 | 001,200,656 | ---- | M] (Compete, Inc.) -- C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-host.exe
PRC - [2015/02/17 04:00:10 | 000,270,368 | ---- | M] (SoftBrain Technologies Ltd.) -- C:\Users\jklm\AppData\Local\SmartWeb\SmartWebHelper.exe
PRC - [2015/02/17 04:00:06 | 000,557,088 | ---- | M] (SoftBrain Technologies Ltd.) -- C:\Users\jklm\AppData\Local\SmartWeb\SmartWebApp.exe
PRC - [2014/11/27 10:31:42 | 000,055,640 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2014/11/27 09:04:42 | 000,997,728 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2014/11/27 09:04:18 | 000,407,904 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2014/11/27 04:34:18 | 001,513,752 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
PRC - [2014/09/18 19:16:34 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2013/02/15 18:23:34 | 014,731,776 | ---- | M] (GARMIN Corp.) -- C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/06 10:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 10:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/11/17 08:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
PRC - [2010/11/17 08:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/26 19:27:00 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010/10/01 14:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2010/01/27 14:01:56 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/06/19 23:01:41 | 000,157,696 | ---- | M] () -- C:\ProgramData\Msouflui\1.0.1.0\uawiemem.exe
MOD - [2015/06/19 22:57:39 | 000,117,248 | ---- | M] () -- C:\Users\jklm\AppData\Local\Temp\nspC290.tmp\IpConfig.dll
MOD - [2015/06/19 22:57:38 | 000,011,264 | ---- | M] () -- C:\Users\jklm\AppData\Local\Temp\nspC290.tmp\System.dll
MOD - [2015/06/19 22:55:58 | 000,603,648 | ---- | M] () -- C:\Program Files (x86)\version85IneedSpeed\b4IneedSpeedQ95.exe
MOD - [2015/06/19 22:55:46 | 000,494,592 | ---- | M] () -- C:\Program Files (x86)\version85IneedSpeed\192.dll
MOD - [2015/06/19 09:55:46 | 003,319,976 | ---- | M] () -- C:\Users\jklm\AppData\Local\gmsd_us_005010007\upgmsd_us_005010007.exe
MOD - [2015/06/19 09:55:41 | 003,984,040 | ---- | M] () -- C:\Program Files (x86)\gmsd_us_005010007\gmsd_us_005010007.exe
MOD - [2015/06/18 21:06:42 | 002,422,784 | ---- | M] () -- C:\Program Files (x86)\Smwyyntm1ndi1zdz\nwjkm2z2y3mwbdd.exe
MOD - [2015/06/09 03:52:08 | 000,056,424 | ---- | M] () -- C:\Program Files (x86)\Games Bot\Modules\wdm.dll
MOD - [2015/06/09 03:51:50 | 000,096,872 | ---- | M] () -- C:\Program Files (x86)\Games Bot\Modules\sipc.dll
MOD - [2015/06/09 03:51:38 | 000,041,576 | ---- | M] () -- C:\Program Files (x86)\Games Bot\Modules\inws.dll
MOD - [2015/06/09 03:51:30 | 000,090,728 | ---- | M] () -- C:\Program Files (x86)\Games Bot\Modules\cmd.dll
MOD - [2015/06/09 03:51:24 | 000,117,352 | ---- | M] () -- C:\Program Files (x86)\Games Bot\Modules\brs.dll
MOD - [2015/06/09 03:51:18 | 000,109,160 | ---- | M] () -- C:\Program Files (x86)\Games Bot\Modules\Base.dll
MOD - [2015/06/09 03:51:12 | 000,039,528 | ---- | M] () -- C:\Program Files (x86)\Games Bot\Modules\alzm.dll
MOD - [2015/06/05 01:14:30 | 000,359,936 | ---- | M] () -- C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131\bnsl9328.exe
MOD - [2015/05/28 10:06:16 | 001,240,096 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
MOD - [2015/04/22 05:00:56 | 000,311,912 | ---- | M] () -- C:\Program Files (x86)\Games Bot\GamesBot.exe
MOD - [2015/04/22 01:24:54 | 000,904,704 | ---- | M] () -- C:\Program Files (x86)\Games Bot\System.Data.SQLite.dll
MOD - [2015/03/26 07:39:47 | 008,569,856 | ---- | M] () -- C:\Users\jklm\AppData\Local\Games Bot\Explore\pdf.dll
MOD - [2015/03/26 07:18:11 | 000,324,608 | ---- | M] () -- C:\Users\jklm\AppData\Local\Games Bot\Explore\ppGoogleNaClPluginChrome.dll
MOD - [2015/03/26 07:14:17 | 000,880,128 | ---- | M] () -- C:\Users\jklm\AppData\Local\Games Bot\Explore\ffmpegsumo.dll
MOD - [2015/02/25 08:32:08 | 001,938,944 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\InternetExplorer\mozjs185-1.0.dll
MOD - [2014/09/22 21:07:04 | 014,891,848 | ---- | M] () -- C:\Users\jklm\AppData\Local\Games Bot\Explore\PepperFlash\pepflashplayer.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/11 19:55:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\b1a619266964bede98b18ef83eb1c559\System.Core.ni.dll
MOD - [2011/04/07 15:11:06 | 005,246,976 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2011/04/07 12:31:09 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\598a9987f519acb9efe5372a2c556af6\PresentationFramework.Aero.ni.dll
MOD - [2011/04/07 12:31:06 | 014,318,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\eb5ff7b60b69cc300751f46c6af316ad\PresentationFramework.ni.dll
MOD - [2011/04/07 12:30:56 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a937151be4e65fd89c55b4c603f7d902\PresentationCore.ni.dll
MOD - [2011/04/07 12:30:56 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f050ef6d97c0102333ded4d8d58ffa4e\UIAutomationTypes.ni.dll
MOD - [2011/04/07 12:30:56 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\de2941860ca151f8f9dd719daa7f9650\UIAutomationProvider.ni.dll
MOD - [2011/04/07 12:30:49 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d80659eacd9554d9606881b0d35835cf\WindowsBase.ni.dll
MOD - [2011/04/07 12:30:40 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b2e6d33df15f6ca262db09558982e0f2\Accessibility.ni.dll
MOD - [2011/04/07 12:30:39 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll
MOD - [2011/04/07 12:30:27 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7e94064464380c8a5d7315c8b5d312aa\System.EnterpriseServices.ni.dll
MOD - [2011/04/07 12:30:26 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\c744f0f95227e75796b8689801740d4b\System.Transactions.ni.dll
MOD - [2011/04/07 12:30:25 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\935ac020241e59cab3287d5eb38c592d\System.Data.ni.dll
MOD - [2011/04/07 12:30:17 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll
MOD - [2011/04/07 12:30:11 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll
MOD - [2011/04/07 12:30:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll
MOD - [2011/04/07 12:30:08 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll
MOD - [2011/04/07 12:29:42 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll
MOD - [2010/11/24 20:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 08:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
MOD - [2010/11/17 08:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/11/17 08:35:28 | 000,657,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/06/10 14:23:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/06/10 14:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 14:23:18 | 003,178,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2009/06/10 14:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/06/10 14:23:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2015/06/19 23:11:17 | 000,558,544 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/ORBTR/orbiter.dll -- (Orbiter)
SRV - [2015/06/19 23:01:08 | 000,147,456 | ---- | M] () [Auto | Running] -- C:\Users\jklm\AppData\Local\4C4C4544-1434754844-5610-8048-B7C04F445131\snsrA659.tmp -- (kysykiti)
SRV - [2015/06/19 22:58:46 | 000,105,944 | ---- | M] (ConsumerInput) [On_Demand | Stopped] -- C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe -- (consumerinput_updatem)
SRV - [2015/06/19 22:58:46 | 000,105,944 | ---- | M] (ConsumerInput) [Auto | Stopped] -- C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe -- (consumerinput_update)
SRV - [2015/06/19 22:56:32 | 002,730,984 | ---- | M] (Time Lapse Solutions) [Auto | Running] -- C:\ProgramData\WBRYXRSt\xfrcCqRE.exe -- (xfrcCqRE)
SRV - [2015/06/19 22:53:52 | 000,068,608 | ---- | M] (globalUpdate) [On_Demand | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe -- (globalUpdatem)
SRV - [2015/06/19 22:53:52 | 000,068,608 | ---- | M] (globalUpdate) [Auto | Stopped] -- C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe -- (globalUpdate)
SRV - [2015/06/18 21:04:38 | 000,710,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe -- (UniversalUpdater)
SRV - [2015/06/10 04:57:08 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/06/09 03:50:34 | 000,053,352 | ---- | M] (Games Bot Inc.) [Auto | Running] -- C:\Program Files (x86)\Games Bot\GamesBotSvc.exe -- (GamesBotService)
SRV - [2015/06/03 02:35:02 | 003,285,776 | ---- | M] (Client Connect LTD) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2015/04/10 12:57:08 | 000,278,600 | ---- | M] (Infonaut) [Auto | Running] -- C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe -- (insvc_1.10.0.14)
SRV - [2014/09/18 19:16:34 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/04/07 12:31:12 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/11/25 03:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 03:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/26 16:26:58 | 000,236,016 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/06/19 22:55:57 | 000,050,216 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\webTinstMKTN84.sys -- (webTinstMKTN84)
DRV:64bit: - [2015/06/18 21:08:12 | 000,050,520 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nwjkm2z2y3mwbdd.sys -- (nwjkm2z2y3mwbdd)
DRV:64bit: - [2015/04/10 12:56:56 | 000,058,224 | ---- | M] (Infonaut) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\innfd_1_10_0_14.sys -- (innfd_1_10_0_14)
DRV:64bit: - [2014/10/29 17:26:46 | 000,131,256 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2013/02/21 07:05:44 | 000,011,296 | ---- | M] (Safend Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\SpfdBus.sys -- (SpfdBus)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/07/30 16:36:38 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2010/04/01 07:47:10 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/19 01:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 22:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/16 04:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 10:53:04 | 000,032,256 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...C&D=062015=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 48 D0 59 05 06 CF 01  [binary data]
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {008E7F3B-B9BB-4F68-9EE6-985CDA3090CC}
IE - HKCU\..\SearchScopes\{008E7F3B-B9BB-4F68-9EE6-985CDA3090CC}: "URL" = http://www.google.co...{outputEncoding?}
IE - HKCU\..\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...archTerms}=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{78DADB4B-7468-4c1c-8612-00FBF356A9FF}: C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi [2013/07/30 17:09:48 | 000,012,301 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2014/04/23 19:12:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C6476A68-B06E-82C0-8E2F-D79F1A73C235}: C:\Program Files (x86)\version85IneedSpeed\192.xpi [2015/06/19 22:56:16 | 000,010,631 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ConsumerInput@Compete: C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12099.xpi [2015/01/21 05:15:46 | 000,511,969 | ---- | M] ()
 
[2013/07/18 23:29:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebjipgnedcljapmafeafekmlebefcafp\1.1.0_0\
CHR - Extension: No name found = C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdhhjbhbfhkmmcjojicgkoplildbkbk\1.192.0.0_0\
CHR - Extension: No name found = C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.1.0_0\
CHR - Extension: No name found = C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.85_0\
CHR - Extension: No name found = C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IneedSpeed) - {9480B134-F446-56C2-81C2-8E7E24D11E5F} - C:\Program Files (x86)\version85IneedSpeed\192_x64.dll ()
O2:64bit: - BHO: (Consumer Input DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll (Compete, Inc.)
O2:64bit: - BHO: (DVDVideoSoft IE Extension) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (IneedSpeed) - {9480B134-F446-56C2-81C2-8E7E24D11E5F} - C:\Program Files (x86)\version85IneedSpeed\192.dll ()
O2 - BHO: (Consumer Input DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll (Compete, Inc.)
O2 - BHO: (DVDVideoSoft IE Extension) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AccessSecureData] C:\Users\jklm\AppData\Local\Temp\{8565EB50-E289-4892-A596-DA6331E51B86}\AccessSecureData.exe File not found
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [gmsd_us_005010007] C:\Program Files (x86)\gmsd_us_005010007\gmsd_us_005010007.exe ()
O4 - HKLM..\Run: [mwyyntm1ndi1zdz] C:\Program Files (x86)\Smwyyntm1ndi1zdz\nwjkm2z2y3mwbdd.exe ()
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Redirector] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [SmartWeb] C:\Users\jklm\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
O4 - HKLM..\Run: [WinCheck] C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131\bnsl9328.exe ()
O4 - HKCU..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
O4 - HKCU..\Run: [GamesBot] C:\Program Files (x86)\Games Bot\GamesBot.exe ()
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_D1B0517A1A5838A6E831285B01BA7F9A] C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
O4 - HKCU..\Run: [PCKeeper2] "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun File not found
O4 - HKLM..\RunOnce: [upgmsd_us_005010007.exe] C:\Users\jklm\AppData\Local\gmsd_us_005010007\upgmsd_us_005010007.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk = C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
O4 - Startup: C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk = C:\Users\jklm\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download video on this page - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_IE.dll (Kotato)
O8:64bit: - Extra context menu item: Download video this links to - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_IE.dll (Kotato)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Download video on this page - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_IE.dll (Kotato)
O8 - Extra context menu item: Download video this links to - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_IE.dll (Kotato)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Download Video - {731DC20B-51DE-4681-BBB9-69593E9F99A2} - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_IE.dll (Kotato)
O9 - Extra 'Tools' menuitem : Download video on this page - {731DC20B-51DE-4681-BBB9-69593E9F99A2} - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_IE.dll (Kotato)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{532EA892-0F4F-476E-8CAC-78C4C48327DB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll (Client Connect LTD)
O20:64bit: - AppInit_DLLs: (C:\ProgramData\FlashBeat\FlashBeat64.dll) - C:\ProgramData\FlashBeat\FlashBeat64.dll (FlashBeat)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll (Client Connect LTD)
O20 - AppInit_DLLs: (C:\ProgramData\FlashBeat\FlashBeat32.dll) - C:\ProgramData\FlashBeat\FlashBeat32.dll (FlashBeat)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 15:01:00 | 000,000,053 | -HS- | M] () - Y:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/06/19 23:37:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
[2015/06/19 23:27:45 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
[2015/06/19 23:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyProtectEx
[2015/06/19 23:21:10 | 000,000,000 | -HSD | C] -- C:\Users\jklm\AppData\Roaming\AnyProtectEx
[2015/06/19 23:20:33 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Roaming\Compete
[2015/06/19 23:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
[2015/06/19 23:17:37 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\Crossbrowse
[2015/06/19 23:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
[2015/06/19 23:17:29 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\gmsd_us_005010007
[2015/06/19 23:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gmsd_us_005010007
[2015/06/19 23:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crossbrowse
[2015/06/19 23:14:12 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\avabvbavad
[2015/06/19 23:14:06 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot
[2015/06/19 23:14:05 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\Games Bot
[2015/06/19 23:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Games Bot
[2015/06/19 23:13:55 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\SearchProtect
[2015/06/19 23:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2015/06/19 23:12:12 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\SmartWeb
[2015/06/19 23:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ORBTR
[2015/06/19 23:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infonaut_1.10.0.14
[2015/06/19 23:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Setup Support for Consumer Input
[2015/06/19 23:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Msouflui
[2015/06/19 23:00:44 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\4C4C4544-1434754844-5610-8048-B7C04F445131
[2015/06/19 22:58:49 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\Consumer Input
[2015/06/19 22:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Consumer Input
[2015/06/19 22:58:23 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131
[2015/06/19 22:58:18 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\Kromtech
[2015/06/19 22:58:15 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\Zeoinsight
[2015/06/19 22:58:14 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\ZBAnalyticsCore
[2015/06/19 22:57:34 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
[2015/06/19 22:57:29 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Roaming\ASPackage
[2015/06/19 22:57:29 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Roaming\4C4C4544-1434779849-5610-8048-B7C04F445131
[2015/06/19 22:57:15 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\ZombieNews
[2015/06/19 22:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WBRYXRSt
[2015/06/19 22:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ZombieNews
[2015/06/19 22:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\version85IneedSpeed
[2015/06/19 22:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Umtayyznhndq1ntz
[2015/06/19 22:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hades
[2015/06/19 22:54:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smwyyntm1ndi1zdz
[2015/06/19 22:54:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\22c5dbb2-38e8-401e-a36d-e396d9be6748
[2015/06/19 22:53:53 | 000,000,000 | ---D | C] -- C:\Users\jklm\AppData\Local\globalUpdate
[2015/06/19 22:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2015/06/19 22:53:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cinema_Plus-1.2V19.06
[2015/06/19 22:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\5aae4531dc23473f8da7a5bac9f3a51f
[2015/06/19 22:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\28341ff220e0446c9fff27c4493d622e
[2015/06/19 22:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Kromtech
[2015/06/19 22:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\FlashBeat
[2015/06/19 22:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LuckyTab
[2015/06/19 22:36:42 | 000,000,000 | ---D | C] -- C:\Users\jklm\Desktop\Atlas Genius - When It Was Now
[2015/06/18 21:08:12 | 000,050,520 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\nwjkm2z2y3mwbdd.sys
[2015/06/17 22:39:48 | 000,000,000 | ---D | C] -- C:\Users\jklm\Desktop\Imagine Dragons - Smoke + Mirrors
[2015/06/17 22:35:46 | 000,000,000 | ---D | C] -- C:\Users\jklm\Desktop\Sutter 2015 Slideshow
[2015/05/29 08:02:40 | 000,000,000 | ---D | C] -- C:\Users\jklm\Desktop\md new mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\jklm\AppData\Local\*.tmp files -> C:\Users\jklm\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/06/19 23:50:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001.job
[2015/06/19 23:47:30 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job
[2015/06/19 23:39:35 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/06/19 23:37:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jklm\Desktop\OTL.exe
[2015/06/19 23:27:48 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job
[2015/06/19 23:27:47 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job
[2015/06/19 23:27:45 | 000,001,011 | ---- | M] () -- C:\Users\jklm\Desktop\AnyProtect.lnk
[2015/06/19 23:17:58 | 000,002,384 | ---- | M] () -- C:\Users\jklm\Application Data\Microsoft\Internet Explorer\Quick Launch\Crossbrowse.lnk
[2015/06/19 23:17:37 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\Crossbrowse.job
[2015/06/19 23:17:35 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Search.lnk
[2015/06/19 23:17:30 | 000,002,360 | ---- | M] () -- C:\Users\Public\Desktop\Crossbrowse.lnk
[2015/06/19 23:17:30 | 000,002,360 | ---- | M] () -- C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
[2015/06/19 23:12:14 | 000,001,100 | ---- | M] () -- C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
[2015/06/19 23:04:16 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\ConsumerInputUpdateTaskMachineUA.job
[2015/06/19 23:03:00 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\ConsumerInputUpdateTaskMachineCore.job
[2015/06/19 23:02:15 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001.job
[2015/06/19 22:59:10 | 000,000,996 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2015/06/19 22:59:00 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2015/06/19 22:56:27 | 000,000,430 | ---- | M] () -- C:\Windows\tasks\IneedSpeed Update.job
[2015/06/19 22:56:25 | 000,001,822 | ---- | M] () -- C:\Windows\patsearch.bin
[2015/06/19 22:56:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
[2015/06/19 22:56:17 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/06/19 22:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/06/19 22:55:57 | 000,050,216 | ---- | M] () -- C:\Windows\SysNative\drivers\webTinstMKTN84.sys
[2015/06/19 22:55:16 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\g5EHHvd7KBE2FYc8jv1Ik.job
[2015/06/19 22:55:11 | 000,002,444 | ---- | M] () -- C:\Windows\tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5_user.job
[2015/06/19 22:55:08 | 000,002,444 | ---- | M] () -- C:\Windows\tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.job
[2015/06/19 22:54:49 | 000,003,136 | ---- | M] () -- C:\Windows\tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.job
[2015/06/19 22:54:45 | 000,003,136 | ---- | M] () -- C:\Windows\tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7.job
[2015/06/19 22:54:23 | 000,005,516 | ---- | M] () -- C:\Windows\tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.job
[2015/06/19 22:54:14 | 000,005,180 | ---- | M] () -- C:\Windows\tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7.job
[2015/06/19 22:54:00 | 000,004,156 | ---- | M] () -- C:\Windows\tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3.job
[2015/06/19 22:53:49 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\029B560A371F4E00AB32838EBC01B9E7
[2015/06/19 22:53:46 | 000,002,110 | ---- | M] () -- C:\Windows\tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10_user.job
[2015/06/19 22:53:00 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\MTCYOKLOLS1.job
[2015/06/19 22:30:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/06/19 18:21:22 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2015/06/18 21:08:12 | 000,050,520 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\nwjkm2z2y3mwbdd.sys
[2015/06/10 22:44:22 | 000,763,853 | ---- | M] () -- C:\Users\jklm\Desktop\IMG_1326.JPG
[2015/06/10 05:39:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/06/08 11:00:03 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2015/06/02 21:55:48 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/06/02 21:55:48 | 000,626,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/06/02 21:55:48 | 000,107,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/05/22 09:52:23 | 000,199,930 | ---- | M] () -- C:\Users\jklm\Desktop\hswpvtrnemp.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\jklm\AppData\Local\*.tmp files -> C:\Users\jklm\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/06/19 23:27:48 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP3.job
[2015/06/19 23:27:47 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP2.job
[2015/06/19 23:27:45 | 000,001,011 | ---- | C] () -- C:\Users\jklm\Desktop\AnyProtect.lnk
[2015/06/19 23:27:45 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP1.job
[2015/06/19 23:17:40 | 000,002,360 | ---- | C] () -- C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
[2015/06/19 23:17:36 | 000,001,054 | ---- | C] () -- C:\Windows\tasks\Crossbrowse.job
[2015/06/19 23:17:35 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Search.lnk
[2015/06/19 23:17:30 | 000,002,384 | ---- | C] () -- C:\Users\jklm\Application Data\Microsoft\Internet Explorer\Quick Launch\Crossbrowse.lnk
[2015/06/19 23:17:30 | 000,002,360 | ---- | C] () -- C:\Users\Public\Desktop\Crossbrowse.lnk
[2015/06/19 23:12:14 | 000,001,100 | ---- | C] () -- C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
[2015/06/19 23:02:14 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001.job
[2015/06/19 23:02:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001.job
[2015/06/19 22:59:01 | 000,000,966 | ---- | C] () -- C:\Windows\tasks\ConsumerInputUpdateTaskMachineUA.job
[2015/06/19 22:58:59 | 000,000,962 | ---- | C] () -- C:\Windows\tasks\ConsumerInputUpdateTaskMachineCore.job
[2015/06/19 22:56:27 | 000,000,430 | ---- | C] () -- C:\Windows\tasks\IneedSpeed Update.job
[2015/06/19 22:56:25 | 000,001,822 | ---- | C] () -- C:\Windows\patsearch.bin
[2015/06/19 22:56:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
[2015/06/19 22:56:18 | 000,050,216 | ---- | C] () -- C:\Windows\SysNative\drivers\webTinstMKTN84.sys
[2015/06/19 22:56:16 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/06/19 22:55:14 | 000,001,010 | ---- | C] () -- C:\Windows\tasks\g5EHHvd7KBE2FYc8jv1Ik.job
[2015/06/19 22:55:09 | 000,002,444 | ---- | C] () -- C:\Windows\tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5_user.job
[2015/06/19 22:55:07 | 000,002,444 | ---- | C] () -- C:\Windows\tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.job
[2015/06/19 22:54:46 | 000,003,136 | ---- | C] () -- C:\Windows\tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.job
[2015/06/19 22:54:44 | 000,003,136 | ---- | C] () -- C:\Windows\tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7.job
[2015/06/19 22:54:15 | 000,005,516 | ---- | C] () -- C:\Windows\tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.job
[2015/06/19 22:54:03 | 000,005,180 | ---- | C] () -- C:\Windows\tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7.job
[2015/06/19 22:54:02 | 000,000,996 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2015/06/19 22:54:00 | 000,000,992 | ---- | C] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2015/06/19 22:53:54 | 000,004,156 | ---- | C] () -- C:\Windows\tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3.job
[2015/06/19 22:53:49 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\029B560A371F4E00AB32838EBC01B9E7
[2015/06/19 22:53:45 | 000,002,110 | ---- | C] () -- C:\Windows\tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10_user.job
[2015/06/19 22:52:31 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\MTCYOKLOLS1.job
[2015/06/17 23:02:34 | 000,763,853 | ---- | C] () -- C:\Users\jklm\Desktop\IMG_1326.JPG
[2015/05/22 09:52:22 | 000,199,930 | ---- | C] () -- C:\Users\jklm\Desktop\hswpvtrnemp.pdf
[2015/04/20 07:05:14 | 001,579,520 | ---- | C] () -- C:\Users\jklm\AppData\Roaming\g5EHHvd7KBE2FYc8jv1Ik.exe
[2015/04/19 05:20:16 | 000,005,872 | ---- | C] () -- C:\Users\jklm\AppData\Roaming\g5EHHvd7KBE2FYc8jv1Ik
[2014/03/29 20:31:00 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/11/17 19:03:48 | 000,004,096 | -H-- | C] () -- C:\Users\jklm\AppData\Local\keyfile3.drm
[2013/11/01 21:22:12 | 000,001,075 | ---- | C] () -- C:\Users\jklm\Documents - Shortcut.lnk
[2013/07/24 17:18:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/24 17:18:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/24 17:18:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/24 17:18:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/24 17:18:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/04/07 15:11:07 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/04/07 15:11:07 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 18:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/06/19 23:20:29 | 000,000,000 | ---D | M] -- C:\Users\jklm\AppData\Roaming\4C4C4544-1434779849-5610-8048-B7C04F445131
[2015/06/19 23:21:10 | 000,000,000 | -HSD | M] -- C:\Users\jklm\AppData\Roaming\AnyProtectEx
[2015/06/19 22:57:32 | 000,000,000 | ---D | M] -- C:\Users\jklm\AppData\Roaming\ASPackage
[2015/06/19 23:20:33 | 000,000,000 | ---D | M] -- C:\Users\jklm\AppData\Roaming\Compete
[2014/04/28 07:22:38 | 000,000,000 | ---D | M] -- C:\Users\jklm\AppData\Roaming\DVDVideoSoft
[2013/07/02 04:46:23 | 000,000,000 | ---D | M] -- C:\Users\jklm\AppData\Roaming\Garmin
[2014/05/09 05:31:42 | 000,000,000 | ---D | M] -- C:\Users\jklm\AppData\Roaming\HandBrake
[2015/03/24 17:01:14 | 000,000,000 | ---D | M] -- C:\Users\jklm\AppData\Roaming\ICAClient
[2014/05/05 19:38:18 | 000,000,000 | ---D | M] -- C:\Users\jklm\AppData\Roaming\Kotato
[2015/06/19 23:11:29 | 000,000,000 | ---D | M] -- C:\Users\jklm\AppData\Roaming\MediaMonkey
[2011/06/12 14:00:24 | 000,000,000 | ---D | M] -- C:\Users\jklm\AppData\Roaming\PCDr
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/08/02 23:50:06 | 000,000,068 | ---- | M] ()(C:\Users\jklm\Desktop\? Rowbury wins 3000m with leading time - Universal Sports - YouTube.url) -- C:\Users\jklm\Desktop\▶ Rowbury wins 3000m with leading time - Universal Sports - YouTube.url
[2013/08/02 23:50:06 | 000,000,068 | ---- | C] ()(C:\Users\jklm\Desktop\? Rowbury wins 3000m with leading time - Universal Sports - YouTube.url) -- C:\Users\jklm\Desktop\▶ Rowbury wins 3000m with leading time - Universal Sports - YouTube.url
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1228 bytes -> C:\Users\jklm\Desktop\noname.eml:OECustomProperty

< End of report >

 

 

 

 

[Advertisements]

Hit there OTL is no longer supported

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[Essexboy]

Hit there OTL is no longer supported

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Select additions at the bottom
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please attach both logs generated.

[md262]

Hi, here is the scan.  Thanks.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by jklm at 2015-06-20 06:20:53
Running from C:\Users\jklm\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2695581885-3589152984-3162700467-500 - Administrator - Disabled)
Guest (S-1-5-21-2695581885-3589152984-3162700467-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2695581885-3589152984-3162700467-1002 - Limited - Enabled)
jklm (S-1-5-21-2695581885-3589152984-3162700467-1001 - Administrator - Enabled) => C:\Users\jklm
Leslie (S-1-5-21-2695581885-3589152984-3162700467-1003 - Administrator - Enabled) => C:\Users\Leslie
Michael (S-1-5-21-2695581885-3589152984-3162700467-1004 - Administrator - Enabled) => C:\Users\Michael

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.4 - CMI Limited) <==== ATTENTION
AnySend (HKLM-x32\...\ASPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION!
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Book Alter (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Book Alter)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cinema_Plus-1.2V19.06 (HKLM-x32\...\Cinema_Plus-1.2V19.06) (Version: 1.36.01.22 - Cinema_Plus-1.2V19.06) <==== ATTENTION
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Consumer Input (HKLM-x32\...\Setup Support for Consumer Input) (Version: 1.0 - Sono Control Inc.) <==== ATTENTION
Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version:  - Compete Inc.) <==== ATTENTION
Crossbrowse (HKLM-x32\...\Crossbrowse) (Version: 39.6.2171.95 - The Crossbrowse Authors) <==== ATTENTION!
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Marketplace Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Stage (HKLM-x32\...\{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}) (Version: 1.4.173.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FlashBeat (HKLM-x32\...\FlashBeat) (Version:  - ) <==== ATTENTION!
Free Audio Converter version 5.0.38.423 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.38.423 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.32.327 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.)
Games Bot (HKLM-x32\...\Games Bot) (Version: 183.0.0.578 - CLICK YES BELOW LP) <==== ATTENTION
GamesDesktop 025.005010007 (HKLM-x32\...\gmsd_us_005010007_is1) (Version:  - GAMESDESKTOP) <==== ATTENTION
Garmin ANT Agent (HKLM\...\{20B0E07B-12EA-4BAB-A3B1-E17D7568EB6F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
Hades (HKLM-x32\...\Hades) (Version: 2.06.19.0 - Hades)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
IneedSpeed (HKLM-x32\...\7D97A712-EA2C-C889-15C2-FB6C8019A56D) (Version:  - IneedSpeed-software)
Infonaut 1.10.0.14 (HKLM-x32\...\Infonaut_1.10.0.14) (Version: 1.10.0.14 - Infonaut) <==== ATTENTION
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java™ 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Java™ 6 Update 23 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LaserJet 1020 series (HKLM-x32\...\HP-LaserJet 1020 series) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}) (Version: 1.6.915.87 - Fitipower)
Multimedia Card Reader (x32 Version: 1.6.915.87 - Fitipower) Hidden
Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.23.32.25 - Client Connect LTD)
Self-service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.)
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.0.5.32 - WildTangent)
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices  (07/07/2009 1.12.2) (HKLM\...\24DA573F901348FFDFF7717497830D45BE0C362E) (Version: 07/07/2009 1.12.2 - Dynastream Innovations)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
Word Processor Text Wrap (HKLM-x32\...\wincheck) (Version: 1.0.0.0 - Word Processor Text Wrap) <==== ATTENTION
YouTube Downloader 5 (HKLM-x32\...\YouTube Downloader_is1) (Version:  - Kotato)
Zombie News (HKLM-x32\...\ZombieNews) (Version: 2.7.67 - Time Lapse Solutions) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

27-05-2015 19:42:13 Windows Update
31-05-2015 10:23:57 Windows Update
03-06-2015 18:00:52 Windows Update
06-06-2015 18:01:32 Windows Update
10-06-2015 18:01:14 Windows Update
13-06-2015 22:05:23 Windows Update
17-06-2015 20:41:30 Windows Update
19-06-2015 23:03:43 Removed PCKeeper
19-06-2015 23:04:49 Removed AccountService

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DEFAFC1-A326-4FA8-BC49-510BF138920B} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {108C1E21-5089-48EF-BD11-1501899CE4AC} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2010-08-05] ()
Task: {1119667B-611D-4249-8854-A7DB8636EE64} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert <==== ATTENTION
Task: {16702F08-2E8E-469D-837A-ADA64D90C7D7} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-06-19] (globalUpdate) <==== ATTENTION
Task: {1EA97C4B-FCAE-4BBB-A71E-1265724A8955} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5_user => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {1F1A23DE-DD68-41CA-8CB4-7F08C9C49FEE} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {206C1510-E887-4CB4-9303-E73F18B176B7} - System32\Tasks\MTCYOKLOLS1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-06-03] (FlashBeat) <==== ATTENTION
Task: {2436DEEB-DD6D-44A9-9621-AD477B84D50B} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {25D9EEC0-2AF8-44B2-A0DE-5C910129442E} - System32\Tasks\g5EHHvd7KBE2FYc8jv1Ik => C:\Users\jklm\AppData\Roaming\g5EHHvd7KBE2FYc8jv1Ik.exe [2015-04-20] () <==== ATTENTION
Task: {2B6B43A6-FF97-4D56-8D35-9A0666E4B960} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {30FB7E70-077A-495C-BC25-EDC2F61043C0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-06-19] (AnyProtect.com) <==== ATTENTION
Task: {35E59BE4-062B-4B39-B401-99DA02CE3991} - System32\Tasks\LuckyTab => C:\Program Files (x86)\LuckyTab\LuckyTab.exe [2015-06-19] (http://lucky-tab.com/) <==== ATTENTION
Task: {36FE590F-92E9-4DE1-B322-AB15E75D3186} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-06-19] (AnyProtect.com) <==== ATTENTION
Task: {3F808F81-6AC0-4CDB-B723-3B0E2E67A628} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {498BB6A0-883F-4F56-B7FB-EE1A512BDC3F} - System32\Tasks\avabvbavad => C:\Users\jklm\AppData\Local\avabvbavad\avabvbavad.exe [2015-06-03] () <==== ATTENTION
Task: {53471D25-BB8E-4994-B0A3-3CA2587DE723} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-06-19] (AnyProtect.com) <==== ATTENTION
Task: {5773C316-3E31-4457-80EB-A4D9D6313CF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19] (Google Inc.)
Task: {5B1E65F8-26D7-4002-A143-9946E067CBEB} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-06-19] (ConsumerInput) <==== ATTENTION
Task: {5CD2788A-2A84-4243-860F-29BF6BE12267} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2010-08-05] (PC-Doctor, Inc.)
Task: {60A9363C-5270-4A43-A6E4-A2FF10BD0F10} - System32\Tasks\Msouflui => C:\ProgramData\Msouflui\1.0.1.0\uawiemem.exe [2015-06-19] ()
Task: {65FAB375-5C9B-422C-BA52-D4640BECE2E7} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\jklm\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {7EB4D63B-B9FB-44BE-8150-330461C9086D} - System32\Tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-05-28] () <==== ATTENTION
Task: {91CEDBA4-F59A-458E-9872-3BC242A2B768} - System32\Tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-05-28] () <==== ATTENTION
Task: {939DD84A-EE72-462A-B5F7-4EC770D77172} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-06-19] () <==== ATTENTION
Task: {9C494CE0-EAD7-4D7A-B043-EB0E53A5BD92} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19] (Google Inc.)
Task: {9F8AC108-4F23-45DB-B348-FFC30CA00E9A} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {A3F5DF1A-12BD-4A6B-B88E-C9409B1CB21C} - System32\Tasks\IneedSpeed Update => C:\Program Files (x86)\version85IneedSpeed\b4IneedSpeedQ95.exe [2015-06-19] ()
Task: {A9B0AB88-B394-44E4-8592-0165F8527AFD} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-06-19] (globalUpdate) <==== ATTENTION
Task: {AACBE3DE-4533-41A1-9110-33CA1009219D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)
Task: {AB812764-E1CD-4ED6-BEB3-A6716B7380CE} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-06-19] (ConsumerInput) <==== ATTENTION
Task: {C0E64DAA-FBD4-4DFC-ACF7-49054E9B9283} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {C36928FA-A219-4712-B78B-FEB4D55EE9BA} - System32\Tasks\{B73072F1-ABE4-455D-9175-7FB9C096E10F} => pcalua.exe -a "C:\Program Files (x86)\Zenographics\{B49F7068-1268-46E3-B682-21CCEDD4CF9E}\setup.exe" -c -u "HPLJInstaller.dll=Hpl_1020.inf"
Task: {D2AB08C0-8901-4919-BA8F-14EF972CB55D} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10_user => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {EC030BBA-1A99-48A5-9616-E98AC8CE8371} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {F6BA4C1F-5DC6-44F3-9C26-E783E739F7FC} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-08-05] (PC-Doctor, Inc.)
Task: {F6D8D14C-B9F6-41B1-8BC8-8678D8DD69E5} - System32\Tasks\ZYICP => C:\ProgramData\5aae4531dc23473f8da7a5bac9f3a51f\5aae4531dc23473f8da7a5bac9f3a51f.exe [2015-06-03] () <==== ATTENTION
Task: {FBE3C925-A7EC-4FFE-A4BD-78C505289737} - System32\Tasks\{509E09E5-D60C-454A-A352-E9175BD2F7C4} => pcalua.exe -a C:\Users\jklm\Downloads\HijackThis.exe -d C:\Users\jklm\Downloads
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10_user.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5_user.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\Windows\Tasks\g5EHHvd7KBE2FYc8jv1Ik.job => C:\Users\jklm\AppData\Roaming\g5EHHvd7KBE2FYc8jv1Ik.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\IneedSpeed Update.job => C:\Program Files (x86)\version85IneedSpeed\b4IneedSpeedQ95.exe
Task: C:\Windows\Tasks\MTCYOKLOLS1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (Whitelisted) ==============

2011-06-12 13:32 - 2010-05-13 23:48 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2011-06-12 13:33 - 2010-05-13 23:48 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2011-06-12 13:32 - 2010-05-13 23:48 - 03152384 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\suhp1020.dll
2011-06-12 13:32 - 2010-05-13 23:48 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\gchp1020.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-11-10 20:53 - 2010-11-10 20:53 - 00817136 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2010-11-17 08:35 - 2010-11-17 08:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-04-07 12:35 - 2011-08-18 08:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2010-11-17 08:35 - 2010-11-17 08:35 - 01440240 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
2015-06-18 21:06 - 2015-06-18 21:06 - 02422784 _____ () C:\Program Files (x86)\Smwyyntm1ndi1zdz\nwjkm2z2y3mwbdd.exe
2015-06-18 21:04 - 2015-06-18 21:04 - 00710144 _____ () C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe
2015-06-05 01:14 - 2015-06-05 01:14 - 00359936 _____ () C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131\bnsl9328.exe
2015-06-19 23:01 - 2015-06-19 23:01 - 00147456 _____ () C:\Users\jklm\AppData\Local\4C4C4544-1434754844-5610-8048-B7C04F445131\snsrA659.tmp
2015-06-19 23:01 - 2015-06-19 23:01 - 00157696 _____ () C:\ProgramData\Msouflui\1.0.1.0\uawiemem.exe
2015-05-28 10:06 - 2015-05-28 10:06 - 01240096 _____ () C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
2015-04-22 05:00 - 2015-04-22 05:00 - 00311912 _____ () C:\Program Files (x86)\Games Bot\GamesBot.exe
2015-06-19 23:17 - 2015-06-19 09:55 - 03319976 _____ () C:\Users\jklm\AppData\Local\gmsd_us_005010007\upgmsd_us_005010007.exe
2015-06-19 23:17 - 2015-06-19 09:55 - 03984040 _____ () C:\Program Files (x86)\gmsd_us_005010007\gmsd_us_005010007.exe
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-24 20:44 - 2010-11-24 20:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2010-11-17 08:35 - 2010-11-17 08:35 - 00657904 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll
2015-06-09 03:51 - 2015-06-09 03:51 - 00109160 _____ () C:\Program Files (x86)\Games Bot\Modules\Base.dll
2015-06-09 03:51 - 2015-06-09 03:51 - 00041576 _____ () C:\Program Files (x86)\Games Bot\Modules\inws.dll
2015-06-09 03:52 - 2015-06-09 03:52 - 00058984 _____ () C:\Program Files (x86)\Games Bot\Modules\ups.dll
2015-06-09 03:51 - 2015-06-09 03:51 - 00039528 _____ () C:\Program Files (x86)\Games Bot\Modules\alzm.dll
2015-06-09 03:51 - 2015-06-09 03:51 - 00117352 _____ () C:\Program Files (x86)\Games Bot\Modules\brs.dll
2015-06-09 03:51 - 2015-06-09 03:51 - 00090728 _____ () C:\Program Files (x86)\Games Bot\Modules\cmd.dll
2015-06-09 03:51 - 2015-06-09 03:51 - 00096872 _____ () C:\Program Files (x86)\Games Bot\Modules\sipc.dll
2015-06-09 03:52 - 2015-06-09 03:52 - 00056424 _____ () C:\Program Files (x86)\Games Bot\Modules\wdm.dll
2015-04-22 01:24 - 2015-04-22 01:24 - 00904704 _____ () C:\Program Files (x86)\Games Bot\System.Data.SQLite.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-02-25 08:32 - 2015-02-25 08:32 - 01938944 _____ () C:\Program Files (x86)\Consumer Input\InternetExplorer\mozjs185-1.0.dll
2015-06-19 22:55 - 2015-06-19 22:55 - 00494592 _____ () C:\Program Files (x86)\version85IneedSpeed\192.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-02-28 02:55 - 2010-02-28 02:55 - 01040736 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2015-06-19 23:17 - 2015-05-12 04:01 - 01070592 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\libglesv2.dll
2015-06-19 23:17 - 2015-05-12 04:01 - 00204800 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\libegl.dll
2015-06-19 23:17 - 2015-05-12 04:01 - 09003008 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\pdf.dll
2015-06-19 23:17 - 2015-05-12 04:01 - 00896512 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\ffmpegsumo.dll
2015-06-19 23:17 - 2015-05-12 04:01 - 14913352 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\PepperFlash\pepflashplayer.dll
2015-06-19 23:25 - 2015-03-26 07:39 - 08569856 _____ () C:\Users\jklm\AppData\Local\Games Bot\Explore\pdf.dll
2015-06-19 23:25 - 2015-03-26 07:18 - 00324608 _____ () C:\Users\jklm\AppData\Local\Games Bot\Explore\ppGoogleNaClPluginChrome.dll
2015-06-19 23:25 - 2015-03-26 07:14 - 00880128 _____ () C:\Users\jklm\AppData\Local\Games Bot\Explore\ffmpegsumo.dll
2015-06-19 23:25 - 2014-09-22 21:07 - 14891848 _____ () C:\Users\jklm\AppData\Local\Games Bot\Explore\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\jklm\Desktop\noname.eml:OECustomProperty
AlternateDataStreams: C:\Users\jklm\Downloads\To celebrate Megan&amp#39s bd - Saturday, July 21. (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\jklm\Downloads\To celebrate Megan&amp#39s bd - Saturday, July 21..eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2695581885-3589152984-3162700467-1003\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-2695581885-3589152984-3162700467-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3D6665BA-6B92-4B5D-96B8-E73D12028725}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BDCB2D2D-3C83-4B28-B377-D13C2E24DE3D}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{4E1A4894-3B9C-4ED3-A619-BD7723C3EA96}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{6F93F56A-4AAF-4ACD-BA67-F1ACC5F85D36}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{724006E1-8132-4BD5-A139-5138884F35BB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{69633505-D3C4-4B22-A579-25AEA30DE954}] => (Allow) LPort=2869
FirewallRules: [{C9A37636-99B0-4644-81B9-90C54809BA33}] => (Allow) LPort=1900
FirewallRules: [{945BDBEA-6D9E-4499-9A19-B86CF577E8E0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{EECD2118-77E1-4A6A-BAE4-3670DA6DF16D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{0AEA4605-CA0A-4A51-91C7-AC9AD06D871D}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7144880D-7355-41CD-8B38-76CDD66F5B2E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{08EF1F3E-A08E-4D72-999B-AE5407828C18}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{294BAFED-ABD8-45A9-9460-89047DE938A7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{900882F3-C014-4D1F-9209-A2F3A394D25F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{31B03B45-1C1A-418F-9ED0-681766515CF6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E6C89EEC-8147-41A7-AAB3-935548655A9C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AC05024E-0163-4B18-83FC-EC9BF5A551C8}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{8538BABE-EBBF-4D4F-9FDC-83DC53BAF0B0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{2F360B42-CCFF-4321-9EA3-4EEA6AFBF1BD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{066295F1-CE54-4328-B093-A8082EB9E1B0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{692ED3B1-82C1-490E-B1FE-B49C2AB6DA55}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4C9D7B65-AB4B-4AA2-9A96-9639E2CC8984}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{17B0C0FD-9D3A-48E0-9461-133BAE3E0F36}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E23C03BD-ECE2-4B5C-8A11-EE1E9EDD0FD1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C1FB9D35-D7EB-4A2C-AC97-C93645F2E2B4}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2015 06:16:39 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (06/20/2015 05:30:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/20/2015 05:30:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/20/2015 04:30:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/20/2015 03:30:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/20/2015 02:30:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/20/2015 01:30:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/20/2015 00:30:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/19/2015 11:30:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/19/2015 11:30:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

System errors:
=============
Error: (06/02/2015 09:54:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR20.

Error: (06/02/2015 09:54:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR20.

Error: (06/02/2015 09:54:16 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR20.

Error: (05/13/2015 08:27:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.197.2253.0

 Update Source: %NT AUTHORITY59

 Update Stage: 3.0.8107.00

 Source Path: 3.0.8107.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (05/13/2015 08:27:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.197.2253.0

 Update Source: %NT AUTHORITY59

 Update Stage: 3.0.8107.00

 Source Path: 3.0.8107.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (04/27/2015 07:34:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.197.733.0).

Error: (04/27/2015 07:34:43 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.197.699.0).

Error: (04/27/2015 07:34:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.197.668.0

 Update Source: %NT AUTHORITY59

 Update Stage: 3.0.8107.00

 Source Path: 3.0.8107.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (04/21/2015 11:06:41 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (02/01/2015 00:57:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Microsoft Office:
=========================
Error: (06/20/2015 06:16:39 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\jklm\Downloads\esetsmartinstaller_enu (1).exe

Error: (06/20/2015 05:30:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/20/2015 05:30:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/20/2015 04:30:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/20/2015 03:30:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/20/2015 02:30:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/20/2015 01:30:27 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/20/2015 00:30:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/19/2015 11:30:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/19/2015 11:30:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 78%
Total physical RAM: 7991.12 MB
Available physical RAM: 1685.34 MB
Total Pagefile: 15980.34 MB
Available Pagefile: 7150.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1383.41 GB) (Free:1205.88 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:13.81 GB) (Free:5.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: CB59CF0B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1383.4 GB) - (Type=07 NTFS)

==================== End of log ============================

[md262]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by jklm (administrator) on JKLM-PC on 20-06-2015 06:19:00
Running from C:\Users\jklm\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser path: "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
(http://lucky-tab.com/) C:\Users\jklm\AppData\Local\Temp\7T02k5WOk0.tmp
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(FlashBeat) C:\ProgramData\FlashBeat\FlashBeat.exe
(Cinema_Plus-1.2V19.06) C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10.exe
() C:\Program Files (x86)\Smwyyntm1ndi1zdz\nwjkm2z2y3mwbdd.exe
() C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe
(Cinema_Plus-1.2V19.06) C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.exe
(Time Lapse Solutions) C:\ProgramData\WBRYXRSt\xfrcCqRE.exe
() C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131\bnsl9328.exe
() C:\Users\jklm\AppData\Local\4C4C4544-1434754844-5610-8048-B7C04F445131\snsrA659.tmp
() C:\ProgramData\Msouflui\1.0.1.0\uawiemem.exe
() C:\ProgramData\Msouflui\1.0.1.0\uawiemem.exe
() C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
(Infonaut) C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(SoftBrain Technologies Ltd.) C:\Users\jklm\AppData\Local\SmartWeb\SmartWebHelper.exe
(SoftBrain Technologies Ltd.) C:\Users\jklm\AppData\Local\SmartWeb\SmartWebApp.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
() C:\Program Files (x86)\Games Bot\GamesBot.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
() C:\Users\jklm\AppData\Local\gmsd_us_005010007\upgmsd_us_005010007.exe
() C:\Program Files (x86)\gmsd_us_005010007\gmsd_us_005010007.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Compete, Inc.) C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-host.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
(Cinema_Plus-1.2V19.06) C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
(The Chromium Authors) C:\Users\jklm\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\jklm\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\jklm\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\jklm\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\jklm\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\jklm\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\jklm\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\jklm\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\jklm\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\jklm\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\jklm\AppData\Local\Games Bot\Explore\Explore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [AccessSecureData] => C:\Users\jklm\AppData\Local\Temp\{8565EB50-E289-4892-A596-DA6331E51B86}\AccessSecureData.exe <===== ATTENTION
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-01-27] (Alcor Micro Corp.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-26] (cyberlink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [mwyyntm1ndi1zdz] => C:\Program Files (x86)\Smwyyntm1ndi1zdz\nwjkm2z2y3mwbdd.exe [2422784 2015-06-18] ()
HKLM-x32\...\Run: [WinCheck] => C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131\bnsl9328.exe [359936 2015-06-05] ()
HKLM-x32\...\Run: [SmartWeb] => C:\Users\jklm\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [gmsd_us_005010007] => C:\Program Files (x86)\gmsd_us_005010007\gmsd_us_005010007.exe [3984040 2015-06-19] ()
HKLM-x32\...\RunOnce: [upgmsd_us_005010007.exe] => C:\Users\jklm\AppData\Local\gmsd_us_005010007\upgmsd_us_005010007.exe [3319976 2015-06-19] ()
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Run: [ANT Agent] => C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14731776 2013-02-15] (GARMIN Corp.)
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Run: [GamesBot] => C:\Program Files (x86)\Games Bot\GamesBot.exe [311912 2015-04-22] ()
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Run: [GoogleChromeAutoLaunch_D1B0517A1A5838A6E831285B01BA7F9A] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_ActiveX.exe [927920 2015-06-10] (Adobe Systems Incorporated)
HKU\S-1-5-21-2695581885-3589152984-3162700467-1003\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-2695581885-3589152984-3162700467-1003\...\MountPoints2: {c7c4d253-80c7-11e2-94b1-782bcb8d9336} - I:\LaunchU3.exe -a
HKU\S-1-5-21-2695581885-3589152984-3162700467-1004\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [263952 2015-06-03] (Client Connect LTD)
AppInit_DLLs:  C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll [905728 2015-06-03] (FlashBeat)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-06-03] (Client Connect LTD)
AppInit_DLLs-x32:  C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll [630272 2015-06-03] (FlashBeat)
Startup: C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-06-19]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
Startup: C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-06-19]
ShortcutTarget: SmartWeb.lnk -> C:\Users\jklm\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...C&D=062015=
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2695581885-3589152984-3162700467-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKU\S-1-5-21-2695581885-3589152984-3162700467-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKU\S-1-5-21-2695581885-3589152984-3162700467-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKU\S-1-5-21-2695581885-3589152984-3162700467-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2695581885-3589152984-3162700467-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2695581885-3589152984-3162700467-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...archTerms}=
SearchScopes: HKU\S-1-5-21-2695581885-3589152984-3162700467-1001 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKU\S-1-5-21-2695581885-3589152984-3162700467-1003 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
SearchScopes: HKU\S-1-5-21-2695581885-3589152984-3162700467-1003 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: IneedSpeed -> {9480B134-F446-56C2-81C2-8E7E24D11E5F} -> C:\Program Files (x86)\version85IneedSpeed\192_x64.dll [2015-06-19] ()
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2015-02-25] (Compete, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-07] (Sun Microsystems, Inc.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-03-20] (DVDVideoSoft Ltd.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: IneedSpeed -> {9480B134-F446-56C2-81C2-8E7E24D11E5F} -> C:\Program Files (x86)\version85IneedSpeed\192.dll [2015-06-19] ()
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2015-02-25] (Compete, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-07] (Sun Microsystems, Inc.)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-03-27] (DVDVideoSoft Ltd.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2010-05-13] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-07] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-07] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-07] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-07] (Microsoft Corporation)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-07] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-09-09] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-07] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-03-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-06-19] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-06-19] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{78DADB4B-7468-4c1c-8612-00FBF356A9FF}] - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi
FF Extension: YouTube Downloader Extension - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi [2014-05-05]
FF HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-04-23]
FF HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Firefox\Extensions: [{C6476A68-B06E-82C0-8E2F-D79F1A73C235}] - C:\Program Files (x86)\version85IneedSpeed\192.xpi
FF Extension: IneedSpeed - C:\Program Files (x86)\version85IneedSpeed\192.xpi [2015-06-19]
FF HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12099.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12099.xpi [2015-01-21]

Chrome:
=======
CHR Profile: C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-19]
CHR Extension: (Google Docs) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-19]
CHR Extension: (Google Drive) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-19]
CHR Extension: (YouTube) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-19]
CHR Extension: (Google Search) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-19]
CHR Extension: (YouTube Downloader Extension) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebjipgnedcljapmafeafekmlebefcafp [2014-05-27]
CHR Extension: (Google Sheets) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-21]
CHR Extension: (IneedSpeed) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdhhjbhbfhkmmcjojicgkoplildbkbk [2015-06-19]
CHR Extension: (Google Wallet) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-22]
CHR Extension: (Cinema_Plus-1.2V19.06) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-06-19]
CHR Extension: (Gmail) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-19]
CHR HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-23]
CHR HKLM-x32\...\Chrome\Extension: [ebjipgnedcljapmafeafekmlebefcafp] - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_GC.crx [2014-05-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3285776 2015-06-03] (Client Connect LTD)
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-06-19] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-06-19] (ConsumerInput)
R2 GamesBotService; C:\Program Files (x86)\Games Bot\GamesBotSvc.exe [53352 2015-06-09] (Games Bot Inc.)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-06-19] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-06-19] (globalUpdate) [File not signed] <==== ATTENTION
R2 insvc_1.10.0.14; C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe [278600 2015-04-10] (Infonaut)
R2 kysykiti; C:\Users\jklm\AppData\Local\4C4C4544-1434754844-5610-8048-B7C04F445131\snsrA659.tmp [147456 2015-06-19] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)
R2 Orbiter; C:\Program Files (x86)\ORBTR\orbiter.dll [558544 2015-06-19] (Client Connect LTD)
R2 UniversalUpdater; C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe [710144 2015-06-18] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 xfrcCqRE; C:\ProgramData\WBRYXRSt\xfrcCqRE.exe [2730984 2015-06-19] (Time Lapse Solutions)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 innfd_1_10_0_14; C:\Windows\System32\drivers\innfd_1_10_0_14.sys [58224 2015-04-10] (Infonaut)
R3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [32256 2009-07-07] (http://libusb-win32.sourceforge.net)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
R1 nwjkm2z2y3mwbdd; C:\Windows\System32\drivers\nwjkm2z2y3mwbdd.sys [50520 2015-06-18] (Windows ® Win 7 DDK provider)
S0 SpfdBus; C:\Windows\System32\DRIVERS\SpfdBus.sys [11296 2013-02-21] (Safend Ltd.)
R2 webTinstMKTN84; C:\Windows\system32\Drivers\webTinstMKTN84.sys [50216 2015-06-19] ()
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
S0 Spfd; system32\DRIVERS\Spfd.sys [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-20 06:19 - 2015-06-20 06:20 - 00032124 _____ C:\Users\jklm\Desktop\FRST.txt
2015-06-20 06:17 - 2015-06-20 06:19 - 00000000 ____D C:\FRST
2015-06-20 06:17 - 2015-06-20 06:17 - 02109952 _____ (Farbar) C:\Users\jklm\Desktop\FRST64.exe
2015-06-20 00:35 - 2015-06-20 00:35 - 05628633 _____ (Swearware) C:\Users\jklm\Desktop\ComboFix.exe
2015-06-20 00:12 - 2015-06-20 00:12 - 00002020 _____ C:\Users\jklm\Desktop\Malware Help Needed. - Geeks to Go Forum.url
2015-06-19 23:53 - 2015-06-19 23:53 - 00133110 _____ C:\Users\jklm\Desktop\OTL.Txt
2015-06-19 23:37 - 2015-06-19 23:37 - 00602112 _____ (OldTimer Tools) C:\Users\jklm\Desktop\OTL.exe
2015-06-19 23:27 - 2015-06-19 23:47 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-06-19 23:27 - 2015-06-19 23:27 - 00002826 _____ C:\Windows\System32\Tasks\APSnotifierPP1
2015-06-19 23:27 - 2015-06-19 23:27 - 00002824 _____ C:\Windows\System32\Tasks\APSnotifierPP3
2015-06-19 23:27 - 2015-06-19 23:27 - 00002824 _____ C:\Windows\System32\Tasks\APSnotifierPP2
2015-06-19 23:27 - 2015-06-19 23:27 - 00001011 _____ C:\Users\jklm\Desktop\AnyProtect.lnk
2015-06-19 23:27 - 2015-06-19 23:27 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-06-19 23:27 - 2015-06-19 23:27 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-06-19 23:27 - 2015-06-19 23:27 - 00000000 ____D C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-06-19 23:21 - 2015-06-19 23:27 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
2015-06-19 23:21 - 2015-06-19 23:21 - 00613255 _____ (CMI Limited) C:\Users\jklm\AppData\Local\nsjBCD4.tmp
2015-06-19 23:21 - 2015-06-19 23:21 - 00000000 __SHD C:\Users\jklm\AppData\Roaming\AnyProtectEx
2015-06-19 23:20 - 2015-06-19 23:20 - 00000000 ____D C:\Users\jklm\AppData\Roaming\Compete
2015-06-19 23:17 - 2015-06-20 05:25 - 00000000 ____D C:\Users\jklm\AppData\Local\gmsd_us_005010007
2015-06-19 23:17 - 2015-06-20 05:17 - 00001054 _____ C:\Windows\Tasks\Crossbrowse.job
2015-06-19 23:17 - 2015-06-19 23:17 - 00004076 _____ C:\Windows\System32\Tasks\Crossbrowse
2015-06-19 23:17 - 2015-06-19 23:17 - 00002360 _____ C:\Users\Public\Desktop\Crossbrowse.lnk
2015-06-19 23:17 - 2015-06-19 23:17 - 00002215 _____ C:\Users\Public\Desktop\Search.lnk
2015-06-19 23:17 - 2015-06-19 23:17 - 00000000 ____D C:\Users\Leslie\AppData\Local\Crossbrowse
2015-06-19 23:17 - 2015-06-19 23:17 - 00000000 ____D C:\Users\jklm\AppData\Local\Crossbrowse
2015-06-19 23:17 - 2015-06-19 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-06-19 23:17 - 2015-06-19 23:17 - 00000000 ____D C:\Program Files (x86)\gmsd_us_005010007
2015-06-19 23:17 - 2015-06-19 23:17 - 00000000 ____D C:\Program Files (x86)\Crossbrowse
2015-06-19 23:14 - 2015-06-19 23:25 - 00000000 ____D C:\Users\jklm\AppData\Local\Games Bot
2015-06-19 23:14 - 2015-06-19 23:14 - 00003456 _____ C:\Windows\System32\Tasks\avabvbavad
2015-06-19 23:14 - 2015-06-19 23:14 - 00000000 ____D C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot
2015-06-19 23:14 - 2015-06-19 23:14 - 00000000 ____D C:\Users\jklm\AppData\Local\avabvbavad
2015-06-19 23:14 - 2015-06-19 23:14 - 00000000 ____D C:\Program Files (x86)\Games Bot
2015-06-19 23:13 - 2015-06-19 23:14 - 00000000 ____D C:\Users\jklm\AppData\Local\SearchProtect
2015-06-19 23:13 - 2015-06-19 23:14 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-06-19 23:12 - 2015-06-19 23:12 - 00004028 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-06-19 23:12 - 2015-06-19 23:12 - 00000000 ____D C:\Users\jklm\AppData\Local\SmartWeb
2015-06-19 23:11 - 2015-06-19 23:11 - 00000000 ____D C:\Program Files (x86)\ORBTR
2015-06-19 23:10 - 2015-06-19 23:10 - 00000000 ____D C:\Program Files (x86)\Infonaut_1.10.0.14
2015-06-19 23:02 - 2015-06-20 06:20 - 00000358 _____ C:\Windows\Tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001.job
2015-06-19 23:02 - 2015-06-19 23:02 - 00003394 _____ C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001
2015-06-19 23:02 - 2015-06-19 23:02 - 00003270 _____ C:\Windows\System32\Tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001
2015-06-19 23:02 - 2015-06-19 23:02 - 00000392 _____ C:\Windows\Tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001.job
2015-06-19 23:02 - 2015-06-19 23:02 - 00000000 ____D C:\Program Files (x86)\Setup Support for Consumer Input
2015-06-19 23:01 - 2015-06-20 03:01 - 00003434 _____ C:\Windows\System32\Tasks\Msouflui
2015-06-19 23:01 - 2015-06-19 23:01 - 00000000 ____D C:\ProgramData\Msouflui
2015-06-19 23:00 - 2015-06-19 23:06 - 00000000 ____D C:\Users\jklm\AppData\Local\4C4C4544-1434754844-5610-8048-B7C04F445131
2015-06-19 22:59 - 2015-06-20 06:04 - 00000966 _____ C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job
2015-06-19 22:59 - 2015-06-19 22:59 - 00003962 _____ C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2015-06-19 22:58 - 2015-06-19 23:03 - 00000962 _____ C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job
2015-06-19 22:58 - 2015-06-19 23:02 - 00000000 ____D C:\Program Files (x86)\Consumer Input
2015-06-19 22:58 - 2015-06-19 22:58 - 00003710 _____ C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2015-06-19 22:58 - 2015-06-19 22:58 - 00000000 ____D C:\Users\jklm\AppData\Local\Zeoinsight
2015-06-19 22:58 - 2015-06-19 22:58 - 00000000 ____D C:\Users\jklm\AppData\Local\ZBAnalyticsCore
2015-06-19 22:58 - 2015-06-19 22:58 - 00000000 ____D C:\Users\jklm\AppData\Local\Kromtech
2015-06-19 22:58 - 2015-06-19 22:58 - 00000000 ____D C:\Users\jklm\AppData\Local\Consumer Input
2015-06-19 22:58 - 2015-06-19 22:58 - 00000000 ____D C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131
2015-06-19 22:57 - 2015-06-20 01:45 - 00000000 ____D C:\Users\jklm\AppData\Local\ZombieNews
2015-06-19 22:57 - 2015-06-19 23:20 - 00000000 ____D C:\Users\jklm\AppData\Roaming\4C4C4544-1434779849-5610-8048-B7C04F445131
2015-06-19 22:57 - 2015-06-19 22:57 - 00000000 ____D C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-06-19 22:57 - 2015-06-19 22:57 - 00000000 ____D C:\Users\jklm\AppData\Roaming\ASPackage
2015-06-19 22:56 - 2015-06-19 22:56 - 00003076 _____ C:\Windows\System32\Tasks\IneedSpeed Update
2015-06-19 22:56 - 2015-06-19 22:56 - 00001822 _____ C:\Windows\patsearch.bin
2015-06-19 22:56 - 2015-06-19 22:56 - 00000430 _____ C:\Windows\Tasks\IneedSpeed Update.job
2015-06-19 22:56 - 2015-06-19 22:56 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-06-19 22:56 - 2015-06-19 22:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2015-06-19 22:56 - 2015-06-19 22:56 - 00000000 ____D C:\ProgramData\ZombieNews
2015-06-19 22:56 - 2015-06-19 22:56 - 00000000 ____D C:\ProgramData\WBRYXRSt
2015-06-19 22:56 - 2015-06-19 22:56 - 00000000 ____D C:\Program Files (x86)\version85IneedSpeed
2015-06-19 22:56 - 2015-06-19 22:55 - 00050216 _____ C:\Windows\system32\Drivers\webTinstMKTN84.sys
2015-06-19 22:55 - 2015-06-20 04:55 - 00002444 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5_user.job
2015-06-19 22:55 - 2015-06-20 04:55 - 00002444 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.job
2015-06-19 22:55 - 2015-06-19 22:55 - 00005474 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5
2015-06-19 22:55 - 2015-06-19 22:55 - 00004032 _____ C:\Windows\System32\Tasks\g5EHHvd7KBE2FYc8jv1Ik
2015-06-19 22:55 - 2015-06-19 22:55 - 00001010 _____ C:\Windows\Tasks\g5EHHvd7KBE2FYc8jv1Ik.job
2015-06-19 22:54 - 2015-06-20 05:54 - 00005516 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.job
2015-06-19 22:54 - 2015-06-20 05:54 - 00003136 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.job
2015-06-19 22:54 - 2015-06-20 04:59 - 00000996 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-06-19 22:54 - 2015-06-20 04:54 - 00005180 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7.job
2015-06-19 22:54 - 2015-06-20 04:54 - 00003136 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7.job
2015-06-19 22:54 - 2015-06-19 22:59 - 00000992 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-06-19 22:54 - 2015-06-19 22:54 - 00008544 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6
2015-06-19 22:54 - 2015-06-19 22:54 - 00008210 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7
2015-06-19 22:54 - 2015-06-19 22:54 - 00006166 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7
2015-06-19 22:54 - 2015-06-19 22:54 - 00006164 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6
2015-06-19 22:54 - 2015-06-19 22:54 - 00003994 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-06-19 22:54 - 2015-06-19 22:54 - 00003740 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-06-19 22:54 - 2015-06-19 22:54 - 00000000 ____D C:\Program Files (x86)\Umtayyznhndq1ntz
2015-06-19 22:54 - 2015-06-19 22:54 - 00000000 ____D C:\Program Files (x86)\Smwyyntm1ndi1zdz
2015-06-19 22:54 - 2015-06-19 22:54 - 00000000 ____D C:\Program Files (x86)\Hades
2015-06-19 22:54 - 2015-06-19 22:54 - 00000000 ____D C:\Program Files (x86)\22c5dbb2-38e8-401e-a36d-e396d9be6748
2015-06-19 22:53 - 2015-06-20 05:53 - 00002110 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10_user.job
2015-06-19 22:53 - 2015-06-20 05:53 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-19 22:53 - 2015-06-20 04:54 - 00004156 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3.job
2015-06-19 22:53 - 2015-06-19 22:55 - 00000000 ____D C:\Program Files (x86)\Cinema_Plus-1.2V19.06
2015-06-19 22:53 - 2015-06-19 22:54 - 00007186 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3
2015-06-19 22:53 - 2015-06-19 22:53 - 00000000 ____D C:\Users\jklm\AppData\Local\globalUpdate
2015-06-19 22:53 - 2015-06-19 22:53 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-06-19 22:52 - 2015-06-19 23:11 - 00000000 ____D C:\ProgramData\FlashBeat
2015-06-19 22:52 - 2015-06-19 22:57 - 00000000 ____D C:\ProgramData\Kromtech
2015-06-19 22:52 - 2015-06-19 22:53 - 00000328 _____ C:\Windows\Tasks\MTCYOKLOLS1.job
2015-06-19 22:52 - 2015-06-19 22:52 - 00003552 _____ C:\Windows\System32\Tasks\ZYICP
2015-06-19 22:52 - 2015-06-19 22:52 - 00002850 _____ C:\Windows\System32\Tasks\MTCYOKLOLS1
2015-06-19 22:52 - 2015-06-19 22:52 - 00000000 ____D C:\ProgramData\5aae4531dc23473f8da7a5bac9f3a51f
2015-06-19 22:52 - 2015-06-19 22:52 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-06-19 22:51 - 2015-06-19 22:51 - 00003396 _____ C:\Windows\System32\Tasks\LuckyTab
2015-06-19 22:51 - 2015-06-19 22:51 - 00000000 ____D C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
2015-06-19 22:51 - 2015-06-19 22:51 - 00000000 ____D C:\Program Files (x86)\LuckyTab
2015-06-19 22:36 - 2015-06-19 22:52 - 00000000 ____D C:\Users\jklm\Desktop\Atlas Genius - When It Was Now
2015-06-18 21:08 - 2015-06-18 21:08 - 00050520 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\nwjkm2z2y3mwbdd.sys
2015-06-17 22:39 - 2015-06-19 22:53 - 00000000 ____D C:\Users\jklm\Desktop\Imagine Dragons - Smoke + Mirrors
2015-06-17 22:35 - 2015-06-17 22:35 - 00000000 ____D C:\Users\jklm\Desktop\Sutter 2015 Slideshow
2015-06-03 22:40 - 2015-06-03 22:40 - 00165670 _____ C:\Users\jklm\Desktop\104-4171455-9217552.txt
2015-05-29 08:02 - 2015-06-08 22:04 - 00000000 ____D C:\Users\jklm\Desktop\md new mp3

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-20 05:56 - 2013-03-09 16:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-20 05:39 - 2013-05-19 18:46 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-20 05:39 - 2013-05-19 18:46 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-20 05:28 - 2011-06-12 19:58 - 00000000 ____D C:\Users\jklm\Documents\Outlook Files
2015-06-20 00:56 - 2012-09-02 15:03 - 00000000 ___RD C:\Users\jklm\Desktop\mdf
2015-06-19 23:17 - 2013-05-19 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-19 23:11 - 2013-07-27 11:19 - 00000000 ____D C:\Users\jklm\AppData\Roaming\MediaMonkey
2015-06-19 22:56 - 2009-07-13 22:10 - 01415729 ____N C:\Windows\WindowsUpdate.log
2015-06-19 22:56 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-06-19 22:56 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-06-19 22:54 - 2013-05-19 19:08 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-06-19 22:37 - 2015-01-11 20:02 - 00000000 ____D C:\Users\jklm\Desktop\Imagine Dragons - Night Visions
2015-06-19 22:32 - 2014-12-03 19:56 - 00000000 ____D C:\Users\jklm\Desktop\Atlas Genius
2015-06-19 18:21 - 2011-06-11 19:25 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-06-19 18:20 - 2011-06-12 14:00 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2015-06-19 18:20 - 2011-06-11 19:25 - 00003440 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-06-12 20:44 - 2011-10-26 20:51 - 00000000 ____D C:\Users\jklm\Documents\(Jenna)
2015-06-10 04:57 - 2013-03-09 16:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 04:57 - 2013-03-09 16:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 04:57 - 2013-03-09 16:35 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-08 11:00 - 2011-06-11 19:25 - 00004258 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-06-08 11:00 - 2011-06-11 19:25 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-06-02 21:55 - 2009-07-13 22:13 - 00729688 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-01 22:38 - 2011-06-11 21:00 - 00000000 ____D C:\Users\jklm\AppData\Local\Microsoft Help
2015-05-26 22:32 - 2012-02-05 20:22 - 00000000 ____D C:\Users\jklm\Documents\(Kayla)
2015-05-25 20:59 - 2011-04-07 12:35 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

==================== Files in the root of some directories =======

2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\jklm\AppData\Roaming\g5EHHvd7KBE2FYc8jv1Ik
2015-04-20 07:05 - 2015-04-20 07:05 - 1579520 _____ () C:\Users\jklm\AppData\Roaming\g5EHHvd7KBE2FYc8jv1Ik.exe
2013-11-17 19:03 - 2013-11-17 19:03 - 0004096 ____H () C:\Users\jklm\AppData\Local\keyfile3.drm
2015-06-19 23:21 - 2015-06-19 23:21 - 0613255 _____ (CMI Limited) C:\Users\jklm\AppData\Local\nsjBCD4.tmp
2014-03-29 20:31 - 2015-03-01 17:02 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\jklm\AppData\Local\Temp\4870.exe
C:\Users\jklm\AppData\Local\Temp\4I15KdoAIi.exe
C:\Users\jklm\AppData\Local\Temp\7yIoS2J9Bx.exe
C:\Users\jklm\AppData\Local\Temp\AyYFd1cpXC.exe
C:\Users\jklm\AppData\Local\Temp\B3D2E861-E160-CC61-CA09-C7082D88801A.dll
C:\Users\jklm\AppData\Local\Temp\B3D2E861-E160-CC61-CA09-C7082D88801A.exe
C:\Users\jklm\AppData\Local\Temp\bitool.dll
C:\Users\jklm\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\jklm\AppData\Local\Temp\F6473294-3161-4B13-21B7-B974A916DD71.exe
C:\Users\jklm\AppData\Local\Temp\fsd2F73.exe
C:\Users\jklm\AppData\Local\Temp\fsdAAF8.exe
C:\Users\jklm\AppData\Local\Temp\fsdC674.exe
C:\Users\jklm\AppData\Local\Temp\fsdCEEC.exe
C:\Users\jklm\AppData\Local\Temp\GhRlI3YG78.exe
C:\Users\jklm\AppData\Local\Temp\KV1dNNbUvY.exe
C:\Users\jklm\AppData\Local\Temp\mVOF428.exe
C:\Users\jklm\AppData\Local\Temp\PaTieUaub6.exe
C:\Users\jklm\AppData\Local\Temp\setup_608.exe
C:\Users\jklm\AppData\Local\Temp\Uninstall.exe
C:\Users\jklm\AppData\Local\Temp\uobnyv04ydl6.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-11 00:08

==================== End of log ============================

[Essexboy]

Hi having looked at the logs I feel it is time that you installed a proper antivirus programme

Be aware that this fix may take several minutes to run as there is a lot to remove

If you have problems copying the FRST fix then download the attached pre-prepared one
 fixlist.txt   28.2KB   222 downloads

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\Run: [AccessSecureData] => C:\Users\jklm\AppData\Local\Temp\{8565EB50-E289-4892-A596-DA6331E51B86}\AccessSecureData.exe <===== ATTENTION
HKLM-x32\...\Run: [mwyyntm1ndi1zdz] => C:\Program Files (x86)\Smwyyntm1ndi1zdz\nwjkm2z2y3mwbdd.exe [2422784 2015-06-18] ()
HKLM-x32\...\Run: [WinCheck] => C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131\bnsl9328.exe [359936 2015-06-05] ()
HKLM-x32\...\Run: [SmartWeb] => C:\Users\jklm\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [gmsd_us_005010007] => C:\Program Files (x86)\gmsd_us_005010007\gmsd_us_005010007.exe [3984040 2015-06-19] ()
HKLM-x32\...\RunOnce: [upgmsd_us_005010007.exe] => C:\Users\jklm\AppData\Local\gmsd_us_005010007\upgmsd_us_005010007.exe [3319976 2015-06-19] ()
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Run: [GamesBot] => C:\Program Files (x86)\Games Bot\GamesBot.exe [311912 2015-04-22] ()
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Run: [GoogleChromeAutoLaunch_D1B0517A1A5838A6E831285B01BA7F9A] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
HKU\S-1-5-21-2695581885-3589152984-3162700467-1003\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-2695581885-3589152984-3162700467-1003\...\MountPoints2: {c7c4d253-80c7-11e2-94b1-782bcb8d9336} - I:\LaunchU3.exe -a
HKU\S-1-5-21-2695581885-3589152984-3162700467-1004\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [263952 2015-06-03] (Client Connect LTD)
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll [905728 2015-06-03] (FlashBeat)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-06-03] (Client Connect LTD)
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll [630272 2015-06-03] (FlashBeat)
Startup: C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-06-19]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
Startup: C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-06-19]
ShortcutTarget: SmartWeb.lnk -> C:\Users\jklm\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...C&D=062015=
SearchScopes: HKU\S-1-5-21-2695581885-3589152984-3162700467-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2695581885-3589152984-3162700467-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...archTerms}=
BHO: IneedSpeed -> {9480B134-F446-56C2-81C2-8E7E24D11E5F} -> C:\Program Files (x86)\version85IneedSpeed\192_x64.dll [2015-06-19] ()
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2015-02-25] (Compete, Inc.)
BHO-x32: IneedSpeed -> {9480B134-F446-56C2-81C2-8E7E24D11E5F} -> C:\Program Files (x86)\version85IneedSpeed\192.dll [2015-06-19] ()
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2015-02-25] (Compete, Inc.)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-06-19] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-06-19] (globalUpdate)
FF HKLM-x32\...\Firefox\Extensions: [{78DADB4B-7468-4c1c-8612-00FBF356A9FF}] - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi
FF Extension: YouTube Downloader Extension - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi [2014-05-05]
FF HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Firefox\Extensions: [{C6476A68-B06E-82C0-8E2F-D79F1A73C235}] - C:\Program Files (x86)\version85IneedSpeed\192.xpi
FF Extension: IneedSpeed - C:\Program Files (x86)\version85IneedSpeed\192.xpi [2015-06-19]
FF HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12099.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12099.xpi [2015-01-21]
CHR Extension: (IneedSpeed) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdhhjbhbfhkmmcjojicgkoplildbkbk [2015-06-19]
CHR HKLM-x32\...\Chrome\Extension: [ebjipgnedcljapmafeafekmlebefcafp] - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_GC.crx [2014-05-05]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3285776 2015-06-03] (Client Connect LTD)
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-06-19] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-06-19] (ConsumerInput)
R2 GamesBotService; C:\Program Files (x86)\Games Bot\GamesBotSvc.exe [53352 2015-06-09] (Games Bot Inc.)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-06-19] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-06-19] (globalUpdate) [File not signed] <==== ATTENTION
R2 insvc_1.10.0.14; C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe [278600 2015-04-10] (Infonaut)
R2 kysykiti; C:\Users\jklm\AppData\Local\4C4C4544-1434754844-5610-8048-B7C04F445131\snsrA659.tmp [147456 2015-06-19] () [File not signed]
R2 Orbiter; C:\Program Files (x86)\ORBTR\orbiter.dll [558544 2015-06-19] (Client Connect LTD)
R2 UniversalUpdater; C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe [710144 2015-06-18] () [File not signed]
R2 xfrcCqRE; C:\ProgramData\WBRYXRSt\xfrcCqRE.exe [2730984 2015-06-19] (Time Lapse Solutions)
R1 innfd_1_10_0_14; C:\Windows\System32\drivers\innfd_1_10_0_14.sys [58224 2015-04-10] (Infonaut)
R1 nwjkm2z2y3mwbdd; C:\Windows\System32\drivers\nwjkm2z2y3mwbdd.sys [50520 2015-06-18] (Windows ® Win 7 DDK provider)
S0 SpfdBus; C:\Windows\System32\DRIVERS\SpfdBus.sys [11296 2013-02-21] (Safend Ltd.)
R2 webTinstMKTN84; C:\Windows\system32\Drivers\webTinstMKTN84.sys [50216 2015-06-19] ()
2015-06-19 23:27 - 2015-06-19 23:47 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-06-19 23:27 - 2015-06-19 23:27 - 00002826 _____ C:\Windows\System32\Tasks\APSnotifierPP1
2015-06-19 23:27 - 2015-06-19 23:27 - 00002824 _____ C:\Windows\System32\Tasks\APSnotifierPP3
2015-06-19 23:27 - 2015-06-19 23:27 - 00002824 _____ C:\Windows\System32\Tasks\APSnotifierPP2
2015-06-19 23:27 - 2015-06-19 23:27 - 00001011 _____ C:\Users\jklm\Desktop\AnyProtect.lnk
2015-06-19 23:27 - 2015-06-19 23:27 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-06-19 23:27 - 2015-06-19 23:27 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-06-19 23:27 - 2015-06-19 23:27 - 00000000 ____D C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-06-19 23:21 - 2015-06-19 23:27 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
2015-06-19 23:21 - 2015-06-19 23:21 - 00613255 _____ (CMI Limited) C:\Users\jklm\AppData\Local\nsjBCD4.tmp
2015-06-19 23:21 - 2015-06-19 23:21 - 00000000 __SHD C:\Users\jklm\AppData\Roaming\AnyProtectEx
2015-06-19 23:20 - 2015-06-19 23:20 - 00000000 ____D C:\Users\jklm\AppData\Roaming\Compete
2015-06-19 23:17 - 2015-06-20 05:25 - 00000000 ____D C:\Users\jklm\AppData\Local\gmsd_us_005010007
2015-06-19 23:17 - 2015-06-20 05:17 - 00001054 _____ C:\Windows\Tasks\Crossbrowse.job
2015-06-19 23:17 - 2015-06-19 23:17 - 00004076 _____ C:\Windows\System32\Tasks\Crossbrowse
2015-06-19 23:17 - 2015-06-19 23:17 - 00002360 _____ C:\Users\Public\Desktop\Crossbrowse.lnk
2015-06-19 23:17 - 2015-06-19 23:17 - 00002215 _____ C:\Users\Public\Desktop\Search.lnk
2015-06-19 23:17 - 2015-06-19 23:17 - 00000000 ____D C:\Users\Leslie\AppData\Local\Crossbrowse
2015-06-19 23:17 - 2015-06-19 23:17 - 00000000 ____D C:\Users\jklm\AppData\Local\Crossbrowse
2015-06-19 23:17 - 2015-06-19 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-06-19 23:17 - 2015-06-19 23:17 - 00000000 ____D C:\Program Files (x86)\gmsd_us_005010007
2015-06-19 23:17 - 2015-06-19 23:17 - 00000000 ____D C:\Program Files (x86)\Crossbrowse
2015-06-19 23:14 - 2015-06-19 23:25 - 00000000 ____D C:\Users\jklm\AppData\Local\Games Bot
2015-06-19 23:14 - 2015-06-19 23:14 - 00003456 _____ C:\Windows\System32\Tasks\avabvbavad
2015-06-19 23:14 - 2015-06-19 23:14 - 00000000 ____D C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot
2015-06-19 23:14 - 2015-06-19 23:14 - 00000000 ____D C:\Users\jklm\AppData\Local\avabvbavad
2015-06-19 23:14 - 2015-06-19 23:14 - 00000000 ____D C:\Program Files (x86)\Games Bot
2015-06-19 23:13 - 2015-06-19 23:14 - 00000000 ____D C:\Users\jklm\AppData\Local\SearchProtect
2015-06-19 23:13 - 2015-06-19 23:14 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-06-19 23:12 - 2015-06-19 23:12 - 00004028 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-06-19 23:12 - 2015-06-19 23:12 - 00000000 ____D C:\Users\jklm\AppData\Local\SmartWeb
2015-06-19 23:11 - 2015-06-19 23:11 - 00000000 ____D C:\Program Files (x86)\ORBTR
2015-06-19 23:10 - 2015-06-19 23:10 - 00000000 ____D C:\Program Files (x86)\Infonaut_1.10.0.14
2015-06-19 23:02 - 2015-06-20 06:20 - 00000358 _____ C:\Windows\Tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001.job
2015-06-19 23:02 - 2015-06-19 23:02 - 00003394 _____ C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001
2015-06-19 23:02 - 2015-06-19 23:02 - 00003270 _____ C:\Windows\System32\Tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001
2015-06-19 23:02 - 2015-06-19 23:02 - 00000392 _____ C:\Windows\Tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001.job
2015-06-19 23:02 - 2015-06-19 23:02 - 00000000 ____D C:\Program Files (x86)\Setup Support for Consumer Input
2015-06-19 23:01 - 2015-06-20 03:01 - 00003434 _____ C:\Windows\System32\Tasks\Msouflui
2015-06-19 23:01 - 2015-06-19 23:01 - 00000000 ____D C:\ProgramData\Msouflui
2015-06-19 23:00 - 2015-06-19 23:06 - 00000000 ____D C:\Users\jklm\AppData\Local\4C4C4544-1434754844-5610-8048-B7C04F445131
2015-06-19 22:59 - 2015-06-20 06:04 - 00000966 _____ C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job
2015-06-19 22:59 - 2015-06-19 22:59 - 00003962 _____ C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2015-06-19 22:58 - 2015-06-19 23:03 - 00000962 _____ C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job
2015-06-19 22:58 - 2015-06-19 23:02 - 00000000 ____D C:\Program Files (x86)\Consumer Input
2015-06-19 22:58 - 2015-06-19 22:58 - 00003710 _____ C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2015-06-19 22:58 - 2015-06-19 22:58 - 00000000 ____D C:\Users\jklm\AppData\Local\Zeoinsight
2015-06-19 22:58 - 2015-06-19 22:58 - 00000000 ____D C:\Users\jklm\AppData\Local\ZBAnalyticsCore
2015-06-19 22:58 - 2015-06-19 22:58 - 00000000 ____D C:\Users\jklm\AppData\Local\Kromtech
2015-06-19 22:58 - 2015-06-19 22:58 - 00000000 ____D C:\Users\jklm\AppData\Local\Consumer Input
2015-06-19 22:58 - 2015-06-19 22:58 - 00000000 ____D C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131
2015-06-19 22:57 - 2015-06-20 01:45 - 00000000 ____D C:\Users\jklm\AppData\Local\ZombieNews
2015-06-19 22:57 - 2015-06-19 23:20 - 00000000 ____D C:\Users\jklm\AppData\Roaming\4C4C4544-1434779849-5610-8048-B7C04F445131
2015-06-19 22:57 - 2015-06-19 22:57 - 00000000 ____D C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-06-19 22:57 - 2015-06-19 22:57 - 00000000 ____D C:\Users\jklm\AppData\Roaming\ASPackage
2015-06-19 22:56 - 2015-06-19 22:56 - 00003076 _____ C:\Windows\System32\Tasks\IneedSpeed Update
2015-06-19 22:56 - 2015-06-19 22:56 - 00001822 _____ C:\Windows\patsearch.bin
2015-06-19 22:56 - 2015-06-19 22:56 - 00000430 _____ C:\Windows\Tasks\IneedSpeed Update.job
2015-06-19 22:56 - 2015-06-19 22:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2015-06-19 22:56 - 2015-06-19 22:56 - 00000000 ____D C:\ProgramData\ZombieNews
2015-06-19 22:56 - 2015-06-19 22:56 - 00000000 ____D C:\ProgramData\WBRYXRSt
2015-06-19 22:56 - 2015-06-19 22:56 - 00000000 ____D C:\Program Files (x86)\version85IneedSpeed
2015-06-19 22:56 - 2015-06-19 22:55 - 00050216 _____ C:\Windows\system32\Drivers\webTinstMKTN84.sys
2015-06-19 22:55 - 2015-06-20 04:55 - 00002444 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5_user.job
2015-06-19 22:55 - 2015-06-20 04:55 - 00002444 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.job
2015-06-19 22:55 - 2015-06-19 22:55 - 00005474 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5
2015-06-19 22:55 - 2015-06-19 22:55 - 00004032 _____ C:\Windows\System32\Tasks\g5EHHvd7KBE2FYc8jv1Ik
2015-06-19 22:55 - 2015-06-19 22:55 - 00001010 _____ C:\Windows\Tasks\g5EHHvd7KBE2FYc8jv1Ik.job
2015-06-19 22:54 - 2015-06-20 05:54 - 00005516 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.job
2015-06-19 22:54 - 2015-06-20 05:54 - 00003136 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.job
2015-06-19 22:54 - 2015-06-20 04:59 - 00000996 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-06-19 22:54 - 2015-06-20 04:54 - 00005180 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7.job
2015-06-19 22:54 - 2015-06-20 04:54 - 00003136 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7.job
2015-06-19 22:54 - 2015-06-19 22:59 - 00000992 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-06-19 22:54 - 2015-06-19 22:54 - 00008544 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6
2015-06-19 22:54 - 2015-06-19 22:54 - 00008210 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7
2015-06-19 22:54 - 2015-06-19 22:54 - 00006166 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7
2015-06-19 22:54 - 2015-06-19 22:54 - 00006164 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6
2015-06-19 22:54 - 2015-06-19 22:54 - 00003994 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-06-19 22:54 - 2015-06-19 22:54 - 00003740 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-06-19 22:54 - 2015-06-19 22:54 - 00000000 ____D C:\Program Files (x86)\Umtayyznhndq1ntz
2015-06-19 22:54 - 2015-06-19 22:54 - 00000000 ____D C:\Program Files (x86)\Smwyyntm1ndi1zdz
2015-06-19 22:54 - 2015-06-19 22:54 - 00000000 ____D C:\Program Files (x86)\Hades
2015-06-19 22:54 - 2015-06-19 22:54 - 00000000 ____D C:\Program Files (x86)\22c5dbb2-38e8-401e-a36d-e396d9be6748
2015-06-19 22:53 - 2015-06-20 05:53 - 00002110 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10_user.job
2015-06-19 22:53 - 2015-06-20 05:53 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-19 22:53 - 2015-06-20 04:54 - 00004156 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3.job
2015-06-19 22:53 - 2015-06-19 22:55 - 00000000 ____D C:\Program Files (x86)\Cinema_Plus-1.2V19.06
2015-06-19 22:53 - 2015-06-19 22:54 - 00007186 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3
2015-06-19 22:53 - 2015-06-19 22:53 - 00000000 ____D C:\Users\jklm\AppData\Local\globalUpdate
2015-06-19 22:53 - 2015-06-19 22:53 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-06-19 22:52 - 2015-06-19 23:11 - 00000000 ____D C:\ProgramData\FlashBeat
2015-06-19 22:52 - 2015-06-19 22:57 - 00000000 ____D C:\ProgramData\Kromtech
2015-06-19 22:52 - 2015-06-19 22:53 - 00000328 _____ C:\Windows\Tasks\MTCYOKLOLS1.job
2015-06-19 22:52 - 2015-06-19 22:52 - 00003552 _____ C:\Windows\System32\Tasks\ZYICP
2015-06-19 22:52 - 2015-06-19 22:52 - 00002850 _____ C:\Windows\System32\Tasks\MTCYOKLOLS1
2015-06-19 22:52 - 2015-06-19 22:52 - 00000000 ____D C:\ProgramData\5aae4531dc23473f8da7a5bac9f3a51f
2015-06-19 22:52 - 2015-06-19 22:52 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-06-19 22:51 - 2015-06-19 22:51 - 00003396 _____ C:\Windows\System32\Tasks\LuckyTab
2015-06-19 22:51 - 2015-06-19 22:51 - 00000000 ____D C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
2015-06-19 22:51 - 2015-06-19 22:51 - 00000000 ____D C:\Program Files (x86)\LuckyTab
2015-06-18 21:08 - 2015-06-18 21:08 - 00050520 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\nwjkm2z2y3mwbdd.sys
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\jklm\AppData\Roaming\g5EHHvd7KBE2FYc8jv1Ik
2015-04-20 07:05 - 2015-04-20 07:05 - 1579520 _____ () C:\Users\jklm\AppData\Roaming\g5EHHvd7KBE2FYc8jv1Ik.exe
2015-06-19 23:21 - 2015-06-19 23:21 - 0613255 _____ (CMI Limited) C:\Users\jklm\AppData\Local\nsjBCD4.tmp
Task: {0DEFAFC1-A326-4FA8-BC49-510BF138920B} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {1119667B-611D-4249-8854-A7DB8636EE64} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert <==== ATTENTION
Task: {16702F08-2E8E-469D-837A-ADA64D90C7D7} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-06-19] (globalUpdate) <==== ATTENTION
Task: {1EA97C4B-FCAE-4BBB-A71E-1265724A8955} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5_user => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {1F1A23DE-DD68-41CA-8CB4-7F08C9C49FEE} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {206C1510-E887-4CB4-9303-E73F18B176B7} - System32\Tasks\MTCYOKLOLS1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-06-03] (FlashBeat) <==== ATTENTION
Task: {25D9EEC0-2AF8-44B2-A0DE-5C910129442E} - System32\Tasks\g5EHHvd7KBE2FYc8jv1Ik => C:\Users\jklm\AppData\Roaming\g5EHHvd7KBE2FYc8jv1Ik.exe [2015-04-20] () <==== ATTENTION
Task: {2B6B43A6-FF97-4D56-8D35-9A0666E4B960} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {30FB7E70-077A-495C-BC25-EDC2F61043C0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-06-19] (AnyProtect.com) <==== ATTENTION
Task: {35E59BE4-062B-4B39-B401-99DA02CE3991} - System32\Tasks\LuckyTab => C:\Program Files (x86)\LuckyTab\LuckyTab.exe [2015-06-19] (http://lucky-tab.com/) <==== ATTENTION
Task: {36FE590F-92E9-4DE1-B322-AB15E75D3186} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-06-19] (AnyProtect.com) <==== ATTENTION
Task: {3F808F81-6AC0-4CDB-B723-3B0E2E67A628} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {498BB6A0-883F-4F56-B7FB-EE1A512BDC3F} - System32\Tasks\avabvbavad => C:\Users\jklm\AppData\Local\avabvbavad\avabvbavad.exe [2015-06-03] () <==== ATTENTION
Task: {53471D25-BB8E-4994-B0A3-3CA2587DE723} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-06-19] (AnyProtect.com) <==== ATTENTION
Task: {5B1E65F8-26D7-4002-A143-9946E067CBEB} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-06-19] (ConsumerInput) <==== ATTENTION
Task: {60A9363C-5270-4A43-A6E4-A2FF10BD0F10} - System32\Tasks\Msouflui => C:\ProgramData\Msouflui\1.0.1.0\uawiemem.exe [2015-06-19] ()
Task: {65FAB375-5C9B-422C-BA52-D4640BECE2E7} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\jklm\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {7EB4D63B-B9FB-44BE-8150-330461C9086D} - System32\Tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-05-28] () <==== ATTENTION
Task: {91CEDBA4-F59A-458E-9872-3BC242A2B768} - System32\Tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-05-28] () <==== ATTENTION
Task: {939DD84A-EE72-462A-B5F7-4EC770D77172} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-06-19] () <==== ATTENTION
Task: {9F8AC108-4F23-45DB-B348-FFC30CA00E9A} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {A3F5DF1A-12BD-4A6B-B88E-C9409B1CB21C} - System32\Tasks\IneedSpeed Update => C:\Program Files (x86)\version85IneedSpeed\b4IneedSpeedQ95.exe [2015-06-19] ()
Task: {A9B0AB88-B394-44E4-8592-0165F8527AFD} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-06-19] (globalUpdate) <==== ATTENTION
Task: {AB812764-E1CD-4ED6-BEB3-A6716B7380CE} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-06-19] (ConsumerInput) <==== ATTENTION
Task: {C0E64DAA-FBD4-4DFC-ACF7-49054E9B9283} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {C36928FA-A219-4712-B78B-FEB4D55EE9BA} - System32\Tasks\{B73072F1-ABE4-455D-9175-7FB9C096E10F} => pcalua.exe -a "C:\Program Files (x86)\Zenographics\{B49F7068-1268-46E3-B682-21CCEDD4CF9E}\setup.exe" -c -u "HPLJInstaller.dll=Hpl_1020.inf"
Task: {D2AB08C0-8901-4919-BA8F-14EF972CB55D} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10_user => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {F6D8D14C-B9F6-41B1-8BC8-8678D8DD69E5} - System32\Tasks\ZYICP => C:\ProgramData\5aae4531dc23473f8da7a5bac9f3a51f\5aae4531dc23473f8da7a5bac9f3a51f.exe [2015-06-03] () <==== ATTENTION
Task: {FBE3C925-A7EC-4FFE-A4BD-78C505289737} - System32\Tasks\{509E09E5-D60C-454A-A352-E9175BD2F7C4} => pcalua.exe -a C:\Users\jklm\Downloads\HijackThis.exe -d C:\Users\jklm\Downloads
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10_user.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5_user.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\Windows\Tasks\g5EHHvd7KBE2FYc8jv1Ik.job => C:\Users\jklm\AppData\Roaming\g5EHHvd7KBE2FYc8jv1Ik.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\IneedSpeed Update.job => C:\Program Files (x86)\version85IneedSpeed\b4IneedSpeedQ95.exe
Task: C:\Windows\Tasks\MTCYOKLOLS1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
C:\Users\jklm\AppData\Local\Temp\7T02k5WOk0.tmp
C:\ProgramData\FlashBeat
C:\Program Files (x86)\Cinema_Plus-1.2V19.06
C:\ProgramData\WBRYXRSt
C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131
C:\Program Files (x86)\Infonaut_1.10.0.14
C:\Users\jklm\AppData\Local\SmartWeb
C:\Program Files (x86)\SearchProtect
C:\Users\jklm\AppData\Local\Temp\{8565EB50-E289-4892-A596-DA6331E51B86}
C:\Program Files (x86)\Smwyyntm1ndi1zdz
C:\Users\jklm\AppData\Local\SmartWeb
C:\Program Files\Kromtech
C:\Program Files (x86)\version85IneedSpeed
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\Kotato
C:\ProgramData\WBRYXRSt
C:\Windows\System32\drivers\nwjkm2z2y3mwbdd.sys
C:\Windows\system32\Drivers\webTinstMKTN84.sys
C:\Program Files (x86)\Smwyyntm1ndi1zdz\nwjkm2z2y3mwbdd.exe
C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe
C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131
C:\ProgramData\Msouflui
C:\Program Files (x86)\Consumer Input
C:\Program Files (x86)\Games Bot
C:\Users\jklm\AppData\Local\gmsd_us_005010007
C:\Program Files (x86)\Crossbrowse\Crossbrowse
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.

FINALLY

Please run a fresh FRST scan so that I can check for any I may have missed

[md262]

Here is the log.  I will run ADWcleaner now. Thanks.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by jklm at 2015-06-20 12:22:19 Run:1
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\...\Run: [AccessSecureData] => C:\Users\jklm\AppData\Local\Temp\{8565EB50-E289-4892-A596-DA6331E51B86}\AccessSecureData.exe <===== ATTENTION
HKLM-x32\...\Run: [mwyyntm1ndi1zdz] => C:\Program Files (x86)\Smwyyntm1ndi1zdz\nwjkm2z2y3mwbdd.exe [2422784 2015-06-18] ()
HKLM-x32\...\Run: [WinCheck] => C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131\bnsl9328.exe [359936 2015-06-05] ()
HKLM-x32\...\Run: [SmartWeb] => C:\Users\jklm\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [gmsd_us_005010007] => C:\Program Files (x86)\gmsd_us_005010007\gmsd_us_005010007.exe [3984040 2015-06-19] ()
HKLM-x32\...\RunOnce: [upgmsd_us_005010007.exe] => C:\Users\jklm\AppData\Local\gmsd_us_005010007\upgmsd_us_005010007.exe [3319976 2015-06-19] ()
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Run: [GamesBot] => C:\Program Files (x86)\Games Bot\GamesBot.exe [311912 2015-04-22] ()
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Run: [GoogleChromeAutoLaunch_D1B0517A1A5838A6E831285B01BA7F9A] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
HKU\S-1-5-21-2695581885-3589152984-3162700467-1003\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-2695581885-3589152984-3162700467-1003\...\MountPoints2: {c7c4d253-80c7-11e2-94b1-782bcb8d9336} - I:\LaunchU3.exe -a
HKU\S-1-5-21-2695581885-3589152984-3162700467-1004\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [263952 2015-06-03] (Client Connect LTD)
AppInit_DLLs:  C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll [905728 2015-06-03] (FlashBeat)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-06-03] (Client Connect LTD)
AppInit_DLLs-x32:  C:\ProgramData\FlashBeat\FlashBeat32.dll => C:\ProgramData\FlashBeat\FlashBeat32.dll [630272 2015-06-03] (FlashBeat)
Startup: C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-06-19]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
Startup: C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-06-19]
ShortcutTarget: SmartWeb.lnk -> C:\Users\jklm\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...C&D=062015=
SearchScopes: HKU\S-1-5-21-2695581885-3589152984-3162700467-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-2695581885-3589152984-3162700467-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com...archTerms}=
BHO: IneedSpeed -> {9480B134-F446-56C2-81C2-8E7E24D11E5F} -> C:\Program Files (x86)\version85IneedSpeed\192_x64.dll [2015-06-19] ()
BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2015-02-25] (Compete, Inc.)
BHO-x32: IneedSpeed -> {9480B134-F446-56C2-81C2-8E7E24D11E5F} -> C:\Program Files (x86)\version85IneedSpeed\192.dll [2015-06-19] ()
BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2015-02-25] (Compete, Inc.)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-06-19] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-06-19] (globalUpdate)
FF HKLM-x32\...\Firefox\Extensions: [{78DADB4B-7468-4c1c-8612-00FBF356A9FF}] - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi
FF Extension: YouTube Downloader Extension - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi [2014-05-05]
FF HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Firefox\Extensions: [{C6476A68-B06E-82C0-8E2F-D79F1A73C235}] - C:\Program Files (x86)\version85IneedSpeed\192.xpi
FF Extension: IneedSpeed - C:\Program Files (x86)\version85IneedSpeed\192.xpi [2015-06-19]
FF HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12099.xpi
FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12099.xpi [2015-01-21]
CHR Extension: (IneedSpeed) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdhhjbhbfhkmmcjojicgkoplildbkbk [2015-06-19]
CHR HKLM-x32\...\Chrome\Extension: [ebjipgnedcljapmafeafekmlebefcafp] - C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_GC.crx [2014-05-05]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3285776 2015-06-03] (Client Connect LTD)
S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-06-19] (ConsumerInput)
S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2015-06-19] (ConsumerInput)
R2 GamesBotService; C:\Program Files (x86)\Games Bot\GamesBotSvc.exe [53352 2015-06-09] (Games Bot Inc.)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-06-19] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-06-19] (globalUpdate) [File not signed] <==== ATTENTION
R2 insvc_1.10.0.14; C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe [278600 2015-04-10] (Infonaut)
R2 kysykiti; C:\Users\jklm\AppData\Local\4C4C4544-1434754844-5610-8048-B7C04F445131\snsrA659.tmp [147456 2015-06-19] () [File not signed]
R2 Orbiter; C:\Program Files (x86)\ORBTR\orbiter.dll [558544 2015-06-19] (Client Connect LTD)
R2 UniversalUpdater; C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe [710144 2015-06-18] () [File not signed]
R2 xfrcCqRE; C:\ProgramData\WBRYXRSt\xfrcCqRE.exe [2730984 2015-06-19] (Time Lapse Solutions)
R1 innfd_1_10_0_14; C:\Windows\System32\drivers\innfd_1_10_0_14.sys [58224 2015-04-10] (Infonaut)
R1 nwjkm2z2y3mwbdd; C:\Windows\System32\drivers\nwjkm2z2y3mwbdd.sys [50520 2015-06-18] (Windows ® Win 7 DDK provider)
S0 SpfdBus; C:\Windows\System32\DRIVERS\SpfdBus.sys [11296 2013-02-21] (Safend Ltd.)
R2 webTinstMKTN84; C:\Windows\system32\Drivers\webTinstMKTN84.sys [50216 2015-06-19] ()
2015-06-19 23:27 - 2015-06-19 23:47 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-06-19 23:27 - 2015-06-19 23:27 - 00002826 _____ C:\Windows\System32\Tasks\APSnotifierPP1
2015-06-19 23:27 - 2015-06-19 23:27 - 00002824 _____ C:\Windows\System32\Tasks\APSnotifierPP3
2015-06-19 23:27 - 2015-06-19 23:27 - 00002824 _____ C:\Windows\System32\Tasks\APSnotifierPP2
2015-06-19 23:27 - 2015-06-19 23:27 - 00001011 _____ C:\Users\jklm\Desktop\AnyProtect.lnk
2015-06-19 23:27 - 2015-06-19 23:27 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-06-19 23:27 - 2015-06-19 23:27 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-06-19 23:27 - 2015-06-19 23:27 - 00000000 ____D C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-06-19 23:21 - 2015-06-19 23:27 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
2015-06-19 23:21 - 2015-06-19 23:21 - 00613255 _____ (CMI Limited) C:\Users\jklm\AppData\Local\nsjBCD4.tmp
2015-06-19 23:21 - 2015-06-19 23:21 - 00000000 __SHD C:\Users\jklm\AppData\Roaming\AnyProtectEx
2015-06-19 23:20 - 2015-06-19 23:20 - 00000000 ____D C:\Users\jklm\AppData\Roaming\Compete
2015-06-19 23:17 - 2015-06-20 05:25 - 00000000 ____D C:\Users\jklm\AppData\Local\gmsd_us_005010007
2015-06-19 23:17 - 2015-06-20 05:17 - 00001054 _____ C:\Windows\Tasks\Crossbrowse.job
2015-06-19 23:17 - 2015-06-19 23:17 - 00004076 _____ C:\Windows\System32\Tasks\Crossbrowse
2015-06-19 23:17 - 2015-06-19 23:17 - 00002360 _____ C:\Users\Public\Desktop\Crossbrowse.lnk
2015-06-19 23:17 - 2015-06-19 23:17 - 00002215 _____ C:\Users\Public\Desktop\Search.lnk
2015-06-19 23:17 - 2015-06-19 23:17 - 00000000 ____D C:\Users\Leslie\AppData\Local\Crossbrowse
2015-06-19 23:17 - 2015-06-19 23:17 - 00000000 ____D C:\Users\jklm\AppData\Local\Crossbrowse
2015-06-19 23:17 - 2015-06-19 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-06-19 23:17 - 2015-06-19 23:17 - 00000000 ____D C:\Program Files (x86)\gmsd_us_005010007
2015-06-19 23:17 - 2015-06-19 23:17 - 00000000 ____D C:\Program Files (x86)\Crossbrowse
2015-06-19 23:14 - 2015-06-19 23:25 - 00000000 ____D C:\Users\jklm\AppData\Local\Games Bot
2015-06-19 23:14 - 2015-06-19 23:14 - 00003456 _____ C:\Windows\System32\Tasks\avabvbavad
2015-06-19 23:14 - 2015-06-19 23:14 - 00000000 ____D C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot
2015-06-19 23:14 - 2015-06-19 23:14 - 00000000 ____D C:\Users\jklm\AppData\Local\avabvbavad
2015-06-19 23:14 - 2015-06-19 23:14 - 00000000 ____D C:\Program Files (x86)\Games Bot
2015-06-19 23:13 - 2015-06-19 23:14 - 00000000 ____D C:\Users\jklm\AppData\Local\SearchProtect
2015-06-19 23:13 - 2015-06-19 23:14 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-06-19 23:12 - 2015-06-19 23:12 - 00004028 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-06-19 23:12 - 2015-06-19 23:12 - 00000000 ____D C:\Users\jklm\AppData\Local\SmartWeb
2015-06-19 23:11 - 2015-06-19 23:11 - 00000000 ____D C:\Program Files (x86)\ORBTR
2015-06-19 23:10 - 2015-06-19 23:10 - 00000000 ____D C:\Program Files (x86)\Infonaut_1.10.0.14
2015-06-19 23:02 - 2015-06-20 06:20 - 00000358 _____ C:\Windows\Tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001.job
2015-06-19 23:02 - 2015-06-19 23:02 - 00003394 _____ C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001
2015-06-19 23:02 - 2015-06-19 23:02 - 00003270 _____ C:\Windows\System32\Tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001
2015-06-19 23:02 - 2015-06-19 23:02 - 00000392 _____ C:\Windows\Tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001.job
2015-06-19 23:02 - 2015-06-19 23:02 - 00000000 ____D C:\Program Files (x86)\Setup Support for Consumer Input
2015-06-19 23:01 - 2015-06-20 03:01 - 00003434 _____ C:\Windows\System32\Tasks\Msouflui
2015-06-19 23:01 - 2015-06-19 23:01 - 00000000 ____D C:\ProgramData\Msouflui
2015-06-19 23:00 - 2015-06-19 23:06 - 00000000 ____D C:\Users\jklm\AppData\Local\4C4C4544-1434754844-5610-8048-B7C04F445131
2015-06-19 22:59 - 2015-06-20 06:04 - 00000966 _____ C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job
2015-06-19 22:59 - 2015-06-19 22:59 - 00003962 _____ C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2015-06-19 22:58 - 2015-06-19 23:03 - 00000962 _____ C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job
2015-06-19 22:58 - 2015-06-19 23:02 - 00000000 ____D C:\Program Files (x86)\Consumer Input
2015-06-19 22:58 - 2015-06-19 22:58 - 00003710 _____ C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2015-06-19 22:58 - 2015-06-19 22:58 - 00000000 ____D C:\Users\jklm\AppData\Local\Zeoinsight
2015-06-19 22:58 - 2015-06-19 22:58 - 00000000 ____D C:\Users\jklm\AppData\Local\ZBAnalyticsCore
2015-06-19 22:58 - 2015-06-19 22:58 - 00000000 ____D C:\Users\jklm\AppData\Local\Kromtech
2015-06-19 22:58 - 2015-06-19 22:58 - 00000000 ____D C:\Users\jklm\AppData\Local\Consumer Input
2015-06-19 22:58 - 2015-06-19 22:58 - 00000000 ____D C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131
2015-06-19 22:57 - 2015-06-20 01:45 - 00000000 ____D C:\Users\jklm\AppData\Local\ZombieNews
2015-06-19 22:57 - 2015-06-19 23:20 - 00000000 ____D C:\Users\jklm\AppData\Roaming\4C4C4544-1434779849-5610-8048-B7C04F445131
2015-06-19 22:57 - 2015-06-19 22:57 - 00000000 ____D C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-06-19 22:57 - 2015-06-19 22:57 - 00000000 ____D C:\Users\jklm\AppData\Roaming\ASPackage
2015-06-19 22:56 - 2015-06-19 22:56 - 00003076 _____ C:\Windows\System32\Tasks\IneedSpeed Update
2015-06-19 22:56 - 2015-06-19 22:56 - 00001822 _____ C:\Windows\patsearch.bin
2015-06-19 22:56 - 2015-06-19 22:56 - 00000430 _____ C:\Windows\Tasks\IneedSpeed Update.job
2015-06-19 22:56 - 2015-06-19 22:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2015-06-19 22:56 - 2015-06-19 22:56 - 00000000 ____D C:\ProgramData\ZombieNews
2015-06-19 22:56 - 2015-06-19 22:56 - 00000000 ____D C:\ProgramData\WBRYXRSt
2015-06-19 22:56 - 2015-06-19 22:56 - 00000000 ____D C:\Program Files (x86)\version85IneedSpeed
2015-06-19 22:56 - 2015-06-19 22:55 - 00050216 _____ C:\Windows\system32\Drivers\webTinstMKTN84.sys
2015-06-19 22:55 - 2015-06-20 04:55 - 00002444 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5_user.job
2015-06-19 22:55 - 2015-06-20 04:55 - 00002444 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.job
2015-06-19 22:55 - 2015-06-19 22:55 - 00005474 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5
2015-06-19 22:55 - 2015-06-19 22:55 - 00004032 _____ C:\Windows\System32\Tasks\g5EHHvd7KBE2FYc8jv1Ik
2015-06-19 22:55 - 2015-06-19 22:55 - 00001010 _____ C:\Windows\Tasks\g5EHHvd7KBE2FYc8jv1Ik.job
2015-06-19 22:54 - 2015-06-20 05:54 - 00005516 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.job
2015-06-19 22:54 - 2015-06-20 05:54 - 00003136 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.job
2015-06-19 22:54 - 2015-06-20 04:59 - 00000996 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-06-19 22:54 - 2015-06-20 04:54 - 00005180 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7.job
2015-06-19 22:54 - 2015-06-20 04:54 - 00003136 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7.job
2015-06-19 22:54 - 2015-06-19 22:59 - 00000992 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-06-19 22:54 - 2015-06-19 22:54 - 00008544 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6
2015-06-19 22:54 - 2015-06-19 22:54 - 00008210 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7
2015-06-19 22:54 - 2015-06-19 22:54 - 00006166 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7
2015-06-19 22:54 - 2015-06-19 22:54 - 00006164 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6
2015-06-19 22:54 - 2015-06-19 22:54 - 00003994 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-06-19 22:54 - 2015-06-19 22:54 - 00003740 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-06-19 22:54 - 2015-06-19 22:54 - 00000000 ____D C:\Program Files (x86)\Umtayyznhndq1ntz
2015-06-19 22:54 - 2015-06-19 22:54 - 00000000 ____D C:\Program Files (x86)\Smwyyntm1ndi1zdz
2015-06-19 22:54 - 2015-06-19 22:54 - 00000000 ____D C:\Program Files (x86)\Hades
2015-06-19 22:54 - 2015-06-19 22:54 - 00000000 ____D C:\Program Files (x86)\22c5dbb2-38e8-401e-a36d-e396d9be6748
2015-06-19 22:53 - 2015-06-20 05:53 - 00002110 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10_user.job
2015-06-19 22:53 - 2015-06-20 05:53 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-19 22:53 - 2015-06-20 04:54 - 00004156 _____ C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3.job
2015-06-19 22:53 - 2015-06-19 22:55 - 00000000 ____D C:\Program Files (x86)\Cinema_Plus-1.2V19.06
2015-06-19 22:53 - 2015-06-19 22:54 - 00007186 _____ C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3
2015-06-19 22:53 - 2015-06-19 22:53 - 00000000 ____D C:\Users\jklm\AppData\Local\globalUpdate
2015-06-19 22:53 - 2015-06-19 22:53 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-06-19 22:52 - 2015-06-19 23:11 - 00000000 ____D C:\ProgramData\FlashBeat
2015-06-19 22:52 - 2015-06-19 22:57 - 00000000 ____D C:\ProgramData\Kromtech
2015-06-19 22:52 - 2015-06-19 22:53 - 00000328 _____ C:\Windows\Tasks\MTCYOKLOLS1.job
2015-06-19 22:52 - 2015-06-19 22:52 - 00003552 _____ C:\Windows\System32\Tasks\ZYICP
2015-06-19 22:52 - 2015-06-19 22:52 - 00002850 _____ C:\Windows\System32\Tasks\MTCYOKLOLS1
2015-06-19 22:52 - 2015-06-19 22:52 - 00000000 ____D C:\ProgramData\5aae4531dc23473f8da7a5bac9f3a51f
2015-06-19 22:52 - 2015-06-19 22:52 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-06-19 22:51 - 2015-06-19 22:51 - 00003396 _____ C:\Windows\System32\Tasks\LuckyTab
2015-06-19 22:51 - 2015-06-19 22:51 - 00000000 ____D C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
2015-06-19 22:51 - 2015-06-19 22:51 - 00000000 ____D C:\Program Files (x86)\LuckyTab
2015-06-18 21:08 - 2015-06-18 21:08 - 00050520 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\nwjkm2z2y3mwbdd.sys
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\jklm\AppData\Roaming\g5EHHvd7KBE2FYc8jv1Ik
2015-04-20 07:05 - 2015-04-20 07:05 - 1579520 _____ () C:\Users\jklm\AppData\Roaming\g5EHHvd7KBE2FYc8jv1Ik.exe
2015-06-19 23:21 - 2015-06-19 23:21 - 0613255 _____ (CMI Limited) C:\Users\jklm\AppData\Local\nsjBCD4.tmp
Task: {0DEFAFC1-A326-4FA8-BC49-510BF138920B} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {1119667B-611D-4249-8854-A7DB8636EE64} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert <==== ATTENTION
Task: {16702F08-2E8E-469D-837A-ADA64D90C7D7} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-06-19] (globalUpdate) <==== ATTENTION
Task: {1EA97C4B-FCAE-4BBB-A71E-1265724A8955} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5_user => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {1F1A23DE-DD68-41CA-8CB4-7F08C9C49FEE} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {206C1510-E887-4CB4-9303-E73F18B176B7} - System32\Tasks\MTCYOKLOLS1 => C:\ProgramData\FlashBeat\FlashBeat.exe [2015-06-03] (FlashBeat) <==== ATTENTION
Task: {25D9EEC0-2AF8-44B2-A0DE-5C910129442E} - System32\Tasks\g5EHHvd7KBE2FYc8jv1Ik => C:\Users\jklm\AppData\Roaming\g5EHHvd7KBE2FYc8jv1Ik.exe [2015-04-20] () <==== ATTENTION
Task: {2B6B43A6-FF97-4D56-8D35-9A0666E4B960} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {30FB7E70-077A-495C-BC25-EDC2F61043C0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-06-19] (AnyProtect.com) <==== ATTENTION
Task: {35E59BE4-062B-4B39-B401-99DA02CE3991} - System32\Tasks\LuckyTab => C:\Program Files (x86)\LuckyTab\LuckyTab.exe [2015-06-19] (http://lucky-tab.com/) <==== ATTENTION
Task: {36FE590F-92E9-4DE1-B322-AB15E75D3186} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-06-19] (AnyProtect.com) <==== ATTENTION
Task: {3F808F81-6AC0-4CDB-B723-3B0E2E67A628} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {498BB6A0-883F-4F56-B7FB-EE1A512BDC3F} - System32\Tasks\avabvbavad => C:\Users\jklm\AppData\Local\avabvbavad\avabvbavad.exe [2015-06-03] () <==== ATTENTION
Task: {53471D25-BB8E-4994-B0A3-3CA2587DE723} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-06-19] (AnyProtect.com) <==== ATTENTION
Task: {5B1E65F8-26D7-4002-A143-9946E067CBEB} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-06-19] (ConsumerInput) <==== ATTENTION
Task: {60A9363C-5270-4A43-A6E4-A2FF10BD0F10} - System32\Tasks\Msouflui => C:\ProgramData\Msouflui\1.0.1.0\uawiemem.exe [2015-06-19] ()
Task: {65FAB375-5C9B-422C-BA52-D4640BECE2E7} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\jklm\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {7EB4D63B-B9FB-44BE-8150-330461C9086D} - System32\Tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-05-28] () <==== ATTENTION
Task: {91CEDBA4-F59A-458E-9872-3BC242A2B768} - System32\Tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe [2015-05-28] () <==== ATTENTION
Task: {939DD84A-EE72-462A-B5F7-4EC770D77172} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-06-19] () <==== ATTENTION
Task: {9F8AC108-4F23-45DB-B348-FFC30CA00E9A} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {A3F5DF1A-12BD-4A6B-B88E-C9409B1CB21C} - System32\Tasks\IneedSpeed Update => C:\Program Files (x86)\version85IneedSpeed\b4IneedSpeedQ95.exe [2015-06-19] ()
Task: {A9B0AB88-B394-44E4-8592-0165F8527AFD} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-06-19] (globalUpdate) <==== ATTENTION
Task: {AB812764-E1CD-4ED6-BEB3-A6716B7380CE} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [2015-06-19] (ConsumerInput) <==== ATTENTION
Task: {C0E64DAA-FBD4-4DFC-ACF7-49054E9B9283} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7 => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {C36928FA-A219-4712-B78B-FEB4D55EE9BA} - System32\Tasks\{B73072F1-ABE4-455D-9175-7FB9C096E10F} => pcalua.exe -a "C:\Program Files (x86)\Zenographics\{B49F7068-1268-46E3-B682-21CCEDD4CF9E}\setup.exe" -c -u "HPLJInstaller.dll=Hpl_1020.inf"
Task: {D2AB08C0-8901-4919-BA8F-14EF972CB55D} - System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10_user => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10.exe [2015-06-19] (Cinema_Plus-1.2V19.06) <==== ATTENTION
Task: {F6D8D14C-B9F6-41B1-8BC8-8678D8DD69E5} - System32\Tasks\ZYICP => C:\ProgramData\5aae4531dc23473f8da7a5bac9f3a51f\5aae4531dc23473f8da7a5bac9f3a51f.exe [2015-06-03] () <==== ATTENTION
Task: {FBE3C925-A7EC-4FFE-A4BD-78C505289737} - System32\Tasks\{509E09E5-D60C-454A-A352-E9175BD2F7C4} => pcalua.exe -a C:\Users\jklm\Downloads\HijackThis.exe -d C:\Users\jklm\Downloads
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10_user.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5_user.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7.job => C:\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\Windows\Tasks\g5EHHvd7KBE2FYc8jv1Ik.job => C:\Users\jklm\AppData\Roaming\g5EHHvd7KBE2FYc8jv1Ik.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\IneedSpeed Update.job => C:\Program Files (x86)\version85IneedSpeed\b4IneedSpeedQ95.exe
Task: C:\Windows\Tasks\MTCYOKLOLS1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
C:\Users\jklm\AppData\Local\Temp\7T02k5WOk0.tmp
C:\ProgramData\FlashBeat
C:\Program Files (x86)\Cinema_Plus-1.2V19.06
C:\ProgramData\WBRYXRSt
C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131
C:\Program Files (x86)\Infonaut_1.10.0.14
C:\Users\jklm\AppData\Local\SmartWeb
C:\Program Files (x86)\SearchProtect
C:\Users\jklm\AppData\Local\Temp\{8565EB50-E289-4892-A596-DA6331E51B86}
C:\Program Files (x86)\Smwyyntm1ndi1zdz
C:\Users\jklm\AppData\Local\SmartWeb
C:\Program Files\Kromtech
C:\Program Files (x86)\version85IneedSpeed
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\Kotato
C:\ProgramData\WBRYXRSt
C:\Windows\System32\drivers\nwjkm2z2y3mwbdd.sys
C:\Windows\system32\Drivers\webTinstMKTN84.sys
C:\Program Files (x86)\Smwyyntm1ndi1zdz\nwjkm2z2y3mwbdd.exe
C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe
C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131
C:\ProgramData\Msouflui
C:\Program Files (x86)\Consumer Input
C:\Program Files (x86)\Games Bot
C:\Users\jklm\AppData\Local\gmsd_us_005010007
C:\Program Files (x86)\Crossbrowse\Crossbrowse
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AccessSecureData => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mwyyntm1ndi1zdz => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WinCheck => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_005010007 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upgmsd_us_005010007.exe => value removed successfully
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PCKeeper2 => value removed successfully
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GamesBot => value removed successfully
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_D1B0517A1A5838A6E831285B01BA7F9A => value removed successfully
HKU\S-1-5-21-2695581885-3589152984-3162700467-1003\Software\Microsoft\Windows\CurrentVersion\Run\\PCKeeper2 => value removed successfully
"HKU\S-1-5-21-2695581885-3589152984-3162700467-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7c4d253-80c7-11e2-94b1-782bcb8d9336}" => key removed successfully
HKCR\CLSID\{c7c4d253-80c7-11e2-94b1-782bcb8d9336} => key not found.
HKU\S-1-5-21-2695581885-3589152984-3162700467-1004\Software\Microsoft\Windows\CurrentVersion\Run\\PCKeeper2 => value removed successfully
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => value data removed successfully.
" C:\ProgramData\FlashBeat\FlashBeat64.dll" => value data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" => value data removed successfully.
" C:\ProgramData\FlashBeat\FlashBeat32.dll" => value data removed successfully.
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk => moved successfully.
C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe => moved successfully.
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk => moved successfully.
C:\Users\jklm\AppData\Local\SmartWeb\SmartWebHelper.exe => moved successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\bProtectorDefaultScope => value removed successfully
"HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9480B134-F446-56C2-81C2-8E7E24D11E5F}" => key removed successfully
"HKCR\CLSID\{9480B134-F446-56C2-81C2-8E7E24D11E5F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}" => key removed successfully
"HKCR\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9480B134-F446-56C2-81C2-8E7E24D11E5F}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{9480B134-F446-56C2-81C2-8E7E24D11E5F}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => key removed successfully
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll => moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => key removed successfully
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{78DADB4B-7468-4c1c-8612-00FBF356A9FF} => value removed successfully
C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_FF.xpi => moved successfully.
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Mozilla\Firefox\Extensions\\{C6476A68-B06E-82C0-8E2F-D79F1A73C235} => value removed successfully
C:\Program Files (x86)\version85IneedSpeed\192.xpi => moved successfully.
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Mozilla\Firefox\Extensions\\ConsumerInput@Compete => value removed successfully
C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12099.xpi => moved successfully.
C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdhhjbhbfhkmmcjojicgkoplildbkbk => moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ebjipgnedcljapmafeafekmlebefcafp" => key removed successfully
C:\Program Files (x86)\Kotato\YouTube Downloader\YTD_GC.crx => moved successfully.
CltMngSvc => Unable to stop service.
CltMngSvc => Service removed successfully
consumerinput_update => Service removed successfully
consumerinput_updatem => Service removed successfully
GamesBotService => Service stopped successfully.
GamesBotService => Service removed successfully
globalUpdate => Service removed successfully
globalUpdatem => Service removed successfully
insvc_1.10.0.14 => Service stopped successfully.
insvc_1.10.0.14 => Service removed successfully
kysykiti => Service stopped successfully.
kysykiti => Service removed successfully
Orbiter => Unable to stop service.
Orbiter => Service removed successfully
UniversalUpdater => Service stopped successfully.
UniversalUpdater => Service removed successfully
xfrcCqRE => Unable to stop service.
xfrcCqRE => Service removed successfully
innfd_1_10_0_14 => Unable to stop service.
innfd_1_10_0_14 => Service removed successfully
nwjkm2z2y3mwbdd => Unable to stop service.
nwjkm2z2y3mwbdd => Service removed successfully
SpfdBus => Service removed successfully
webTinstMKTN84 => Service stopped successfully.
webTinstMKTN84 => Service removed successfully
C:\Windows\Tasks\APSnotifierPP1.job => moved successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => moved successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => moved successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => moved successfully.
C:\Users\jklm\Desktop\AnyProtect.lnk => moved successfully.
C:\Windows\Tasks\APSnotifierPP3.job => moved successfully.
C:\Windows\Tasks\APSnotifierPP2.job => moved successfully.
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup => moved successfully.
C:\Program Files (x86)\AnyProtectEx => moved successfully.
C:\Users\jklm\AppData\Local\nsjBCD4.tmp => moved successfully.
C:\Users\jklm\AppData\Roaming\AnyProtectEx => moved successfully.
C:\Users\jklm\AppData\Roaming\Compete => moved successfully.

"C:\Users\jklm\AppData\Local\gmsd_us_005010007" folder move:

Could not move "C:\Users\jklm\AppData\Local\gmsd_us_005010007" folder => Scheduled to move on reboot.

C:\Windows\Tasks\Crossbrowse.job => moved successfully.
C:\Windows\System32\Tasks\Crossbrowse => moved successfully.
C:\Users\Public\Desktop\Crossbrowse.lnk => moved successfully.
C:\Users\Public\Desktop\Search.lnk => moved successfully.
C:\Users\Leslie\AppData\Local\Crossbrowse => moved successfully.

"C:\Users\jklm\AppData\Local\Crossbrowse" folder move:

Could not move "C:\Users\jklm\AppData\Local\Crossbrowse" folder => Scheduled to move on reboot.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse => moved successfully.

"C:\Program Files (x86)\gmsd_us_005010007" folder move:

Could not move "C:\Program Files (x86)\gmsd_us_005010007" folder => Scheduled to move on reboot.

"C:\Program Files (x86)\Crossbrowse" folder move:

Could not move "C:\Program Files (x86)\Crossbrowse" folder => Scheduled to move on reboot.

"C:\Users\jklm\AppData\Local\Games Bot" folder move:

Could not move "C:\Users\jklm\AppData\Local\Games Bot" folder => Scheduled to move on reboot.

C:\Windows\System32\Tasks\avabvbavad => moved successfully.
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games Bot => moved successfully.
C:\Users\jklm\AppData\Local\avabvbavad => moved successfully.

"C:\Program Files (x86)\Games Bot" folder move:

Could not move "C:\Program Files (x86)\Games Bot" folder => Scheduled to move on reboot.

C:\Users\jklm\AppData\Local\SearchProtect => moved successfully.
C:\Program Files (x86)\SearchProtect => moved successfully.
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => moved successfully.

"C:\Users\jklm\AppData\Local\SmartWeb" folder move:

Could not move "C:\Users\jklm\AppData\Local\SmartWeb" folder => Scheduled to move on reboot.

C:\Program Files (x86)\ORBTR => moved successfully.
C:\Program Files (x86)\Infonaut_1.10.0.14 => moved successfully.
C:\Windows\Tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001.job => moved successfully.
C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001 => moved successfully.
C:\Windows\System32\Tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001 => moved successfully.
C:\Windows\Tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001.job => moved successfully.
C:\Program Files (x86)\Setup Support for Consumer Input => moved successfully.
C:\Windows\System32\Tasks\Msouflui => moved successfully.

"C:\ProgramData\Msouflui" folder move:

Could not move "C:\ProgramData\Msouflui" folder => Scheduled to move on reboot.

C:\Users\jklm\AppData\Local\4C4C4544-1434754844-5610-8048-B7C04F445131 => moved successfully.
C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job => moved successfully.
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA => moved successfully.
C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job => moved successfully.
C:\Program Files (x86)\Consumer Input => moved successfully.
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore => moved successfully.
C:\Users\jklm\AppData\Local\Zeoinsight => moved successfully.
C:\Users\jklm\AppData\Local\ZBAnalyticsCore => moved successfully.
C:\Users\jklm\AppData\Local\Kromtech => moved successfully.
C:\Users\jklm\AppData\Local\Consumer Input => moved successfully.

"C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131" folder move:

Could not move "C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131" folder => Scheduled to move on reboot.

C:\Users\jklm\AppData\Local\ZombieNews => moved successfully.
C:\Users\jklm\AppData\Roaming\4C4C4544-1434779849-5610-8048-B7C04F445131 => moved successfully.
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage => moved successfully.
C:\Users\jklm\AppData\Roaming\ASPackage => moved successfully.
C:\Windows\System32\Tasks\IneedSpeed Update => moved successfully.
C:\Windows\patsearch.bin => moved successfully.
C:\Windows\Tasks\IneedSpeed Update.job => moved successfully.
C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf => moved successfully.
C:\ProgramData\ZombieNews => moved successfully.

"C:\ProgramData\WBRYXRSt" folder move:

Could not move "C:\ProgramData\WBRYXRSt" folder => Scheduled to move on reboot.

C:\Program Files (x86)\version85IneedSpeed => moved successfully.
C:\Windows\system32\Drivers\webTinstMKTN84.sys => moved successfully.
C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5_user.job => moved successfully.
C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.job => moved successfully.
C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5 => moved successfully.
C:\Windows\System32\Tasks\g5EHHvd7KBE2FYc8jv1Ik => moved successfully.
C:\Windows\Tasks\g5EHHvd7KBE2FYc8jv1Ik.job => moved successfully.
C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.job => moved successfully.
C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.job => moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => moved successfully.
C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7.job => moved successfully.
C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7.job => moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => moved successfully.
C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6 => moved successfully.
C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7 => moved successfully.
C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7 => moved successfully.
C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6 => moved successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => moved successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => moved successfully.
C:\Program Files (x86)\Umtayyznhndq1ntz => moved successfully.

"C:\Program Files (x86)\Smwyyntm1ndi1zdz" folder move:

Could not move "C:\Program Files (x86)\Smwyyntm1ndi1zdz" folder => Scheduled to move on reboot.

C:\Program Files (x86)\Hades => moved successfully.
C:\Program Files (x86)\22c5dbb2-38e8-401e-a36d-e396d9be6748 => moved successfully.
C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10_user.job => moved successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully.
C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3.job => moved successfully.
C:\Program Files (x86)\Cinema_Plus-1.2V19.06 => moved successfully.
C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3 => moved successfully.
C:\Users\jklm\AppData\Local\globalUpdate => moved successfully.
C:\Program Files (x86)\globalUpdate => moved successfully.

"C:\ProgramData\FlashBeat" folder move:

Could not move "C:\ProgramData\FlashBeat" folder => Scheduled to move on reboot.

C:\ProgramData\Kromtech => moved successfully.
C:\Windows\Tasks\MTCYOKLOLS1.job => moved successfully.
C:\Windows\System32\Tasks\ZYICP => moved successfully.
C:\Windows\System32\Tasks\MTCYOKLOLS1 => moved successfully.
C:\ProgramData\5aae4531dc23473f8da7a5bac9f3a51f => moved successfully.
C:\ProgramData\28341ff220e0446c9fff27c4493d622e => moved successfully.
C:\Windows\System32\Tasks\LuckyTab => moved successfully.
C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab => moved successfully.
C:\Program Files (x86)\LuckyTab => moved successfully.
C:\Windows\system32\Drivers\nwjkm2z2y3mwbdd.sys => moved successfully.
C:\Users\jklm\AppData\Roaming\g5EHHvd7KBE2FYc8jv1Ik => moved successfully.
C:\Users\jklm\AppData\Roaming\g5EHHvd7KBE2FYc8jv1Ik.exe => moved successfully.
"C:\Users\jklm\AppData\Local\nsjBCD4.tmp" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0DEFAFC1-A326-4FA8-BC49-510BF138920B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DEFAFC1-A326-4FA8-BC49-510BF138920B}" => key removed successfully
C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1119667B-611D-4249-8854-A7DB8636EE64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1119667B-611D-4249-8854-A7DB8636EE64}" => key removed successfully
C:\Windows\System32\Tasks\BrowserDefendert => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{16702F08-2E8E-469D-837A-ADA64D90C7D7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16702F08-2E8E-469D-837A-ADA64D90C7D7}" => key removed successfully
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1EA97C4B-FCAE-4BBB-A71E-1265724A8955}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EA97C4B-FCAE-4BBB-A71E-1265724A8955}" => key removed successfully
C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5_user => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5_user" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1F1A23DE-DD68-41CA-8CB4-7F08C9C49FEE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F1A23DE-DD68-41CA-8CB4-7F08C9C49FEE}" => key removed successfully
C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{206C1510-E887-4CB4-9303-E73F18B176B7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{206C1510-E887-4CB4-9303-E73F18B176B7}" => key removed successfully
C:\Windows\System32\Tasks\MTCYOKLOLS1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MTCYOKLOLS1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{25D9EEC0-2AF8-44B2-A0DE-5C910129442E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25D9EEC0-2AF8-44B2-A0DE-5C910129442E}" => key removed successfully
C:\Windows\System32\Tasks\g5EHHvd7KBE2FYc8jv1Ik not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\g5EHHvd7KBE2FYc8jv1Ik" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B6B43A6-FF97-4D56-8D35-9A0666E4B960}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B6B43A6-FF97-4D56-8D35-9A0666E4B960}" => key removed successfully
C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30FB7E70-077A-495C-BC25-EDC2F61043C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30FB7E70-077A-495C-BC25-EDC2F61043C0}" => key removed successfully
C:\Windows\System32\Tasks\APSnotifierPP3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35E59BE4-062B-4B39-B401-99DA02CE3991}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35E59BE4-062B-4B39-B401-99DA02CE3991}" => key removed successfully
C:\Windows\System32\Tasks\LuckyTab not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyTab" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36FE590F-92E9-4DE1-B322-AB15E75D3186}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36FE590F-92E9-4DE1-B322-AB15E75D3186}" => key removed successfully
C:\Windows\System32\Tasks\APSnotifierPP1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F808F81-6AC0-4CDB-B723-3B0E2E67A628}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F808F81-6AC0-4CDB-B723-3B0E2E67A628}" => key removed successfully
C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{498BB6A0-883F-4F56-B7FB-EE1A512BDC3F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{498BB6A0-883F-4F56-B7FB-EE1A512BDC3F}" => key removed successfully
C:\Windows\System32\Tasks\avabvbavad not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvbavad" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53471D25-BB8E-4994-B0A3-3CA2587DE723}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53471D25-BB8E-4994-B0A3-3CA2587DE723}" => key removed successfully
C:\Windows\System32\Tasks\APSnotifierPP2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B1E65F8-26D7-4002-A143-9946E067CBEB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B1E65F8-26D7-4002-A143-9946E067CBEB}" => key removed successfully
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{60A9363C-5270-4A43-A6E4-A2FF10BD0F10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60A9363C-5270-4A43-A6E4-A2FF10BD0F10}" => key removed successfully
C:\Windows\System32\Tasks\Msouflui not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Msouflui" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65FAB375-5C9B-422C-BA52-D4640BECE2E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65FAB375-5C9B-422C-BA52-D4640BECE2E7}" => key removed successfully
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EB4D63B-B9FB-44BE-8150-330461C9086D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EB4D63B-B9FB-44BE-8150-330461C9086D}" => key removed successfully
C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91CEDBA4-F59A-458E-9872-3BC242A2B768}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91CEDBA4-F59A-458E-9872-3BC242A2B768}" => key removed successfully
C:\Windows\System32\Tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{939DD84A-EE72-462A-B5F7-4EC770D77172}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{939DD84A-EE72-462A-B5F7-4EC770D77172}" => key removed successfully
C:\Windows\System32\Tasks\Crossbrowse not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Crossbrowse" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F8AC108-4F23-45DB-B348-FFC30CA00E9A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F8AC108-4F23-45DB-B348-FFC30CA00E9A}" => key removed successfully
C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A3F5DF1A-12BD-4A6B-B88E-C9409B1CB21C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3F5DF1A-12BD-4A6B-B88E-C9409B1CB21C}" => key removed successfully
C:\Windows\System32\Tasks\IneedSpeed Update not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IneedSpeed Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9B0AB88-B394-44E4-8592-0165F8527AFD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9B0AB88-B394-44E4-8592-0165F8527AFD}" => key removed successfully
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB812764-E1CD-4ED6-BEB3-A6716B7380CE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB812764-E1CD-4ED6-BEB3-A6716B7380CE}" => key removed successfully
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C0E64DAA-FBD4-4DFC-ACF7-49054E9B9283}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0E64DAA-FBD4-4DFC-ACF7-49054E9B9283}" => key removed successfully
C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C36928FA-A219-4712-B78B-FEB4D55EE9BA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C36928FA-A219-4712-B78B-FEB4D55EE9BA}" => key removed successfully
C:\Windows\System32\Tasks\{B73072F1-ABE4-455D-9175-7FB9C096E10F} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B73072F1-ABE4-455D-9175-7FB9C096E10F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2AB08C0-8901-4919-BA8F-14EF972CB55D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2AB08C0-8901-4919-BA8F-14EF972CB55D}" => key removed successfully
C:\Windows\System32\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10_user => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10_user" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6D8D14C-B9F6-41B1-8BC8-8678D8DD69E5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6D8D14C-B9F6-41B1-8BC8-8678D8DD69E5}" => key removed successfully
C:\Windows\System32\Tasks\ZYICP not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZYICP" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBE3C925-A7EC-4FFE-A4BD-78C505289737}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBE3C925-A7EC-4FFE-A4BD-78C505289737}" => key removed successfully
C:\Windows\System32\Tasks\{509E09E5-D60C-454A-A352-E9175BD2F7C4} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{509E09E5-D60C-454A-A352-E9175BD2F7C4}" => key removed successfully
C:\Windows\Tasks\APSnotifierPP1.job not found.
C:\Windows\Tasks\APSnotifierPP2.job not found.
C:\Windows\Tasks\APSnotifierPP3.job not found.
C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.job not found.
C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7.job not found.
C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10_user.job not found.
C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3.job not found.
C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.job not found.
C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5_user.job not found.
C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.job not found.
C:\Windows\Tasks\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7.job not found.
C:\Windows\Tasks\CIMT_daily_S-1-5-21-2695581885-3589152984-3162700467-1001.job not found.
C:\Windows\Tasks\CIMT_S-1-5-21-2695581885-3589152984-3162700467-1001.job not found.
C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job not found.
C:\Windows\Tasks\Crossbrowse.job not found.
C:\Windows\Tasks\g5EHHvd7KBE2FYc8jv1Ik.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job not found.
C:\Windows\Tasks\IneedSpeed Update.job not found.
C:\Windows\Tasks\MTCYOKLOLS1.job not found.
C:\Users\jklm\AppData\Local\Temp\7T02k5WOk0.tmp => moved successfully.

"C:\ProgramData\FlashBeat" folder move:

Could not move "C:\ProgramData\FlashBeat" folder => Scheduled to move on reboot.

"C:\Program Files (x86)\Cinema_Plus-1.2V19.06" => File/Folder not found.

"C:\ProgramData\WBRYXRSt" folder move:

Could not move "C:\ProgramData\WBRYXRSt" folder => Scheduled to move on reboot.

"C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131" folder move:

Could not move "C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131" folder => Scheduled to move on reboot.

"C:\Program Files (x86)\Infonaut_1.10.0.14" => File/Folder not found.

"C:\Users\jklm\AppData\Local\SmartWeb" folder move:

Could not move "C:\Users\jklm\AppData\Local\SmartWeb" folder => Scheduled to move on reboot.

"C:\Program Files (x86)\SearchProtect" => File/Folder not found.
"C:\Users\jklm\AppData\Local\Temp\{8565EB50-E289-4892-A596-DA6331E51B86}" => File/Folder not found.

"C:\Program Files (x86)\Smwyyntm1ndi1zdz" folder move:

Could not move "C:\Program Files (x86)\Smwyyntm1ndi1zdz" folder => Scheduled to move on reboot.

"C:\Users\jklm\AppData\Local\SmartWeb" folder move:

Could not move "C:\Users\jklm\AppData\Local\SmartWeb" folder => Scheduled to move on reboot.

"C:\Program Files\Kromtech" => File/Folder not found.
"C:\Program Files (x86)\version85IneedSpeed" => File/Folder not found.
"C:\Program Files (x86)\globalUpdate" => File/Folder not found.
C:\Program Files (x86)\Kotato => moved successfully.

"C:\ProgramData\WBRYXRSt" folder move:

Could not move "C:\ProgramData\WBRYXRSt" folder => Scheduled to move on reboot.

"C:\Windows\System32\drivers\nwjkm2z2y3mwbdd.sys" => File/Folder not found.
"C:\Windows\system32\Drivers\webTinstMKTN84.sys" => File/Folder not found.
C:\Program Files (x86)\Smwyyntm1ndi1zdz\nwjkm2z2y3mwbdd.exe => moved successfully.
"C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe" => File/Folder not found.

"C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131" folder move:

Could not move "C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131" folder => Scheduled to move on reboot.

"C:\ProgramData\Msouflui" folder move:

Could not move "C:\ProgramData\Msouflui" folder => Scheduled to move on reboot.

"C:\Program Files (x86)\Consumer Input" => File/Folder not found.

"C:\Program Files (x86)\Games Bot" folder move:

Could not move "C:\Program Files (x86)\Games Bot" folder => Scheduled to move on reboot.

"C:\Users\jklm\AppData\Local\gmsd_us_005010007" folder move:

Could not move "C:\Users\jklm\AppData\Local\gmsd_us_005010007" folder => Scheduled to move on reboot.

"C:\Program Files (x86)\Crossbrowse\Crossbrowse" folder move:

Could not move "C:\Program Files (x86)\Crossbrowse\Crossbrowse" folder => Scheduled to move on reboot.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2695581885-3589152984-3162700467-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2695581885-3589152984-3162700467-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2695581885-3589152984-3162700467-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2695581885-3589152984-3162700467-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  ipconfig /release =========

Windows IP Configuration

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::48d1:dae9:8eb:a1d9%11
   Default Gateway . . . . . . . . . :

Tunnel adapter isatap.{532EA892-0F4F-476E-8CAC-78C4C48327DB}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========

=========  ipconfig /renew =========

Windows IP Configuration

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::48d1:dae9:8eb:a1d9%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.64
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

There's no user specified settings to be reset.

========= End of CMD: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {3F812D97-43C7-4927-B2C0-C754DCBB5436}.
Unable to cancel {A84C7B97-7A43-408C-89E2-7EA335F9C2E2}.
{8480A430-3124-45B0-B756-5B51782A5046} canceled.
{08913353-337A-4C78-A0BF-A2DECF86B72B} canceled.
{92E1CBC6-D0D8-4670-A0FC-70D711490E35} canceled.
{1F6A9A25-692A-4F4E-9D4E-04AE16776009} canceled.
{A4A43A90-91B2-49AD-99D7-4AB1BBD1C412} canceled.
{3250BC2B-D225-44F4-948E-D33479E82F9C} canceled.
{1CDD7F22-C22F-4AF9-9228-5C8C60F5F169} canceled.
{346CDEA2-C2B6-4965-B85B-BBCBE644119E} canceled.
{5FB2CC29-3E9B-49D2-9B30-391BE4CD0B9C} canceled.
{36939108-B457-4E5B-8002-950F3787A7F6} canceled.
{B096967F-A845-4F2F-B2D8-741C65369E3D} canceled.
{16CC4846-E217-4491-9A06-0872D80C272F} canceled.
{4E855723-5BF9-46D5-932D-78FA87133DAA} canceled.
{9C4C29D4-D476-4093-ADC8-E8F8EB3E5859} canceled.
{9423C37F-483C-4372-B843-017F0D688BD0} canceled.
{FE2820A8-9089-4071-9D07-AD683317E583} canceled.
{999530AC-6D28-4921-9A2A-4D14D5BFF5BE} canceled.
{B86FCD48-4E31-44D9-AB7E-F1B6D9B866E2} canceled.
{39B7C34D-421D-49D0-A5AC-262C27F13166} canceled.
{6D813DA3-9DF4-4C06-92F2-C31127310225} canceled.
{AD8E7021-EB0E-4C89-8D7A-6D73C45391C7} canceled.
{FD845298-F7A8-42F9-931D-401218FDA2A3} canceled.
{900D217E-6519-4F76-B39B-0CCB2A4B6F56} canceled.
{4A6C698E-A518-43FA-B81A-90DCE79898C7} canceled.
{B491343F-BE04-4451-B7A3-76A002098667} canceled.
{4EF990B5-78A8-46E8-AE26-3BD730BD5943} canceled.
{ED70CE32-875D-4240-AE5E-49C46D4AF3BF} canceled.
{C7CE2E24-25B4-424F-A0F8-4FC79C8EF8C8} canceled.
{C475DB09-90A1-4C9D-8D89-9343969590EF} canceled.
{04109D78-A216-4F10-9E4E-315417F5DFCF} canceled.
{C0BB5E26-AFA1-4F57-891A-5FC99C08772C} canceled.
{0104226A-D877-46B9-AFAB-7F126C63B003} canceled.
{0B2D4B5F-3BD5-4EDB-88E8-D42891E8D92D} canceled.
{8051580F-B1DD-4F0B-92CA-642AD3CCC8EC} canceled.
{6B80C8EE-8AA5-43FE-908F-5F294CF9CA18} canceled.
{E7074EC8-8C98-4DF8-8DCC-8034CDDE7D70} canceled.
{5BDFA627-A8FE-421C-A4C1-34214BBCEF48} canceled.
{E7355BEA-82EB-4BD9-B50A-5147D51D9A6C} canceled.
{DC0B9868-6355-4DC8-9B88-EDE4B2B22618} canceled.
{2C2717B1-6E92-4DF3-9E3B-B722B1CAFC84} canceled.
{5CD9DFC7-A7B3-4A8F-97B2-41D25565E09F} canceled.
{6D6E591C-F67A-4849-87D5-ADD05769FCB2} canceled.
{A84958DB-E28F-490E-B705-F85B806FF304} canceled.
{D34941E4-A483-441B-BB37-F8F7048F727C} canceled.
{3AB2216E-001F-4DED-8EA3-E3F927CC3F86} canceled.
{8EB7B3BD-AFBF-4506-8842-06BBA7FD5652} canceled.
{98301113-E199-42AF-813A-A0AAF9FFF61B} canceled.
{A7E429A1-F278-4B0D-944E-9BEB89BD4C3A} canceled.
{B5B42818-65D8-4555-8ECC-97309229550D} canceled.
{19379869-1230-4088-8426-30E600D3D308} canceled.
{D4B00E66-D1BA-4E05-A904-B1816A740F91} canceled.
{7D066093-E0E2-4ED3-9F73-C0158D6B39F9} canceled.
{EF322A7B-8AF4-4F16-9D74-FB225E2BEDDF} canceled.
{1CE37E7A-3FFC-4BA8-A631-2397129FF9EC} canceled.
{9EBFD27A-0753-44A3-9190-742E032B7401} canceled.
{059FE3E8-E4C4-4375-B0AF-9225955654AE} canceled.
{F36E5125-A3FC-4430-BEEF-60EBB7709126} canceled.
{8F455134-EE83-4676-BDA1-41454BE67697} canceled.
{B54C7954-8989-480A-8E91-F7FF76FCF7C5} canceled.
{80DA3D64-A610-4AF2-B73E-F240AC8BCC53} canceled.
60 out of 62 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 415.9 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-20 19:23:15)<=

C:\Users\jklm\AppData\Local\gmsd_us_005010007 => Is moved successfully
C:\Users\jklm\AppData\Local\Crossbrowse => Is moved successfully
C:\Program Files (x86)\gmsd_us_005010007 => Is moved successfully
C:\Program Files (x86)\Crossbrowse => moved successfully
C:\Users\jklm\AppData\Local\Games Bot => Is moved successfully
C:\Program Files (x86)\Games Bot => Is moved successfully
C:\Users\jklm\AppData\Local\SmartWeb => moved successfully
C:\ProgramData\Msouflui => Is moved successfully
C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131 => Is moved successfully
C:\ProgramData\WBRYXRSt => Is moved successfully
C:\Program Files (x86)\Smwyyntm1ndi1zdz => moved successfully
C:\ProgramData\FlashBeat => Is moved successfully
C:\ProgramData\FlashBeat => Is moved successfully
C:\ProgramData\WBRYXRSt => Is moved successfully
C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131 => Is moved successfully
C:\Users\jklm\AppData\Local\SmartWeb => Is moved successfully
C:\Program Files (x86)\Smwyyntm1ndi1zdz => Is moved successfully
C:\Users\jklm\AppData\Local\SmartWeb => Is moved successfully
C:\ProgramData\WBRYXRSt => Is moved successfully
C:\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131 => Is moved successfully
C:\ProgramData\Msouflui => Is moved successfully
C:\Program Files (x86)\Games Bot => Is moved successfully
C:\Users\jklm\AppData\Local\gmsd_us_005010007 => Is moved successfully
C:\Program Files (x86)\Crossbrowse\Crossbrowse => Is moved successfully

==== End of Fixlog 19:23:16 ====

[md262]

# AdwCleaner v4.206 - Logfile created 20/06/2015 at 19:44:08
# Updated 01/06/2015 by Xplode
# Database : 2015-06-17.1 [Server]
# Operating system : Windows 7 Home Premium  (x64)
# Running from : C:\Users\jklm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KOX1QG0T\AdwCleaner[1].exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Users\jklm\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\jklm\Documents\Optimizer Pro
Folder Deleted : C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp
File Deleted : C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0
File Deleted : C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
File Deleted : C:\Windows\apppatch\apppatch64\vcldr64.dll
File Deleted : C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Deleted : C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
File Deleted : C:\Windows\AppPatch\nbin\VC32Loader.dll
File Deleted : C:\Users\jklm\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
Key Deleted : HKLM\SOFTWARE\Classes\CRSBRWSHTML
Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\crossbrowse.exe
Value Deleted : HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [CRSBRWSHTML]
Value Deleted : HKLM\SOFTWARE\Classes\.html\OpenWithProgids [CRSBRWSHTML]
Value Deleted : HKLM\SOFTWARE\RegisteredApplications [Crossbrowse]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
Key Deleted : HKLM\SOFTWARE\fcd166fa-7ffd-4c6f-b98d-86eda14748f5
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\CrossBrowser
Key Deleted : HKCU\Software\Games Bot
Key Deleted : HKCU\Software\Crossbrowse
Key Deleted : HKCU\Software\YorkNewCin
Key Deleted : HKCU\Software\HighDefAction
Key Deleted : HKCU\Software\ArenaHD
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SimpleFiles
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\LuckyTab
Key Deleted : HKLM\SOFTWARE\ORBTR
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\FlashBeat
Key Deleted : HKLM\SOFTWARE\Games Bot
Key Deleted : HKLM\SOFTWARE\Crossbrowse
Key Deleted : HKLM\SOFTWARE\YorkNewCin
Key Deleted : HKLM\SOFTWARE\HighDefAction
Key Deleted : HKLM\SOFTWARE\Universal
Key Deleted : HKLM\SOFTWARE\Hades
Key Deleted : HKLM\SOFTWARE\ArenaHD
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZombieNews
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincheck
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Setup Support for Consumer Input
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashBeat
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Games Bot
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hades
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\FlashBeat
Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.7600.16700

-\\ Google Chrome v43.0.2357.124

[C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MB8501075-410F-40E7-B775-2EF1E5A45EE7&SearchSource=58&CUI=&UM=8&UP=SP17DD1ACC-9BD4-4ED6-B778-129446FDBF4C&D=062015&q={searchTerms}&SSPV=
[C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MB8501075-410F-40E7-B775-2EF1E5A45EE7&SearchSource=55&CUI=&UM=8&UP=SP17DD1ACC-9BD4-4ED6-B778-129446FDBF4C&D=062015&SSPV=
[C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Deleted [Startup_URLs] : hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MB8501075-410F-40E7-B775-2EF1E5A45EE7&SearchSource=55&CUI=&UM=8&UP=SP17DD1ACC-9BD4-4ED6-B778-129446FDBF4C&D=062015&SSPV=
[C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MB8501075-410F-40E7-B775-2EF1E5A45EE7&SearchSource=55&CUI=&UM=8&UP=SP17DD1ACC-9BD4-4ED6-B778-129446FDBF4C&D=062015&SSPV=
[C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 4D45B59F414BE54AA1CE46D3DEEE1FE3964CBE22E7B79FB16C170F5618BD059A"},"software_reporter":{"prompt_reason":"0B253AD95587AA4DA400E55F12A59D706DD6599C3B6EFDA732AD0772E46D42CF","prompt_seed":"E43D020694A951D47D4053578C4CA322323590BB01FB5787F60804DE3BF9340A","prompt_version":"9078AFA52476A83BAAB6B1E906B72DDCB6FCCB1117E7B7DFAFA1BE2B1C15C331"},"sync":{"remaining_rollback_tries":"8E15BD1C16434175BF14B2AA446188F3579F6EEB129EB9B3DBD72D54F40BED42"}},"super_mac":"C2480A267F0069991005F917CAD35B3775C3C1192BE26D0B4E3DA7C94382EB29"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MB8501075-410F-40E7-B775-2EF1E5A45EE7&SearchSource=55&CUI=&UM=8&UP=SP17DD1ACC-9BD4-4ED6-B778-129446FDBF4C&D=062015&SSPV=
[C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Leslie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [17044 bytes] - [20/06/2015 19:37:44]
AdwCleaner[S0].txt - [16479 bytes] - [20/06/2015 19:44:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16539  bytes] ##########

[md262]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
JKLM-PC on 20-06-2015 19:57:21
Running from C:\Users\jklm\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(GARMIN Corp.) C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_17_0_0_188_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] (Microsoft Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-01-27] (Alcor Micro Corp.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-26] (cyberlink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Run: [ANT Agent] => C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14731776 2013-02-15] (GARMIN Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-07] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-07] (Sun Microsystems, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2010-05-13] (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-07] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-07] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2011-04-07] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-04-07] (Microsoft Corporation)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-07] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-09-09] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-07] (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-03-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-04-23]

Chrome:
=======
CHR Profile: C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-19]
CHR Extension: (Google Docs) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-19]
CHR Extension: (Google Drive) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-19]
CHR Extension: (YouTube) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-19]
CHR Extension: (Google Search) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-19]
CHR Extension: (YouTube Downloader Extension) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebjipgnedcljapmafeafekmlebefcafp [2014-05-27]
CHR Extension: (Google Sheets) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-21]
CHR Extension: (Google Wallet) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-22]
CHR Extension: (Gmail) - C:\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-26] (CyberLink)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [32256 2009-07-07] (http://libusb-win32.sourceforge.net)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
S0 Spfd; system32\DRIVERS\Spfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-20 19:57 - 2015-06-20 19:57 - 00018691 _____ C:\Users\jklm\Desktop\FRST.txt
2015-06-20 19:56 - 2015-06-20 19:57 - 00000000 ____D C:\Users\jklm\Desktop\06-19-15
2015-06-20 19:56 - 2015-06-20 19:56 - 00000000 ____D C:\Users\jklm\Desktop\Run Vids
2015-06-20 19:37 - 2015-06-20 19:44 - 00000000 ____D C:\AdwCleaner
2015-06-20 19:36 - 2015-06-20 19:36 - 02231296 _____ C:\Users\jklm\Desktop\AdwCleaner.exe
2015-06-20 12:28 - 2015-06-20 19:45 - 00000112 _____ C:\Windows\setupact.log
2015-06-20 12:28 - 2015-06-20 12:28 - 00015612 _____ C:\Windows\PFRO.log
2015-06-20 12:28 - 2015-06-20 12:28 - 00000000 _____ C:\Windows\setuperr.log
2015-06-20 12:25 - 2015-06-20 12:26 - 02231296 _____ C:\Users\jklm\Downloads\AdwCleaner.exe
2015-06-20 10:49 - 2015-06-20 10:49 - 00243408 _____ C:\Users\jklm\Downloads\Unconfirmed 532667.crdownload
2015-06-20 07:44 - 2015-06-20 07:44 - 00001250 _____ C:\Users\jklm\Downloads\setup.website
2015-06-20 06:17 - 2015-06-20 19:57 - 00000000 ____D C:\FRST
2015-06-20 06:17 - 2015-06-20 06:17 - 02109952 _____ (Farbar) C:\Users\jklm\Desktop\FRST64.exe
2015-06-20 00:35 - 2015-06-20 00:35 - 05628633 _____ (Swearware) C:\Users\jklm\Desktop\ComboFix.exe
2015-06-20 00:12 - 2015-06-20 00:12 - 00002020 _____ C:\Users\jklm\Desktop\Malware Help Needed. - Geeks to Go Forum.url
2015-06-19 23:37 - 2015-06-19 23:37 - 00602112 _____ (OldTimer Tools) C:\Users\jklm\Desktop\OTL.exe
2015-06-19 22:56 - 2015-06-20 12:28 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-06-17 22:35 - 2015-06-17 22:35 - 00000000 ____D C:\Users\jklm\Desktop\Sutter 2015 Slideshow
2015-06-03 22:40 - 2015-06-03 22:40 - 00165670 _____ C:\Users\jklm\Desktop\104-4171455-9217552.txt
2015-05-29 08:02 - 2015-06-08 22:04 - 00000000 ____D C:\Users\jklm\Desktop\md new mp3

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-20 19:56 - 2013-03-09 16:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-20 19:53 - 2009-07-13 21:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-20 19:53 - 2009-07-13 21:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-20 19:53 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-20 19:52 - 2009-07-13 22:10 - 01477077 _____ C:\Windows\WindowsUpdate.log
2015-06-20 19:50 - 2009-07-13 22:13 - 00729688 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-20 19:47 - 2013-05-19 18:46 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-20 19:47 - 2011-04-07 13:04 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-06-20 19:47 - 2011-04-07 13:04 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-06-20 19:47 - 2011-04-07 12:35 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-06-20 19:45 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-20 19:39 - 2013-05-19 18:46 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-20 19:32 - 2011-06-11 19:25 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-06-20 19:30 - 2011-06-12 14:00 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2015-06-20 19:30 - 2011-06-11 19:25 - 00003440 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-06-20 19:23 - 2011-06-11 19:26 - 00001409 _____ C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-20 19:23 - 2011-06-11 19:26 - 00001375 _____ C:\Users\jklm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-06-20 12:28 - 2011-06-11 19:25 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-06-20 12:22 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-06-20 12:22 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-06-20 07:28 - 2011-06-12 19:58 - 00000000 ____D C:\Users\jklm\Documents\Outlook Files
2015-06-20 00:56 - 2012-09-02 15:03 - 00000000 ___RD C:\Users\jklm\Desktop\mdf
2015-06-19 23:17 - 2013-05-19 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-19 23:11 - 2013-07-27 11:19 - 00000000 ____D C:\Users\jklm\AppData\Roaming\MediaMonkey
2015-06-19 22:54 - 2013-05-19 19:08 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-06-12 20:44 - 2011-10-26 20:51 - 00000000 ____D C:\Users\jklm\Documents\(Jenna)
2015-06-10 04:57 - 2013-03-09 16:35 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 04:57 - 2013-03-09 16:35 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-10 04:57 - 2013-03-09 16:35 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-08 11:00 - 2011-06-11 19:25 - 00004258 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-06-01 22:38 - 2011-06-11 21:00 - 00000000 ____D C:\Users\jklm\AppData\Local\Microsoft Help
2015-05-26 22:32 - 2012-02-05 20:22 - 00000000 ____D C:\Users\jklm\Documents\(Kayla)

==================== Files in the root of some directories =======

2013-11-17 19:03 - 2013-11-17 19:03 - 0004096 ____H () C:\Users\jklm\AppData\Local\keyfile3.drm
2014-03-29 20:31 - 2015-03-01 17:02 - 0000614 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\jklm\AppData\Local\Temp\Quarantine.exe
C:\Users\jklm\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-20 12:58

==================== End of log ============================

[md262]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
2015-06-20 19:57:54
Running from C:\Users\jklm\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2695581885-3589152984-3162700467-500 - Administrator - Disabled)
Guest (S-1-5-21-2695581885-3589152984-3162700467-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2695581885-3589152984-3162700467-1002 - Limited - Enabled)
jklm (S-1-5-21-2695581885-3589152984-3162700467-1001 - Administrator - Enabled) => C:\Users\jklm
Leslie (S-1-5-21-2695581885-3589152984-3162700467-1003 - Administrator - Enabled) => C:\Users\Leslie
Michael (S-1-5-21-2695581885-3589152984-3162700467-1004 - Administrator - Enabled) => C:\Users\Michael

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cinema_Plus-1.2V19.06 (HKLM-x32\...\Cinema_Plus-1.2V19.06) (Version: 1.36.01.22 - Cinema_Plus-1.2V19.06) <==== ATTENTION
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Marketplace Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Stage (HKLM-x32\...\{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}) (Version: 1.4.173.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Free Audio Converter version 5.0.38.423 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.38.423 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.32.327 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.)
GamesDesktop 025.005010007 (HKLM-x32\...\gmsd_us_005010007_is1) (Version:  - GAMESDESKTOP) <==== ATTENTION
Garmin ANT Agent (HKLM\...\{20B0E07B-12EA-4BAB-A3B1-E17D7568EB6F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
IneedSpeed (HKLM-x32\...\7D97A712-EA2C-C889-15C2-FB6C8019A56D) (Version:  - IneedSpeed-software)
Infonaut 1.10.0.14 (HKLM-x32\...\Infonaut_1.10.0.14) (Version: 1.10.0.14 - Infonaut) <==== ATTENTION
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java™ 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Java™ 6 Update 23 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LaserJet 1020 series (HKLM-x32\...\HP-LaserJet 1020 series) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.0.657.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}) (Version: 1.6.915.87 - Fitipower)
Multimedia Card Reader (x32 Version: 1.6.915.87 - Fitipower) Hidden
Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Self-service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.169 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
WildTangent Games App (Dell Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell) (Version: 4.0.5.32 - WildTangent)
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices  (07/07/2009 1.12.2) (HKLM\...\24DA573F901348FFDFF7717497830D45BE0C362E) (Version: 07/07/2009 1.12.2 - Dynastream Innovations)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
YouTube Downloader 5 (HKLM-x32\...\YouTube Downloader_is1) (Version:  - Kotato)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

27-05-2015 19:42:13 Windows Update
31-05-2015 10:23:57 Windows Update
03-06-2015 18:00:52 Windows Update
06-06-2015 18:01:32 Windows Update
10-06-2015 18:01:14 Windows Update
13-06-2015 22:05:23 Windows Update
17-06-2015 20:41:30 Windows Update
19-06-2015 23:03:43 Removed PCKeeper
19-06-2015 23:04:49 Removed AccountService
20-06-2015 12:22:20 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {108C1E21-5089-48EF-BD11-1501899CE4AC} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2010-08-05] ()
Task: {21738517-6679-4732-9603-5541C14E2072} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11] (Microsoft Corporation)
Task: {5773C316-3E31-4457-80EB-A4D9D6313CF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19] (Google Inc.)
Task: {5CD2788A-2A84-4243-860F-29BF6BE12267} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2010-08-05] (PC-Doctor, Inc.)
Task: {9C494CE0-EAD7-4D7A-B043-EB0E53A5BD92} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-19] (Google Inc.)
Task: {AACBE3DE-4533-41A1-9110-33CA1009219D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)
Task: {EC030BBA-1A99-48A5-9616-E98AC8CE8371} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {F6BA4C1F-5DC6-44F3-9C26-E783E739F7FC} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-08-05] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (Whitelisted) ==============

2011-06-12 13:32 - 2010-05-13 23:48 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2011-06-12 13:33 - 2010-05-13 23:48 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-04-07 12:35 - 2011-08-18 08:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2010-11-17 08:35 - 2010-11-17 08:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-11-17 08:35 - 2010-11-17 08:35 - 01440240 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-24 20:44 - 2010-11-24 20:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2010-11-17 08:35 - 2010-11-17 08:35 - 00657904 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\jklm\Desktop\noname.eml:OECustomProperty
AlternateDataStreams: C:\Users\jklm\Downloads\To celebrate Megan&amp#39s bd - Saturday, July 21. (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\jklm\Downloads\To celebrate Megan&amp#39s bd - Saturday, July 21..eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2695581885-3589152984-3162700467-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2015 07:30:02 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3040) Asapi: (19:30:02:4260)(3040) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (06/20/2015 07:30:02 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3040) Asapi: (19:30:02:4260)(3040) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'

Error: (06/20/2015 07:23:23 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (4112) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (06/20/2015 07:22:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/20/2015 02:06:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/20/2015 01:46:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/20/2015 01:06:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/20/2015 00:46:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/20/2015 00:30:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (06/20/2015 11:30:31 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

System errors:
=============
Error: (06/20/2015 07:47:59 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/20/2015 07:45:16 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%835

 Error Code: 0x80004005

 Error description: Unspecified error

 Reason: %%842

Error: (06/20/2015 07:45:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Spfd

Error: (06/20/2015 07:44:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/20/2015 07:44:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 2 time(s).

Error: (06/20/2015 07:44:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (06/20/2015 07:44:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/20/2015 07:44:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/20/2015 07:44:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/20/2015 07:44:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office:
=========================
Error: (06/20/2015 07:30:02 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3040) Asapi: (19:30:02:4260)(3040) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (06/20/2015 07:30:02 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (3040) Asapi: (19:30:02:4260)(3040) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'

Error: (06/20/2015 07:23:23 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail4112WindowsMail0:

Error: (06/20/2015 07:22:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/20/2015 02:06:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/20/2015 01:46:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/20/2015 01:06:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/20/2015 00:46:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/20/2015 00:30:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/20/2015 11:30:31 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 22%
Total physical RAM: 7991.12 MB
Available physical RAM: 6209.65 MB
Total Pagefile: 15980.34 MB
Available Pagefile: 14017.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1383.41 GB) (Free:1207.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: CB59CF0B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1383.4 GB) - (Type=07 NTFS)

==================== End of log ============================

[Essexboy]

That looks much better, how is the computer behaving now ?

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan




On completion of the scan click save log, save it to your desktop and post in your next reply

[md262]

Thank you. While downloading the avast definitions, my PC keeps getting locked up. Any advice on how to w to address this? Thanks!

[Essexboy]

Lets try a smaller AV


Click here and select the blue Run ESET Online Scanner button:


If using Internet Explorer:

• Accept the Terms of Use and click Start.
• Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

• A link to esetsmartinstaller_enu.exe will be provided. Make sure to download it to the desktop.
• Double click esetsmartinstaller_enu.exe.
• Allow the Terms of Use and click Start.

To perform the scan:

• Make sure that Enable detection of potentially unwanted applications is checked.
• In the Advanced Settings dropdown menu:
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Use custom proxy settings is unchecked.

• Now click on Start.
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• Now click on Finish.
• Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

[md262]

Here is the log; 107 infected files were found:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Update Init
Update Download
Update Finalize
Updated modules version: 24431
 

*****************************

[Essexboy]

Could you post or attach the log please ..  As I need to see which ones I have killed and which need to be killed

[md262]

Sorry, is this what you needed to see?  Also, can I reinstall Google Chrome or is there a different browser you recommend.  Thanks.

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir Win32/SpeedingUpMyPC.O application
C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir a variant of MSIL/Adware.PullUpdate.L.gen application
C:\AdwCleaner\Quarantine\C\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.85_0\extensionData\plugins\19.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.85_0\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.85_0\js\d283715cc99e6b761ee7722aa550f7b5.js.vir JS/Toolbar.Crossrider.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.85_0\js\api\08c075aa149b8a25f35733b022b147c6.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.85_0\js\api\aba9df758e1a03c33cca75e65e1a3530.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.85_0\js\api\bdd24dd607f5d83436ea7e97cbd4cbc5.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.85_0\js\lib\2ec27dff1b2bb11e8ff9cb0482b84fbe.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.85_0\js\lib\3032ff50902efdafe4af7a7f800ef85f.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.85_0\js\lib\537359c324ef6f3955cc54a5b927390a.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.85_0\js\lib\74aef3eb9ab55371448b357a8f8e9371.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.85_0\js\lib\acfd44c1535dc82ed4a504347558a6a0.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.85_0\js\lib\cf16f8d5bffcdfecaa3ebead528f4038.js.vir JS/Toolbar.Crossrider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\jklm\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.85_0\js\lib\dc77406036b700c2651cefee591579a0.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\apppatch\apppatch64\vcldr64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\apppatch\nbin\VC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\22c5dbb2-38e8-401e-a36d-e396d9be6748\5ec10304-7162-42d3-851d-cd2cac0d907f.dll a variant of Win32/Toolbar.CrossRider.CG potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\AnyProtectEx\AnyProtect.exe Win32/AnyProtect.H potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-6.exe a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-1-7.exe a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-10.exe a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-3.exe a variant of Win32/Toolbar.CrossRider.BV potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-5.exe a variant of Win32/Toolbar.CrossRider.CC potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-6.exe a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-64.exe a variant of Win64/Toolbar.Crossrider.N potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema_Plus-1.2V19.06\ca281dfc-e383-4fa1-80fa-dc79c4d0c772-7.exe a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema_Plus-1.2V19.06\fcd166fa-7ffd-4c6f-b98d-86eda14748f5.crx JS/Toolbar.Crossrider.G potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema_Plus-1.2V19.06\fcd166fa-7ffd-4c6f-b98d-86eda14748f5.dll a variant of Win32/Toolbar.CrossRider.CG potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema_Plus-1.2V19.06\UninstallBrw.exe a variant of Win32/Toolbar.CrossRider.CD potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Cinema_Plus-1.2V19.06\utils.exe a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Consumer Input\Consumer Input\Update\1.3.25.309\goopdate.dll a variant of Win32/Compete.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Consumer Input\Consumer Input\Update\1.3.25.309\psmachine.dll a variant of Win32/Compete.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Consumer Input\Consumer Input\Update\1.3.25.309\psuser.dll a variant of Win32/Compete.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Crossbrowse\Crossbrowse\Crossbrowse\Crossbrowse\Application\utility.exe a variant of Win32/Toolbar.CrossRider.CN potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\globalupdate.exe Win32/AlteredSoftware.F potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\1.3.25.0\globalupdate.exe Win32/AlteredSoftware.F potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\1.3.25.0\globalupdateBroker.exe Win32/AlteredSoftware.H potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\1.3.25.0\globalupdateCrashHandler.exe Win32/AlteredSoftware.F potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\1.3.25.0\globalupdateOnDemand.exe Win32/AlteredSoftware.H potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\1.3.25.0\psmachine.dll a variant of Win32/AlteredSoftware.G potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\1.3.25.0\psuser.dll a variant of Win32/AlteredSoftware.G potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll.xBAD a variant of Win32/AlteredSoftware.E potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\gmsd_us_005010007\gamesdesktop_widget.exe a variant of Win32/AdWare.EoRezo.AU application
C:\FRST\Quarantine\C\Program Files (x86)\gmsd_us_005010007\gmsd_us_005010007.exe a variant of Win32/AdWare.EoRezo.AU application
C:\FRST\Quarantine\C\Program Files (x86)\gmsd_us_005010007\predm.exe a variant of Win32/Adware.EoRezo.AZ application
C:\FRST\Quarantine\C\Program Files (x86)\Hades\HadesUninstaller.exe a variant of Win32/TrojanDropper.Addrop.J trojan
C:\FRST\Quarantine\C\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe a variant of Win32/Adware.Vitruvian.F application
C:\FRST\Quarantine\C\Program Files (x86)\LuckyTab\LuckyTab.exe a variant of Win32/LuckyTab.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ORBTR\orbiter.dll a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\ORBTR\uninstall.exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun a variant of Win32/ClientConnect.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll a variant of Win32/ClientConnect.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll a variant of Win32/ClientConnect.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll a variant of Win32/ClientConnect.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll a variant of Win32/ClientConnect.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll a variant of Win32/ClientConnect.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Smwyyntm1ndi1zdz\nwjkm2z2y3mwbdd.exe.xBAD a variant of Win32/Adware.Salus.I application
C:\FRST\Quarantine\C\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe a variant of Win32/Adware.Salus.B application
C:\FRST\Quarantine\C\Program Files (x86)\version85IneedSpeed\version85IneedSpeed\192.dll a variant of Win32/Adware.AddLyrics.EB application
C:\FRST\Quarantine\C\Program Files (x86)\version85IneedSpeed\version85IneedSpeed\192_x64.dll a variant of Win64/Adware.AddLyrics.I application
C:\FRST\Quarantine\C\Program Files (x86)\version85IneedSpeed\version85IneedSpeed\b4IneedSpeedQ95.exe a variant of Win32/Adware.AddLyrics.EE application
C:\FRST\Quarantine\C\Program Files (x86)\version85IneedSpeed\version85IneedSpeed\Uninstall.exe a variant of Win32/Adware.AddLyrics.EB application
C:\FRST\Quarantine\C\Program Files (x86)\version85IneedSpeed\version85IneedSpeed\x64\LTSfityW.exe a variant of Win64/Adware.AddLyrics.H application
C:\FRST\Quarantine\C\Program Files (x86)\version85IneedSpeed\version85IneedSpeed\x64\webTinstMKTN84.sys Win64/Adware.AddLyrics.K application
C:\FRST\Quarantine\C\ProgramData\5aae4531dc23473f8da7a5bac9f3a51f\5aae4531dc23473f8da7a5bac9f3a51f.exe a variant of Win32/Adware.PicColor.AH application
C:\FRST\Quarantine\C\ProgramData\FlashBeat\FlashBeat.exe a variant of Win64/Adware.CouponMarvel.D application
C:\FRST\Quarantine\C\ProgramData\FlashBeat\FlashBeat64.dll a variant of Win64/Adware.CouponMarvel.B application
C:\FRST\Quarantine\C\ProgramData\Msouflui\1.0.1.0\uawiemem.exe a variant of MSIL/Adware.PullUpdate.P application
C:\FRST\Quarantine\C\ProgramData\WBRYXRSt\xfrcCqRE.exe a variant of MSIL/Adware.PullUpdate.G.gen application
C:\FRST\Quarantine\C\ProgramData\WBRYXRSt\dat\FkbzkHgnjhI.exe a variant of MSIL/Adware.PullUpdate.G.gen application
C:\FRST\Quarantine\C\ProgramData\WBRYXRSt\dat\gLIXeya.exe a variant of MSIL/Adware.PullUpdate.G.gen application
C:\FRST\Quarantine\C\ProgramData\WBRYXRSt\dat\reeJhwJuVq.dll a variant of MSIL/Adware.PullUpdate.K.gen application
C:\FRST\Quarantine\C\ProgramData\WBRYXRSt\dat\rznTgAxXm.dll a variant of MSIL/Adware.PullUpdate.K.gen application
C:\FRST\Quarantine\C\Users\jklm\AppData\Local\nsjBCD4.tmp.xBAD Win32/AnyProtect.G potentially unwanted application
C:\FRST\Quarantine\C\Users\jklm\AppData\Local\4C4C4544-1434754703-5610-8048-B7C04F445131\bnsl9328.exe a variant of Win32/Adware.ConvertAd.SW application
C:\FRST\Quarantine\C\Users\jklm\AppData\Local\4C4C4544-1434754844-5610-8048-B7C04F445131\onsrA65B.tmp Win32/Adware.ConvertAd.SL application
C:\FRST\Quarantine\C\Users\jklm\AppData\Local\4C4C4544-1434754844-5610-8048-B7C04F445131\pnsrA65C.exe a variant of Win32/Adware.ConvertAd.RS.gen application
C:\FRST\Quarantine\C\Users\jklm\AppData\Local\4C4C4544-1434754844-5610-8048-B7C04F445131\rnsrA65A.exe a variant of Win32/Adware.ConvertAd.TA application
C:\FRST\Quarantine\C\Users\jklm\AppData\Local\4C4C4544-1434754844-5610-8048-B7C04F445131\snsrA659.tmp Win32/Adware.ConvertAd.SK application
C:\FRST\Quarantine\C\Users\jklm\AppData\Local\avabvbavad\avabvbavad.exe a variant of Win32/Conduit.SearchProtect.Y potentially unwanted application
C:\FRST\Quarantine\C\Users\jklm\AppData\Local\avabvbavad\pbqrmvbub a variant of Win32/ClientConnect.A potentially unwanted application
C:\FRST\Quarantine\C\Users\jklm\AppData\Local\gmsd_us_005010007\upgmsd_us_005010007.exe a variant of Win32/Adware.EoRezo.AJ application
C:\FRST\Quarantine\C\Users\jklm\AppData\Local\gmsd_us_005010007\Download\majmp_gentleeeuu.exe multiple threats
C:\FRST\Quarantine\C\Users\jklm\AppData\Local\SmartWeb\SmartWebHelper.exe.xBAD Win32/Adware.ConvertAd.RC application
C:\FRST\Quarantine\C\Users\jklm\AppData\Local\SmartWeb\SmartWeb\SmartWebApp.exe a variant of Win32/PriceGong.C potentially unwanted application
C:\FRST\Quarantine\C\Users\jklm\AppData\Local\SmartWeb\SmartWeb\swhk.dll a variant of Win32/PriceGong.C potentially unwanted application
C:\FRST\Quarantine\C\Users\jklm\AppData\Local\SmartWeb\SmartWeb\__u.exe a variant of Win32/PriceGong.C potentially unwanted application
C:\FRST\Quarantine\C\Users\jklm\AppData\Local\Temp\7T02k5WOk0.tmp.xBAD a variant of Win32/LuckyTab.A potentially unwanted application
C:\FRST\Quarantine\C\Users\jklm\AppData\Roaming\g5EHHvd7KBE2FYc8jv1Ik.exe.xBAD a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application
C:\FRST\Quarantine\C\Users\jklm\AppData\Roaming\4C4C4544-1434779849-5610-8048-B7C04F445131\vnspB0B4.tmp a variant of Win32/Adware.ConvertAd.TF.gen application
C:\FRST\Quarantine\C\Users\jklm\AppData\Roaming\ASPackage\ASPackage.exe a variant of Win32/Adware.ConvertAd.TF.gen application
C:\FRST\Quarantine\C\Windows\system32\Drivers\nwjkm2z2y3mwbdd.sys.xBAD a variant of Win64/NetFilter.A potentially unsafe application
C:\FRST\Quarantine\C\Windows\system32\Drivers\webTinstMKTN84.sys.xBAD Win64/Adware.AddLyrics.K application
C:\Program Files (x86)\Apple Software Update\16647569-8790-4ae1-8f36-2085fab34041.dll a variant of Win32/Toolbar.CrossRider.CG potentially unwanted application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\OpenDownloaderManager\delta2.exe a variant of Win32/Toolbar.Babylon.F potentially unwanted application
C:\Users\jklm\Desktop\Mp3 Links\mp3 test\movies\1clickdvd\1CLICKDVDCOPY5v5994.exe a variant of Win32/OpenInstall potentially unwanted application
C:\Users\jklm\Downloads\ccsetup403.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\System32\drivers\innfd_1_10_0_14.sys a variant of Win64/NetFilter.A potentially unsafe application