Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected Computer [Solved]


  • This topic is locked This topic is locked

#1
Kiersten

Kiersten

    Member

  • Member
  • PipPip
  • 27 posts
I am currenty experiencing issues with a very slow computer and pop-ups as well as new tabs opening. I also get screens that come up that say they are from Microsoft although I believe they are not. I feel like I have tried everything but things still seem to be getting worse. Here are my logs:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by Kiersten (administrator) on KIERSTEN (15-08-2015 10:14:29)
Running from C:\Users\Kiersten\Desktop
Loaded Profiles: Kiersten (Available Profiles: & Kiersten & CareBear17)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\hnsq5471.tmp
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\Windows Discount\FindingDiscount\findingdiscount.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\jnsi33E7.tmp
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\sushileads\NpUpdaterService.exe
() C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\InternetEnhancerService.exe
(WeWatcher) C:\Program Files (x86)\ServiceUpdater\WeWatcherProxy.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Word Surfer) C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe
() C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\knsc1441.tmp
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
() C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\InternetEnhancer.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
() C:\Program Files (x86)\SpaceSondPro_v53.1434\SpaceSondPro_Service.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
() C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Installer Technology Co.) C:\Program Files (x86)\OpenSoftwareUpdater\OpenSoftwareUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\vnsvFAD5.tmp
(Farbar) C:\Users\Kiersten\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-16] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-10-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-10-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [Lenovo EasyCamera_Monitor] => C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe [257224 2010-08-24] ()
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-03] (Lenovo)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [OpenSoftwareUpdater] => C:\Program Files (x86)\OpenSoftwareUpdater\OpenSoftwareUpdater.exe [3733504 2014-04-08] (Installer Technology Co.)
HKLM-x32\...\RunOnce: [SpaceSondPro_v53.1434] => C:\Program Files (x86)\SpaceSondPro_v53.1434\SpaceSondPro_Service.exe [33480 2015-08-12] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1272704 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [GoogleChromeAutoLaunch_25A8A4F1613307037910DB1CD61EA586] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-04-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [SushiLeadsApplication] => C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe [381440 2015-08-03] ()
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [247032 2015-08-03] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219896 2015-08-03] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-10-07]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-01-24]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\CareBear17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2013-05-11]
ShortcutTarget: IMVU.lnk -> C:\Users\Kiersten\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
Startup: C:\Users\CareBear17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-03-17]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1505448478-352576845-3373465650-1004\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1505448478-352576845-3373465650-1001\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D032015-AC44713A88D0B45FFA7F&form=CONMHP&conlogo=CT3331981
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_installertech_15_32&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0B0D0E0DyDyE0BtCyCyEtN0D0Tzu0StCtAtCyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyD0DyC0Ezz0DtB0FtGyB0CyEtDtG0FzyyDtBtGyCyB0E0EtG0B0E0CzyyC0CyD0EtBtA0FyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByD0DtC0ByCtG0FtCyDtAtGyEtAyDtAtGzzyC0C0EtGtAyC0EtCyB0Azy0E0CyB0EtA2QtN0A0LzuyE&cr=2047286878&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_installertech_15_32&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0B0D0E0DyDyE0BtCyCyEtN0D0Tzu0StCtAtCyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyD0DyC0Ezz0DtB0FtGyB0CyEtDtG0FzyyDtBtGyCyB0E0EtG0B0E0CzyyC0CyD0EtBtA0FyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByD0DtC0ByCtG0FtCyDtAtGyEtAyDtAtGzzyC0C0EtGtAyC0EtCyB0Azy0E0CyB0EtA2QtN0A0LzuyE&cr=2047286878&ir=
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D032015-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3325283&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP2A3F2634-37E6-4F8D-912E-937AEB6007EF&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D032015-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> {6E1F3657-4FA0-428B-ACC9-0670D408AD84} URL =
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D032015-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-03-20] (IObit)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-19] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-19] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-19] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-19] (Google Inc.)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
Tcpip\..\Interfaces\{6E81E6E8-CCD9-4B50-9CC0-E32B757BD967}: [DhcpNameServer] 209.18.47.61 209.18.47.62 192.168.1.1
Tcpip\..\Interfaces\{E236AC00-1294-4A29-AC64-CCEDC682C7FD}: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=&D=081215
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D032015-AC44713A88D0B45FFA7F&form=CONMHP&conlogo=CT3331981
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-07-16] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3942197\npmathplugin.dll [2012-12-19] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1505448478-352576845-3373465650-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kiersten\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-02] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\searchplugins\cassiopesa.xml [2015-08-12]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\[email protected] [2015-04-26]
FF Extension: Ad-Aware Security Add-on - C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2013-07-31]
FF Extension: Roaming Rate - C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\{ce6c03f1-0fd5-4d72-bbdb-eaa0c0124531}.xpi [2015-03-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-10-07]
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-19]
CHR Extension: (Google Wallet) - C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FindingDiscount" service was unlocked. <===== ATTENTION
RuntimeManager" service was unlocked. <===== ATTENTION

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-20] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953720 2012-08-17] (Broadcom Corporation.)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3240184 2015-08-03] (Client Connect LTD)
R2 comyninu; C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\hnsq5471.tmp [161792 2015-08-08] () [File not signed]
R2 FindingDiscount; C:\Program Files (x86)\Windows Discount\FindingDiscount\FindingDiscount.exe [330240 2015-06-10] () [File not signed]
R2 hyverumu; C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\jnsi33E7.tmp [209920 2015-08-08] () [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-06] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RuntimeManager; C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe [101888 2015-06-10] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SushiLeadsUpdaterService; C:\Program Files (x86)\sushileads\NpUpdaterService.exe [10240 2015-08-03] () [File not signed]
R2 WaInterEnhancer Service; C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\InternetEnhancerService.exe [1182720 2015-08-07] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WeWatcherProxy; C:\Program Files (x86)\ServiceUpdater\WeWatcherProxy.exe [1741016 2015-08-06] (WeWatcher)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 wsasvc_1.10.0.19; C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe [299608 2015-06-15] (Word Surfer)
R2 wyhumyqu; C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\knsc1441.tmp [647680 2015-08-14] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
S2 consumerinput_update; no ImagePath
S3 consumerinput_updatem; no ImagePath
S2 RelevantKnowledge; no ImagePath <==== ATTENTION

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-03-20] (Broadcom Corporation.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-31] (GFI Software)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-20] (REALiX™)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-03-20] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2015-03-20] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1059064 2012-08-24] (Sunplus)
R1 wsafd_1_10_0_19; C:\Windows\System32\drivers\wsafd_1_10_0_19.sys [57728 2015-06-15] (Word Surfer)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S1 netfilter64; system32\drivers\netfilter64.sys [X]
S3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-15 10:14 - 2015-08-15 10:15 - 00032940 _____ C:\Users\Kiersten\Desktop\FRST.txt
2015-08-15 10:07 - 2015-08-15 10:14 - 00000000 ____D C:\FRST
2015-08-15 10:06 - 2015-08-15 10:06 - 02173952 _____ (Farbar) C:\Users\Kiersten\Desktop\FRST64(1).exe
2015-08-15 10:05 - 2015-08-15 10:06 - 02173952 _____ (Farbar) C:\Users\Kiersten\Downloads\FRST64.exe
2015-08-14 19:24 - 2015-08-14 19:24 - 00291000 _____ C:\WINDOWS\Minidump\081415-34265-01.dmp
2015-08-14 19:22 - 2015-08-14 19:22 - 00000000 ____D C:\ProgramData\FlashBeat
2015-08-14 19:12 - 2015-08-15 10:15 - 00001154 _____ C:\Users\Kiersten\Desktop\Continue Live Installation.lnk
2015-08-14 18:50 - 2015-08-14 18:50 - 00288360 _____ C:\WINDOWS\Minidump\081415-38546-01.dmp
2015-08-14 18:28 - 2015-08-14 18:29 - 00289936 _____ C:\WINDOWS\Minidump\081415-29500-01.dmp
2015-08-14 06:32 - 2015-08-14 06:32 - 00003102 _____ C:\WINDOWS\System32\Tasks\{ED9F8D0B-4A34-4DE7-8103-6CEC5E3CBBB8}
2015-08-14 05:39 - 2015-08-14 06:38 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP3.job
2015-08-14 05:39 - 2015-08-14 06:38 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP2.job
2015-08-14 05:39 - 2015-08-14 05:59 - 00000378 _____ C:\WINDOWS\Tasks\APSnotifierPP1.job
2015-08-14 05:39 - 2015-08-14 05:39 - 00002830 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP1
2015-08-14 05:39 - 2015-08-14 05:39 - 00002828 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP3
2015-08-14 05:39 - 2015-08-14 05:39 - 00002828 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP2
2015-08-14 05:36 - 2015-08-13 21:26 - 00613255 _____ (CMI Limited) C:\Users\Kiersten\AppData\Local\nscB0F3.tmp
2015-08-13 21:26 - 2015-08-13 21:26 - 00000000 __SHD C:\Users\Kiersten\AppData\Roaming\AnyProtectEx
2015-08-13 21:23 - 2015-08-14 18:39 - 00000000 ____D C:\Users\Kiersten\AppData\Local\SmartWeb
2015-08-13 03:22 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:22 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 02:56 - 2015-08-15 09:53 - 00000616 _____ C:\WINDOWS\setupact.log
2015-08-13 02:56 - 2015-08-14 18:44 - 00019562 _____ C:\WINDOWS\PFRO.log
2015-08-13 02:56 - 2015-08-13 02:57 - 00291000 _____ C:\WINDOWS\Minidump\081315-24968-01.dmp
2015-08-13 02:56 - 2015-08-13 02:56 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-12 21:01 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-12 21:01 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 20:55 - 2015-07-16 17:14 - 25192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-12 20:55 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-12 20:55 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-12 20:55 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-12 20:55 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-12 20:55 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-12 20:55 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-12 20:55 - 2015-07-16 16:20 - 19870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-12 20:55 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-12 20:55 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-12 20:55 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-12 20:55 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-12 20:55 - 2015-07-16 15:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-12 20:55 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-12 20:55 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-12 20:55 - 2015-07-16 15:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-12 20:55 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-12 20:55 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 20:55 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-12 20:55 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-12 20:55 - 2015-07-16 15:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-12 20:55 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-12 20:55 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-12 20:55 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 20:55 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-12 20:55 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-12 20:55 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-12 20:55 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-12 20:55 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-12 20:55 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-12 20:55 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-12 20:48 - 2015-07-13 23:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-12 20:48 - 2015-07-13 23:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-12 20:48 - 2015-07-10 13:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-12 20:48 - 2015-07-10 12:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-12 20:47 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-12 20:47 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-12 20:47 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-12 20:47 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-12 20:47 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-12 20:47 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-12 20:47 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-12 20:46 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-12 20:46 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-12 20:46 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-12 20:42 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-12 20:42 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-12 20:42 - 2015-06-09 14:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-12 20:39 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-12 20:39 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-12 20:39 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-12 20:37 - 2015-07-18 21:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-12 20:37 - 2015-07-18 14:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-12 20:37 - 2015-07-18 14:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-12 20:37 - 2015-07-18 14:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-12 20:37 - 2015-07-18 14:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-12 20:37 - 2015-07-18 14:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-12 20:37 - 2015-07-18 14:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-12 20:37 - 2015-07-18 14:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-12 20:37 - 2015-07-18 14:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-12 20:37 - 2015-07-18 14:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-12 20:37 - 2015-07-18 14:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-12 20:37 - 2015-07-18 14:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-12 20:33 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 20:33 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 20:33 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 20:33 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 20:33 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 20:33 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-12 20:33 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-12 20:33 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-12 20:33 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-12 20:29 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-12 20:29 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-12 20:28 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 20:28 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 20:28 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 20:28 - 2015-05-11 20:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-08-12 20:23 - 2015-08-12 20:23 - 00000000 ____D C:\Users\Kiersten\Documents\DailyPCClean
2015-08-12 20:22 - 2015-08-14 05:37 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support
2015-08-12 20:21 - 2015-08-13 02:58 - 00009848 _____ C:\WINDOWS\SysWOW64\WeWatcherProxyOff.ini
2015-08-12 20:21 - 2015-08-13 02:58 - 00009848 _____ C:\WINDOWS\system32\WeWatcherProxyOff.ini
2015-08-12 20:21 - 2015-08-12 20:21 - 00003252 _____ C:\WINDOWS\System32\Tasks\runTask
2015-08-12 20:21 - 2015-08-12 20:21 - 00003156 _____ C:\WINDOWS\System32\Tasks\updateTask
2015-08-12 20:21 - 2015-08-12 20:21 - 00000217 _____ C:\task.vbs
2015-08-12 20:21 - 2015-08-12 20:21 - 00000000 ____D C:\Program Files (x86)\ServiceUpdater
2015-08-12 20:21 - 2015-08-06 18:19 - 00357432 _____ (WeWatcher) C:\WINDOWS\system32\WeWatcherLSP64.dll
2015-08-12 20:21 - 2015-08-06 18:18 - 00305960 _____ (WeWatcher) C:\WINDOWS\SysWOW64\WeWatcherLSP.dll
2015-08-12 20:18 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-12 20:18 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-12 20:18 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-12 20:18 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-12 20:14 - 2015-08-13 00:19 - 00000000 ____D C:\ProgramData\sushileads
2015-08-12 20:14 - 2015-08-12 20:14 - 00003518 _____ C:\WINDOWS\System32\Tasks\SushiLeads
2015-08-12 20:14 - 2015-08-12 20:14 - 00000000 ____D C:\Program Files (x86)\sushileads
2015-08-12 20:08 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 20:08 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 20:08 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 20:08 - 2015-07-24 14:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-12 20:08 - 2015-07-24 14:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 20:08 - 2015-07-24 14:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-12 20:08 - 2015-07-24 13:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 20:08 - 2015-07-24 13:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-12 19:39 - 2015-08-14 18:44 - 00000000 ____D C:\Program Files\SpaceSoundPro
2015-08-12 19:39 - 2015-08-12 20:21 - 00000000 _____ C:\END
2015-08-12 19:39 - 2015-08-12 19:44 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v53.1434
2015-08-12 19:39 - 2015-08-12 19:39 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2015-08-12 19:39 - 2015-08-12 19:39 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2015-08-12 19:29 - 2015-08-12 19:29 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\Compete
2015-08-08 12:21 - 2015-07-21 12:17 - 01084696 _____ (TMRG, Inc.) C:\WINDOWS\system32\rlls64.dll
2015-08-08 12:20 - 2015-08-08 12:20 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\Compete
2015-08-08 12:19 - 2015-08-08 12:19 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\OpenSoftwareUpdater
2015-08-08 12:19 - 2015-08-08 12:19 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\InstantSupport
2015-08-08 12:18 - 2015-08-08 12:18 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\PCAcceleratePro
2015-08-08 12:17 - 2015-08-08 12:17 - 00003488 _____ C:\WINDOWS\System32\Tasks\bvxvyxvec
2015-08-08 12:16 - 2015-08-15 09:54 - 00000354 _____ C:\WINDOWS\Tasks\OMYQNNDMU1.job
2015-08-08 12:16 - 2015-08-14 07:16 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-08-08 12:16 - 2015-08-12 19:25 - 00000000 ____D C:\Users\Kiersten\AppData\Local\SearchProtect
2015-08-08 12:16 - 2015-08-08 12:18 - 00000000 ____D C:\ProgramData\Service1291
2015-08-08 12:16 - 2015-08-08 12:17 - 00000000 ____D C:\Users\Kiersten\AppData\Local\bvxvyxvec
2015-08-08 12:16 - 2015-08-08 12:16 - 00002868 _____ C:\WINDOWS\System32\Tasks\OMYQNNDMU1
2015-08-08 12:16 - 2015-08-08 12:16 - 00000000 ____D C:\Users\CareBear17\AppData\Local\SearchProtect
2015-08-08 12:16 - 2015-08-08 12:16 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-08-08 12:15 - 2015-08-08 12:15 - 00004180 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update
2015-08-08 12:15 - 2015-08-08 12:15 - 00004170 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core
2015-08-08 12:15 - 2015-08-08 12:15 - 00000000 ____D C:\Program Files (x86)\WordSurfer_1.10.0.19
2015-08-08 12:07 - 2015-08-15 10:12 - 00000992 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job
2015-08-08 12:07 - 2015-08-15 09:54 - 00000988 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job
2015-08-08 12:07 - 2015-08-08 12:07 - 00003862 _____ C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2015-08-08 12:07 - 2015-08-08 12:07 - 00003626 _____ C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2015-08-08 12:07 - 2015-08-08 12:07 - 00001162 _____ C:\Users\Public\Desktop\OpenSoftwareUpdater.lnk
2015-08-08 12:07 - 2015-08-08 12:07 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\OpenSoftwareUpdater
2015-08-08 12:07 - 2015-08-08 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSoftwareUpdater
2015-08-08 12:07 - 2015-08-08 12:07 - 00000000 ____D C:\Program Files (x86)\OpenSoftwareUpdater
2015-08-08 12:06 - 2015-08-08 12:06 - 00000000 ____D C:\ProgramData\Windows Discount
2015-08-08 12:06 - 2015-08-08 12:06 - 00000000 ____D C:\Program Files (x86)\Windows Discount
2015-08-08 12:05 - 2015-08-14 05:37 - 00000000 ____D C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E
2015-08-08 12:05 - 2015-08-12 19:30 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2015-08-08 12:05 - 2015-08-08 12:05 - 00003256 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
2015-08-08 12:05 - 2015-08-08 12:05 - 00001090 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2015-08-08 12:05 - 2015-08-08 12:05 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-08-08 12:05 - 2015-08-08 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer
2015-08-08 12:05 - 2015-08-08 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2015-08-08 12:05 - 2015-08-08 12:05 - 00000000 ____D C:\Program Files (x86)\WaInterEnhancer
2015-08-08 12:05 - 2015-08-05 21:14 - 00000854 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-08 12:04 - 2015-08-08 12:04 - 03719524 _____ C:\Users\CareBear17\Downloads\forge-1.8-11.14.3.1502-installer.jar
2015-08-08 12:04 - 2015-08-08 12:04 - 00000000 ____D C:\Users\Kiersten\AppData\Local\59790140
2015-08-08 12:04 - 2015-08-08 12:04 - 00000000 ____D C:\Users\Kiersten\AppData\Local\{C35BF507-E7F3-99BF-8A6B-BC57AE0340CF}
2015-08-08 12:04 - 2015-08-08 12:04 - 00000000 ____D C:\Program Files (x86)\TestXp
2015-08-08 12:03 - 2015-08-08 12:23 - 00000000 ____D C:\Program Files (x86)\OSDownloader
2015-08-08 12:03 - 2015-08-08 12:03 - 00000003 _____ C:\Users\CareBear17\Desktop\2.txt
2015-08-08 12:03 - 2015-08-08 12:03 - 00000003 _____ C:\Users\CareBear17\Desktop\1.txt
2015-08-08 10:36 - 2015-08-08 12:10 - 02125197 _____ C:\Users\CareBear17\Downloads\BattleTowers-1.7.10.zip
2015-08-08 10:31 - 2015-08-08 12:06 - 01164029 _____ C:\Users\CareBear17\Downloads\GraveStone-2.11.3.jar
2015-08-08 10:30 - 2015-08-08 10:30 - 00625453 _____ C:\Users\CareBear17\Downloads\DoomlikeDungeons-1.7.5-MC1.7.10.jar
2015-08-08 10:26 - 2015-08-08 10:26 - 00117768 _____ C:\Users\CareBear17\Downloads\EasyCrafting-1.7.10-2.0.1.16.jar
2015-08-08 10:23 - 2015-08-08 10:23 - 00063764 _____ C:\Users\CareBear17\Downloads\FinderCompass-1.7.10.jar
2015-08-08 10:20 - 2015-08-08 10:20 - 00133784 _____ C:\Users\CareBear17\Downloads\xaeros_minimap_v1.4.9.2_1.7.10_Forge.jar
2015-08-07 19:27 - 2015-08-08 09:55 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-07 19:27 - 2015-08-08 09:55 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-06 16:13 - 2015-08-06 16:14 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-08-06 16:13 - 2015-08-06 16:13 - 00000984 _____ C:\Users\Public\Desktop\Minecraft.lnk
2015-08-06 16:13 - 2015-08-06 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-08-06 06:35 - 2015-08-06 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-08-06 06:34 - 2015-08-06 06:34 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2015-08-05 21:52 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-08-05 21:52 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-08-05 21:52 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-08-05 21:52 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-05 21:52 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-08-05 21:52 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-05 21:52 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-08-05 21:52 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-08-05 21:52 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-08-05 21:52 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-08-05 21:52 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-08-05 21:52 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-08-05 21:52 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-08-05 21:52 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-08-05 21:52 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-08-05 21:52 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-08-05 21:52 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-08-05 21:52 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-08-05 21:52 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-08-05 21:52 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-08-05 21:52 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-08-05 21:52 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-08-05 21:52 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-08-05 21:52 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-08-05 21:52 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-05 21:52 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-08-05 21:52 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-05 21:52 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-05 21:52 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-08-05 21:52 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-08-05 21:52 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-08-05 21:52 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-08-05 21:51 - 2015-05-11 14:17 - 01201664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-08-05 21:51 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-08-05 21:51 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-08-05 21:51 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-08-05 21:50 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-05 21:50 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-05 21:50 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-08-05 21:50 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-08-05 21:49 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-08-05 21:49 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-08-05 21:49 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-08-05 21:49 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-08-05 21:49 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-08-05 21:49 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-08-05 21:49 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-08-05 21:49 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-08-05 21:49 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-08-05 21:49 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-08-05 21:49 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-08-05 21:49 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-08-05 21:49 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-08-05 21:49 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-08-05 21:48 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-08-05 21:48 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-08-05 21:48 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-08-05 21:48 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-05 21:48 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-05 21:48 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-08-05 21:48 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-08-05 21:48 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-08-05 21:48 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-08-05 21:48 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-08-05 21:47 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-08-05 21:47 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-08-05 21:47 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-08-05 21:47 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-08-05 21:14 - 2015-08-05 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-08-05 21:14 - 2015-08-05 21:14 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-15 10:12 - 2014-09-08 22:55 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-15 10:11 - 2014-10-27 23:52 - 01420939 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-15 10:07 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-15 10:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-15 10:00 - 2013-01-26 01:11 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1505448478-352576845-3373465650-1001
2015-08-15 09:59 - 2014-10-28 00:14 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{631CFC46-6FD0-4139-B4FF-7409B198DDA2}
2015-08-15 09:58 - 2015-03-18 19:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-15 09:56 - 2013-01-26 11:59 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-15 09:55 - 2015-03-20 20:16 - 00002208 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-08-15 09:55 - 2014-10-28 00:05 - 00000000 ___RD C:\Users\Kiersten\OneDrive
2015-08-15 09:53 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-14 19:24 - 2015-07-09 22:27 - 677955010 _____ C:\WINDOWS\MEMORY.DMP
2015-08-14 18:50 - 2014-12-26 11:29 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-14 18:40 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-14 18:36 - 2015-03-20 20:17 - 00003372 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Kiersten
2015-08-14 18:35 - 2014-10-27 23:18 - 00000000 ____D C:\Users\CareBear17
2015-08-14 18:29 - 2014-10-27 23:18 - 00000000 ____D C:\Users\Kiersten
2015-08-14 07:28 - 2013-01-26 11:59 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-14 07:17 - 2014-09-07 21:55 - 00106469 _____ C:\WINDOWS\wininit.ini
2015-08-14 06:46 - 2014-09-24 03:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-14 06:40 - 2015-03-20 20:17 - 00000000 ____D C:\ProgramData\ProductData
2015-08-13 21:18 - 2013-01-26 01:03 - 00000000 ____D C:\Users\Kiersten\AppData\Local\Packages
2015-08-13 03:37 - 2013-08-22 10:44 - 00509824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-13 03:34 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 03:34 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 03:34 - 2013-08-22 09:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-08-13 03:33 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-13 03:33 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-13 03:23 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-13 03:22 - 2013-08-04 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 03:22 - 2013-08-04 22:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 03:22 - 2013-08-04 22:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 03:21 - 2013-07-21 01:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-13 03:17 - 2013-01-27 16:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 03:17 - 2013-01-26 10:46 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-13 03:15 - 2014-12-14 20:30 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-13 03:15 - 2014-09-24 05:50 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-13 03:14 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 03:14 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 03:14 - 2012-07-26 01:26 - 00000167 _____ C:\WINDOWS\win.ini
2015-08-13 02:39 - 2014-11-01 08:56 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D957F1F4-BC28-4951-902D-C2055D430341}
2015-08-12 21:47 - 2013-01-26 14:57 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1505448478-352576845-3373465650-1004
2015-08-12 19:58 - 2015-03-18 19:50 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-09 15:40 - 2013-11-01 22:47 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\.minecraft
2015-08-09 14:12 - 2015-02-13 11:19 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\IMVU
2015-08-08 12:09 - 2015-04-26 14:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-08 12:04 - 2014-11-02 08:35 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-08-08 12:04 - 2014-09-14 21:36 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-07 19:20 - 2015-04-05 13:07 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-08-07 19:20 - 2015-04-05 13:07 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-08-07 19:20 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-08-07 19:20 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-08-07 17:41 - 2014-07-02 12:27 - 00000000 ____D C:\Users\CareBear17\AppData\Local\Screencast-O-Matic
2015-08-06 09:46 - 2014-12-26 09:36 - 00001419 _____ C:\Users\CareBear17\Desktop\ROBLOX Player.lnk
2015-08-06 09:46 - 2014-12-26 09:34 - 00001234 _____ C:\Users\CareBear17\Desktop\ROBLOX Studio.lnk
2015-08-06 09:46 - 2014-12-26 09:34 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-08-06 09:46 - 2013-01-26 15:03 - 00000000 ____D C:\Users\CareBear17\AppData\Local\Google
2015-08-06 06:35 - 2013-05-29 12:47 - 00003062 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-08-06 06:35 - 2013-05-29 12:46 - 00003060 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-08-06 06:35 - 2013-01-26 16:26 - 00003118 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-08-06 06:35 - 2013-01-26 16:26 - 00003092 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-08-06 06:35 - 2013-01-26 16:26 - 00003090 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-08-05 21:14 - 2015-03-18 19:50 - 00001961 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-08-05 21:14 - 2015-03-18 19:50 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-08-05 20:18 - 2013-08-22 11:36 - 00000000 __RSD C:\WINDOWS\Media
2015-08-05 20:18 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2015-08-05 20:18 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2015-08-05 20:18 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-05 20:18 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-08-05 20:17 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-05 20:17 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\servicing
2015-08-05 20:16 - 2015-04-03 07:45 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\ProductData
2015-08-05 20:16 - 2015-03-20 20:18 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\ProductData
2015-08-05 20:16 - 2015-03-20 20:16 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\IObit
2015-08-05 20:16 - 2014-07-02 14:16 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screencast-O-Matic
2015-08-05 20:16 - 2013-11-08 23:11 - 00000000 ____D C:\Users\Public\StarStableOnline
2015-08-05 20:14 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-05 19:25 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\registration
2015-08-02 20:10 - 2014-10-28 03:01 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-02 20:04 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-02 19:17 - 2014-11-14 21:58 - 00000000 __SHD C:\Users\Kiersten\AppData\Local\EmieBrowserModeList
2015-08-02 19:17 - 2014-10-28 00:13 - 00000000 __SHD C:\Users\Kiersten\AppData\Local\EmieUserList
2015-08-02 19:17 - 2014-10-28 00:13 - 00000000 __SHD C:\Users\Kiersten\AppData\Local\EmieSiteList
2015-07-19 18:23 - 2013-01-26 11:59 - 00003896 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-19 18:23 - 2013-01-26 11:59 - 00003660 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2014-03-05 00:25 - 2014-03-05 00:25 - 0000476 _____ () C:\Users\Kiersten\AppData\Roaming\com.zoosk.Desktop_state.xml
2013-01-30 12:06 - 2014-10-10 23:15 - 0000173 _____ () C:\Users\Kiersten\AppData\Local\msmathematics.qat.Kiersten
2015-08-14 05:36 - 2015-08-13 21:26 - 0613255 _____ (CMI Limited) C:\Users\Kiersten\AppData\Local\nscB0F3.tmp
2012-10-07 04:39 - 2012-10-07 04:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-10-08 20:46 - 2015-03-21 09:40 - 0003173 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\CareBear17\AppData\Local\Temp\InstallIMVU_516.0.exe
C:\Users\Kiersten\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-13 04:16

==================== End of log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Kiersten (2015-08-15 10:16:46)
Running from C:\Users\Kiersten\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1505448478-352576845-3373465650-500 - Administrator - Disabled)
CareBear17 (S-1-5-21-1505448478-352576845-3373465650-1004 - Limited - Enabled) => C:\Users\CareBear17
Guest (S-1-5-21-1505448478-352576845-3373465650-501 - Limited - Disabled)
Kiersten (S-1-5-21-1505448478-352576845-3373465650-1001 - Administrator - Enabled) => C:\Users\Kiersten

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510nz_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.8 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.2.0 - IObit)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) <==== ATTENTION
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12212.0 - Cisco Consumer Products LLC)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
EasyTether (HKLM-x32\...\{8d3ac0f3-14ee-49ab-9193-a8dbdc6fec0c}) (Version: 1.1.17 - Mobile Stream)
EasyTether (Version: 1.1.17 - Mobile Stream) Hidden
EasyTether ADB USB driver (HKLM\...\{7DD41AE3-10F5-4C46-961C-FAE786519FFF}) (Version: 1.0.0 - Mobile Stream)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
Enterprise (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FindingDiscount (HKLM-x32\...\FindingDiscount) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 G510n-z 14.0 Rel. 6 (HKLM\...\{6B9B2E57-D988-4258-8A2C-6F3657A600BD}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{DD7D6D84-93AB-48CA-A759-94324E341CBA}) (Version: 2.00.0012.0723 - Lenovo)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1900 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.5.7 - Lenovo EasyCamera)
Lenovo MuteSync (HKLM-x32\...\{16D5D9E9-C8DE-4014-A09C-B9B5ABA0F7FA}) (Version: 1.0.10 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mathematica Extras 9.0 (3942197) (HKLM\...\A-WIN-Extras 9.0.0 3942197_is1) (Version: 9.0.0 - Wolfram Research, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 en-US)) (Version: 24.5.0 - Mozilla)
Nitro Pro 7 (HKLM\...\{72D264E5-0C44-42DF-820B-621303E5C183}) (Version: 7.4.1.21 - Nitro PDF Software)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
One System Care (HKLM-x32\...\OneSystemCare) (Version: 2.00.00.1 - OneSystemCare)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.0.9 - Lenovo)
OpenSoftwareUpdater (HKLM-x32\...\OpenSoftwareUpdater) (Version: - )
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 3.0.10.64 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
ServiceUpdater (HKLM-x32\...\ServiceUpdater) (Version: - )
ServiceUpdater (HKLM-x32\...\WebWatcherInstall) (Version: - )
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SpaceSoundPro Service (HKLM-x32\...\zz.1434.ssp) (Version: 1.0.0 - CSDI)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
SushiLeads (HKLM-x32\...\sushileads) (Version: 2.4.1.4 - SushiLeads)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TI-83 Plus Flash Debugger (HKLM-x32\...\TI-83 Plus Flash Debugger) (Version: - )
Tny_Cassiopesa (HKLM-x32\...\Tny_Cassiopesa) (Version: - Tny_Cassiopesa)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Wajam (HKLM-x32\...\WaInterEnhancer) (Version: 2.34.2.52 (i2.6) - WaInterEnhancer) <==== ATTENTION
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Wolfram CDF Player (M-WIN-D 9.0.0 3942419) (HKLM-x32\...\M-WIN-D 9.0.0 3942419_is1) (Version: 9.0.0 - Wolfram Research, Inc.)
WordSurfer 1.10.0.19 (HKLM-x32\...\WordSurfer_1.10.0.19) (Version: 1.10.0.19 - WordSurfer)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

05-08-2015 18:45:13 Windows Update
05-08-2015 19:11:03 Restore Operation
13-08-2015 03:11:31 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-08-05 21:14 - 00000854 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AAB1B5D-C707-4706-B31E-1FA577F47CEF} - System32\Tasks\bvxvyxvec => C:\Users\Kiersten\AppData\Local\bvxvyxvec\bvxvyxvec.exe [2015-08-03] () <==== ATTENTION
Task: {0C1AD099-B7C9-459C-94B8-304166BBDFA9} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {0F23281E-688D-406A-937D-B9D31FD51139} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2015-07-31] ()
Task: {16DF8F86-86A7-4051-8D7B-C06E8664273C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {1CEFB9CD-0DFE-47CA-A74A-6B18DEF92CAB} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {2E230C96-DC86-4858-9ED7-768E6FED8C5A} - System32\Tasks\OMYQNNDMU1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {326BDB2B-3C16-4A4F-8B3F-ACD8EACA30CC} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)
Task: {380B84BB-F8F2-4C71-B65B-0393429F1242} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {5151ED8B-07EE-45AC-8E74-7107D2752C55} - System32\Tasks\{ED9F8D0B-4A34-4DE7-8103-6CEC5E3CBBB8} => pcalua.exe -a "C:\Program Files (x86)\AnyProtectEx\uninstall.exe" <==== ATTENTION
Task: {57153552-5504-4A39-B869-361C2C873914} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {5AE75F92-C3B5-4D07-AD60-FCAF3CA63CE3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {5D4E11FF-6143-43E8-B8A8-44A41B05AE8C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {61195080-B284-4AEA-8C83-7B536CBEEC1A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {66BD1350-62D0-4011-A248-1F276B18066C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {7375A6A9-E560-48AE-A811-DD1FBF702843} - \One System Care Run Delay -> No File <==== ATTENTION
Task: {76DB686F-AC50-43EE-8971-FEFD12BB88C6} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {7BD84A73-1020-424B-97CE-9CDE65B8BC9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {7C0AEB60-255E-40A8-B941-BB8460204D64} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {7C8EA910-6B1F-4251-B74A-8AA54F8D89B3} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {7DDB85A3-5086-477B-8D93-1FD7B3CEE020} - System32\Tasks\Kaomonaenuvn => C:\ProgramData\Kaomonaenuvn\1.0.1.0\jlewroan.exe <==== ATTENTION
Task: {820F8488-4F1B-4C16-8B2E-FA99306D80AC} - System32\Tasks\runTask => %TEMP%/Updater.exe
Task: {83C4FBA0-2389-48DF-9A3F-531F055C89C8} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {84E5164E-1A4D-4834-ABE1-CD184C7B634E} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {8675385C-87AA-4D64-AF15-2B55C8347137} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-15] (Word Surfer)
Task: {8C0B3E81-F4D7-4D4F-8BC8-1B5AD7F2CC69} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {8E87B4FA-A509-453D-9F36-DEBCB87BD3EC} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {9AFB7AD6-53F0-4FD0-B40F-B5D90F731EA3} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe [2015-08-03] ()
Task: {A5F3B644-7F68-4BC4-B5F2-881E9341C414} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A9A7318B-4F3E-48DB-8D19-AB71D683953F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {AA43EE18-EC9A-4DFF-9BC3-AC656808AAD3} - \PennyBee -> No File <==== ATTENTION
Task: {AB864495-C7A3-4D17-B8B8-30C9E3C4897B} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B19B4CBE-ABAA-4CD9-890A-E0107E90E234} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {C834974A-52E6-4A4F-9BF9-2F3E7C9487B2} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {E27805AE-0FAF-4443-8156-E833317E3DD7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {E43B0E03-346F-42A6-AF28-4CEA6CB9D05E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-13] (Microsoft Corporation)
Task: {EC44560A-1013-4015-8820-528768360B8A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {EDC411FF-FC17-421C-A3B3-78562294A7C0} - System32\Tasks\updateTask => c:\task.vbs [2015-08-12] ()
Task: {F39034BB-F7FD-49FA-BD3F-41AC9D2ED566} - System32\Tasks\Uninstaller_SkipUac_Kiersten => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {F65CC83F-2FE4-43ED-A8CB-364874510AF6} - System32\Tasks\ASC8_SkipUac_Kiersten => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-04-09] (IObit)
Task: {F8C498A3-C4A9-4ABB-A093-7C53DBA1FCA4} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {FC34BC7A-110D-41BB-B52F-C875FA80F7CB} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-15] (Word Surfer)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\OMYQNNDMU1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2012-08-17 13:23 - 2012-08-17 13:23 - 00044408 _____ () C:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll
2015-08-08 12:05 - 2015-08-08 12:05 - 00161792 _____ () C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\hnsq5471.tmp
2015-06-10 16:59 - 2015-06-10 16:59 - 00330240 _____ () C:\Program Files (x86)\Windows Discount\FindingDiscount\FindingDiscount.exe
2015-08-08 12:05 - 2015-08-08 12:05 - 00209920 _____ () C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\jnsi33E7.tmp
2015-06-10 16:59 - 2015-06-10 16:59 - 00101888 _____ () C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe
2015-08-03 11:14 - 2015-08-03 11:14 - 00010240 _____ () C:\Program Files (x86)\sushileads\NpUpdaterService.exe
2015-08-03 11:14 - 2015-08-03 11:14 - 00006144 _____ () C:\Program Files (x86)\sushileads\AppResources.dll
2015-08-07 10:25 - 2015-08-07 10:25 - 01182720 _____ () C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\InternetEnhancerService.exe
2015-08-14 05:11 - 2015-08-14 05:11 - 00647680 _____ () C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\knsc1441.tmp
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-07-16 03:49 - 2012-07-16 03:49 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2015-07-31 07:19 - 2015-07-31 07:19 - 00581216 _____ () C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe
2015-08-07 10:25 - 2015-08-07 10:25 - 00266752 _____ () C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\InternetEnhancer.exe
2015-08-12 06:06 - 2015-08-12 06:06 - 00033480 _____ () C:\Program Files (x86)\SpaceSondPro_v53.1434\SpaceSondPro_Service.exe
2015-08-03 11:14 - 2015-08-03 11:14 - 00381440 _____ () C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe
2010-08-24 10:44 - 2010-08-24 10:44 - 00257224 _____ () C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe
2015-08-08 12:05 - 2015-08-14 05:36 - 00972836 _____ () C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\vnsvFAD5.tmp
2015-03-20 20:16 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2015-03-20 20:17 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2014-09-07 21:01 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-07 21:01 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-07 21:01 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-07 21:01 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-07 21:01 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-20 20:16 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-03-20 20:16 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-03-20 20:16 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2015-08-07 10:25 - 2015-08-07 10:25 - 00011776 _____ () C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\ApiHandlr.dll
2015-03-20 20:16 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2015-08-12 20:44 - 2015-08-07 20:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll
2015-08-12 20:44 - 2015-08-07 20:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll
2015-08-12 20:44 - 2015-08-07 20:13 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll
2012-10-07 04:20 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-03-20 20:17 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-03-20 20:17 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-03-20 20:17 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Kiersten\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WeWatcherProxy => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kiersten\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img6.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{4B019675-706D-4C1A-AAD2-8B61159AAB58}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{2EBE7D30-F8C1-4C87-AC01-A6CBFCFF7996}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{AA4A8AB6-D8B5-4B30-8564-CDF77E86FF6F}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{97EF3D18-0D96-4353-9A9B-F5C5D5470875}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [{C5B560A3-C7BF-470B-B34A-EE81EFD20C08}] => (Allow) C:\Users\Kiersten\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7893C7BC-5BF1-4433-ACB4-69770FE4DE14}] => (Allow) C:\Users\Kiersten\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{593671A3-74E9-4571-931C-C1D21D506CFD}] => (Allow) C:\Users\Kiersten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWED6UF5\uTorrent.exe
FirewallRules: [{E5836CB0-2F94-4C7F-A743-A52181B8BE89}] => (Allow) C:\Users\Kiersten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWED6UF5\uTorrent.exe
FirewallRules: [{A3C775F0-B41F-4C4D-904A-FDDCFE3989DC}] => (Allow) C:\Users\Kiersten\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{940AF432-97D1-464F-A8F5-44C090D02EA1}] => (Allow) C:\Users\Kiersten\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{AEAC8A51-C5CD-482A-AFCB-2DD86A2684FB}] => (Allow) C:\Users\Kiersten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWED6UF5\BitTorrent.exe
FirewallRules: [{D56C9B0D-2CBE-455D-BB0F-FB60027472C8}] => (Allow) C:\Users\Kiersten\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWED6UF5\BitTorrent.exe
FirewallRules: [{FBEF1B2C-7809-45A0-AF53-F4CED1D276AB}] => (Allow) C:\Users\Kiersten\AppData\Local\Temp\HP\OJ_AIO_4500_G510n-z_Ent64_Win_WW_140\setup\hpznui40.exe
FirewallRules: [{07072BB2-AFA1-41FD-90E7-2377B22B7A1F}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{2D6CE2E1-A93F-41A8-819A-893A20283B4A}] => (Allow) C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe
FirewallRules: [{914A78DA-CB4B-454E-90BD-CE1452311EF0}] => (Allow) C:\Users\Kiersten\AppData\Local\Temp\7zS27BF\hppiw.exe
FirewallRules: [{4DA18BFA-0994-461D-925E-6F5E8EF9EC5C}] => (Allow) C:\Users\Kiersten\AppData\Local\Temp\7zS27BF\hppiw.exe
FirewallRules: [{DF4C7CF1-83C7-4BD5-A2C8-B5BC5F7B9288}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{286C5B5E-0925-477B-B111-5756C6E31A0B}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{41681C9A-F96D-420B-AF1D-5731755E3CF8}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\9.0\math.exe
FirewallRules: [{065F89C6-0688-4E46-8885-B2F915960E32}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\9.0\math.exe
FirewallRules: [{0DF418E7-59FD-4844-806F-1A64938A27AC}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\9.0\WolframCDFPlayer.exe
FirewallRules: [{C0DED126-5640-43AC-B1C1-AFF79A56B4E5}] => (Allow) C:\Program Files (x86)\Wolfram Research\Wolfram CDF Player\9.0\WolframCDFPlayer.exe
FirewallRules: [{AD404FF3-E0CD-40C1-BBEB-BCEDD71F2903}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{30FEB346-9C58-4E07-A5CD-679AAC8D0627}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{920928DC-1731-4444-94CF-DF3ED4DAC507}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{8E38B24B-ACD6-47E2-A6AA-E56CA97AB13C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1A7F9795-A9D8-4C95-887A-D70231C2B7D8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{DA411412-93C8-4979-AE3D-6DABE3382967}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{55172036-89F3-4CC9-BAF7-E4986B465A5C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{9E610E30-BD67-4813-8ECB-E09C1EE71575}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{109F5E01-49C0-47F7-8513-50218EE45FB9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{13E5464A-68D1-4550-B481-995C74CCADE5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{7D26686F-2671-4302-9A04-45720C8AB626}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{478FA289-6EB7-4948-970D-52A7D0AA4755}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{A566237A-D85F-4076-9BF2-6D549C0DBEBB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{A2E7E6F2-B789-4E5C-BC54-AF226CCF3B41}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{7CADC68A-9EFE-455D-B7C7-622246AD671C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{097B0054-AE65-41B7-A462-A3B37C5ACC7E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{0C83A509-CC7F-4C29-9EF7-A6DA4816A21D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{BC94133E-6412-4023-89BC-88F502A4A8E7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{65A9E6E1-2E5B-4081-B70F-89A322B4D334}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{997D59E0-50CF-4E9C-AD0E-908199EC145F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{E7E97E06-6193-4B5D-896E-4D39B8DEB5B8}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{5A3DD7FB-150F-49F4-B9CE-D5AD1D7840AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9DB478F8-C08B-4DD3-BE56-AAA7BD1A531A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{286E60F9-3177-4D4C-925D-2704E6C4AF25}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CEA85AF3-07FD-402D-91DC-CDD9039A1938}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{C1B89EB3-200E-47DE-8D70-26460A572E24}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{CEAAB209-CCF2-42AB-969D-884232A6B6B8}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{A700C0A1-0EE0-4608-8004-9D58F915FEDB}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{6F7601C5-66B0-43EB-99FB-CCA92F35A78C}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{C2CE4A84-545A-4FA6-B67A-E91956CE00F0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2015 10:13:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The configuration registry database is corrupt.

Error: (08/15/2015 10:13:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt.
for C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/15/2015 10:13:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The configuration registry database is corrupt.

Error: (08/15/2015 10:13:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt.
for C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/15/2015 10:07:04 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The configuration registry database is corrupt.

Error: (08/15/2015 10:07:04 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt.
for C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/15/2015 10:07:04 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The configuration registry database is corrupt.

Error: (08/15/2015 10:07:04 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt.
for C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/15/2015 09:56:03 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
DETAIL - The configuration registry database is corrupt.

Error: (08/15/2015 09:56:03 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt.
for C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat


System errors:
=============
Error: (08/15/2015 10:13:26 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/15/2015 10:13:25 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/15/2015 10:13:25 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/15/2015 10:13:25 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/15/2015 10:13:24 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/15/2015 10:13:24 AM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/15/2015 10:07:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Evernote.Evernote.

Error: (08/15/2015 10:07:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.XboxOneSmartGlass.

Error: (08/15/2015 10:07:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: AMZNMobileLLC.KindleforWindows8.

Error: (08/15/2015 10:07:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: 34791E63.CanonInkjetPrintUtility.


Microsoft Office:
=========================
Error: (08/15/2015 10:13:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (08/15/2015 10:13:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/15/2015 10:13:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (08/15/2015 10:13:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/15/2015 10:07:04 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (08/15/2015 10:07:04 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/15/2015 10:07:04 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (08/15/2015 10:07:04 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/15/2015 09:56:03 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (08/15/2015 09:56:03 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat


CodeIntegrity:
===================================
Date: 2015-08-13 21:28:07.330
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-13 21:28:07.057
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-13 21:28:06.873
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-13 21:28:06.330
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-13 21:28:05.791
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-13 05:02:45.951
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-13 05:02:45.759
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-13 05:02:45.563
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-13 05:02:45.369
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-13 05:02:45.195
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 42%
Total physical RAM: 8052.91 MB
Available physical RAM: 4614.77 MB
Total Virtual: 16244.91 MB
Available Virtual: 12533.38 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:650.86 GB) (Free:559.73 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1EE3F689)

Partition: GPT.

==================== End of log ============================
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, lets see if we can get windows files back in the majority :)

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

If it is hard to make the fixlist.txt here is one I prepared for you :)
Attached File  fixlist.txt   18.15KB   119 downloads

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [OpenSoftwareUpdater] => C:\Program Files (x86)\OpenSoftwareUpdater\OpenSoftwareUpdater.exe [3733504 2014-04-08] (Installer Technology Co.)
HKLM-x32\...\RunOnce: [SpaceSondPro_v53.1434] => C:\Program Files (x86)\SpaceSondPro_v53.1434\SpaceSondPro_Service.exe [33480 2015-08-12] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [SushiLeadsApplication] => C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe [381440 2015-08-03] ()
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [247032 2015-08-03] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219896 2015-08-03] (Client Connect LTD)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1505448478-352576845-3373465650-1004\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1505448478-352576845-3373465650-1001\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_installertech_15_32&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0B0D0E0DyDyE0BtCyCyEtN0D0Tzu0StCtAtCyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyD0DyC0Ezz0DtB0FtGyB0CyEtDtG0FzyyDtBtGyCyB0E0EtG0B0E0CzyyC0CyD0EtBtA0FyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByD0DtC0ByCtG0FtCyDtAtGyEtAyDtAtGzzyC0C0EtGtAyC0EtCyB0Azy0E0CyB0EtA2QtN0A0LzuyE&cr=2047286878&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_installertech_15_32&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0B0D0E0DyDyE0BtCyCyEtN0D0Tzu0StCtAtCyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyD0DyC0Ezz0DtB0FtGyB0CyEtDtG0FzyyDtBtGyCyB0E0EtG0B0E0CzyyC0CyD0EtBtA0FyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByD0DtC0ByCtG0FtCyDtAtGyEtAyDtAtGzzyC0C0EtGtAyC0EtCyB0Azy0E0CyB0EtA2QtN0A0LzuyE&cr=2047286878&ir=
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3325283&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP2A3F2634-37E6-4F8D-912E-937AEB6007EF&q={searchTerms}&SSPV=
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=&D=081215
FF SearchPlugin: C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\searchplugins\cassiopesa.xml [2015-08-12]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx <not found>
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3240184 2015-08-03] (Client Connect LTD)
R2 comyninu; C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\hnsq5471.tmp [161792 2015-08-08] () [File not signed]
R2 FindingDiscount; C:\Program Files (x86)\Windows Discount\FindingDiscount\FindingDiscount.exe [330240 2015-06-10] () [File not signed]
R2 hyverumu; C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\jnsi33E7.tmp [209920 2015-08-08] () [File not signed]
R2 RuntimeManager; C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe [101888 2015-06-10] () [File not signed]
R2 SushiLeadsUpdaterService; C:\Program Files (x86)\sushileads\NpUpdaterService.exe [10240 2015-08-03] () [File not signed]
R2 WaInterEnhancer Service; C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\InternetEnhancerService.exe [1182720 2015-08-07] () [File not signed]
R2 WeWatcherProxy; C:\Program Files (x86)\ServiceUpdater\WeWatcherProxy.exe [1741016 2015-08-06] (WeWatcher)
R2 wsasvc_1.10.0.19; C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe [299608 2015-06-15] (Word Surfer)
R2 wyhumyqu; C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\knsc1441.tmp [647680 2015-08-14] () [File not signed]
S2 consumerinput_update; no ImagePath
S3 consumerinput_updatem; no ImagePath
S2 RelevantKnowledge; no ImagePath <==== ATTENTION
R1 wsafd_1_10_0_19; C:\Windows\System32\drivers\wsafd_1_10_0_19.sys [57728 2015-06-15] (Word Surfer)
S1 netfilter64; system32\drivers\netfilter64.sys [X]
S3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]
2015-08-14 19:22 - 2015-08-14 19:22 - 00000000 ____D C:\ProgramData\FlashBeat
2015-08-14 19:12 - 2015-08-15 10:15 - 00001154 _____ C:\Users\Kiersten\Desktop\Continue Live Installation.lnk
2015-08-14 05:39 - 2015-08-14 06:38 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP3.job
2015-08-14 05:39 - 2015-08-14 06:38 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP2.job
2015-08-14 05:39 - 2015-08-14 05:59 - 00000378 _____ C:\WINDOWS\Tasks\APSnotifierPP1.job
2015-08-14 05:39 - 2015-08-14 05:39 - 00002830 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP1
2015-08-14 05:39 - 2015-08-14 05:39 - 00002828 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP3
2015-08-14 05:39 - 2015-08-14 05:39 - 00002828 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP2
2015-08-14 05:36 - 2015-08-13 21:26 - 00613255 _____ (CMI Limited) C:\Users\Kiersten\AppData\Local\nscB0F3.tmp
2015-08-13 21:26 - 2015-08-13 21:26 - 00000000 __SHD C:\Users\Kiersten\AppData\Roaming\AnyProtectEx
2015-08-13 21:23 - 2015-08-14 18:39 - 00000000 ____D C:\Users\Kiersten\AppData\Local\SmartWeb
2015-08-12 20:23 - 2015-08-12 20:23 - 00000000 ____D C:\Users\Kiersten\Documents\DailyPCClean
2015-08-12 20:22 - 2015-08-14 05:37 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support
2015-08-12 20:21 - 2015-08-13 02:58 - 00009848 _____ C:\WINDOWS\SysWOW64\WeWatcherProxyOff.ini
2015-08-12 20:21 - 2015-08-13 02:58 - 00009848 _____ C:\WINDOWS\system32\WeWatcherProxyOff.ini
2015-08-12 20:21 - 2015-08-12 20:21 - 00003252 _____ C:\WINDOWS\System32\Tasks\runTask
2015-08-12 20:21 - 2015-08-12 20:21 - 00003156 _____ C:\WINDOWS\System32\Tasks\updateTask
2015-08-12 20:21 - 2015-08-12 20:21 - 00000217 _____ C:\task.vbs
2015-08-12 20:21 - 2015-08-12 20:21 - 00000000 ____D C:\Program Files (x86)\ServiceUpdater
2015-08-12 20:21 - 2015-08-06 18:19 - 00357432 _____ (WeWatcher) C:\WINDOWS\system32\WeWatcherLSP64.dll
2015-08-12 20:21 - 2015-08-06 18:18 - 00305960 _____ (WeWatcher) C:\WINDOWS\SysWOW64\WeWatcherLSP.dll
2015-08-12 20:14 - 2015-08-13 00:19 - 00000000 ____D C:\ProgramData\sushileads
2015-08-12 20:14 - 2015-08-12 20:14 - 00003518 _____ C:\WINDOWS\System32\Tasks\SushiLeads
2015-08-12 20:14 - 2015-08-12 20:14 - 00000000 ____D C:\Program Files (x86)\sushileads
2015-08-12 19:39 - 2015-08-14 18:44 - 00000000 ____D C:\Program Files\SpaceSoundPro
2015-08-12 19:39 - 2015-08-12 20:21 - 00000000 _____ C:\END
2015-08-12 19:39 - 2015-08-12 19:44 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v53.1434
2015-08-12 19:39 - 2015-08-12 19:39 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2015-08-12 19:39 - 2015-08-12 19:39 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2015-08-12 19:29 - 2015-08-12 19:29 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\Compete
2015-08-08 12:21 - 2015-07-21 12:17 - 01084696 _____ (TMRG, Inc.) C:\WINDOWS\system32\rlls64.dll
2015-08-08 12:20 - 2015-08-08 12:20 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\Compete
2015-08-08 12:19 - 2015-08-08 12:19 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\OpenSoftwareUpdater
2015-08-08 12:19 - 2015-08-08 12:19 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\InstantSupport
2015-08-08 12:18 - 2015-08-08 12:18 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\PCAcceleratePro
2015-08-08 12:17 - 2015-08-08 12:17 - 00003488 _____ C:\WINDOWS\System32\Tasks\bvxvyxvec
2015-08-08 12:16 - 2015-08-15 09:54 - 00000354 _____ C:\WINDOWS\Tasks\OMYQNNDMU1.job
2015-08-08 12:16 - 2015-08-14 07:16 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-08-08 12:16 - 2015-08-12 19:25 - 00000000 ____D C:\Users\Kiersten\AppData\Local\SearchProtect
2015-08-08 12:16 - 2015-08-08 12:18 - 00000000 ____D C:\ProgramData\Service1291
2015-08-08 12:16 - 2015-08-08 12:17 - 00000000 ____D C:\Users\Kiersten\AppData\Local\bvxvyxvec
2015-08-08 12:16 - 2015-08-08 12:16 - 00002868 _____ C:\WINDOWS\System32\Tasks\OMYQNNDMU1
2015-08-08 12:16 - 2015-08-08 12:16 - 00000000 ____D C:\Users\CareBear17\AppData\Local\SearchProtect
2015-08-08 12:16 - 2015-08-08 12:16 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-08-08 12:15 - 2015-08-08 12:15 - 00004180 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update
2015-08-08 12:15 - 2015-08-08 12:15 - 00004170 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core
2015-08-08 12:15 - 2015-08-08 12:15 - 00000000 ____D C:\Program Files (x86)\WordSurfer_1.10.0.19
2015-08-08 12:07 - 2015-08-15 10:12 - 00000992 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job
2015-08-08 12:07 - 2015-08-15 09:54 - 00000988 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job
2015-08-08 12:07 - 2015-08-08 12:07 - 00003862 _____ C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2015-08-08 12:07 - 2015-08-08 12:07 - 00003626 _____ C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2015-08-08 12:07 - 2015-08-08 12:07 - 00001162 _____ C:\Users\Public\Desktop\OpenSoftwareUpdater.lnk
2015-08-08 12:07 - 2015-08-08 12:07 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\OpenSoftwareUpdater
2015-08-08 12:07 - 2015-08-08 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSoftwareUpdater
2015-08-08 12:07 - 2015-08-08 12:07 - 00000000 ____D C:\Program Files (x86)\OpenSoftwareUpdater
2015-08-08 12:06 - 2015-08-08 12:06 - 00000000 ____D C:\ProgramData\Windows Discount
2015-08-08 12:06 - 2015-08-08 12:06 - 00000000 ____D C:\Program Files (x86)\Windows Discount
2015-08-08 12:05 - 2015-08-14 05:37 - 00000000 ____D C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E
2015-08-08 12:05 - 2015-08-12 19:30 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2015-08-08 12:05 - 2015-08-08 12:05 - 00003256 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
2015-08-08 12:05 - 2015-08-08 12:05 - 00001090 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2015-08-08 12:05 - 2015-08-08 12:05 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-08-08 12:05 - 2015-08-08 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer
2015-08-08 12:05 - 2015-08-08 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2015-08-08 12:05 - 2015-08-08 12:05 - 00000000 ____D C:\Program Files (x86)\WaInterEnhancer
2015-08-08 12:04 - 2015-08-08 12:04 - 03719524 _____ C:\Users\CareBear17\Downloads\forge-1.8-11.14.3.1502-installer.jar
2015-08-08 12:04 - 2015-08-08 12:04 - 00000000 ____D C:\Users\Kiersten\AppData\Local\59790140
2015-08-08 12:04 - 2015-08-08 12:04 - 00000000 ____D C:\Users\Kiersten\AppData\Local\{C35BF507-E7F3-99BF-8A6B-BC57AE0340CF}
2015-08-08 12:04 - 2015-08-08 12:04 - 00000000 ____D C:\Program Files (x86)\TestXp
Task: {0AAB1B5D-C707-4706-B31E-1FA577F47CEF} - System32\Tasks\bvxvyxvec => C:\Users\Kiersten\AppData\Local\bvxvyxvec\bvxvyxvec.exe [2015-08-03] () <==== ATTENTION
Task: {0C1AD099-B7C9-459C-94B8-304166BBDFA9} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {0F23281E-688D-406A-937D-B9D31FD51139} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2015-07-31] ()
Task: {1CEFB9CD-0DFE-47CA-A74A-6B18DEF92CAB} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {2E230C96-DC86-4858-9ED7-768E6FED8C5A} - System32\Tasks\OMYQNNDMU1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {5151ED8B-07EE-45AC-8E74-7107D2752C55} - System32\Tasks\{ED9F8D0B-4A34-4DE7-8103-6CEC5E3CBBB8} => pcalua.exe -a "C:\Program Files (x86)\AnyProtectEx\uninstall.exe" <==== ATTENTION
Task: {61195080-B284-4AEA-8C83-7B536CBEEC1A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {7375A6A9-E560-48AE-A811-DD1FBF702843} - \One System Care Run Delay -> No File <==== ATTENTION
Task: {76DB686F-AC50-43EE-8971-FEFD12BB88C6} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {7C8EA910-6B1F-4251-B74A-8AA54F8D89B3} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {7DDB85A3-5086-477B-8D93-1FD7B3CEE020} - System32\Tasks\Kaomonaenuvn => C:\ProgramData\Kaomonaenuvn\1.0.1.0\jlewroan.exe <==== ATTENTION
Task: {820F8488-4F1B-4C16-8B2E-FA99306D80AC} - System32\Tasks\runTask => %TEMP%/Updater.exe
Task: {83C4FBA0-2389-48DF-9A3F-531F055C89C8} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {84E5164E-1A4D-4834-ABE1-CD184C7B634E} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {8675385C-87AA-4D64-AF15-2B55C8347137} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-15] (Word Surfer)
Task: {9AFB7AD6-53F0-4FD0-B40F-B5D90F731EA3} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe [2015-08-03] ()
Task: {A5F3B644-7F68-4BC4-B5F2-881E9341C414} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {AA43EE18-EC9A-4DFF-9BC3-AC656808AAD3} - \PennyBee -> No File <==== ATTENTION
Task: {AB864495-C7A3-4D17-B8B8-30C9E3C4897B} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EDC411FF-FC17-421C-A3B3-78562294A7C0} - System32\Tasks\updateTask => c:\task.vbs [2015-08-12] ()
Task: {F8C498A3-C4A9-4ABB-A093-7C53DBA1FCA4} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {FC34BC7A-110D-41BB-B52F-C875FA80F7CB} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-15] (Word Surfer)
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\OMYQNNDMU1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WeWatcherProxy => ""="service"
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\Optimizer Pro
C:\Program Files (x86)\Windows Discount
C:\Program Files (x86)\Windows NT
C:\Program Files (x86)\sushileads
C:\Program Files (x86)\WaInterEnhancer
C:\Program Files (x86)\ServiceUpdater
C:\Program Files (x86)\WordSurfer_1.10.0.19
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\OneSystemCare
C:\Program Files (x86)\SpaceSondPro_v53.1434
C:\Program Files (x86)\OpenSoftwareUpdater
C:\Program Files (x86)\Lavasoft\
C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
Kiersten

Kiersten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Kiersten (2015-08-15 15:54:11) Run:1
Running from C:\Users\Kiersten\Desktop
Loaded Profiles: Kiersten (Available Profiles: & Kiersten & CareBear17)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [OpenSoftwareUpdater] => C:\Program Files (x86)\OpenSoftwareUpdater\OpenSoftwareUpdater.exe [3733504 2014-04-08] (Installer Technology Co.)
HKLM-x32\...\RunOnce: [SpaceSondPro_v53.1434] => C:\Program Files (x86)\SpaceSondPro_v53.1434\SpaceSondPro_Service.exe [33480 2015-08-12] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [SushiLeadsApplication] => C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe [381440 2015-08-03] ()
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [247032 2015-08-03] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219896 2015-08-03] (Client Connect LTD)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1505448478-352576845-3373465650-1004\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1505448478-352576845-3373465650-1001\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_installertech_15_32&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0B0D0E0DyDyE0BtCyCyEtN0D0Tzu0StCtAtCyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyD0DyC0Ezz0DtB0FtGyB0CyEtDtG0FzyyDtBtGyCyB0E0EtG0B0E0CzyyC0CyD0EtBtA0FyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByD0DtC0ByCtG0FtCyDtAtGyEtAyDtAtGzzyC0C0EtGtAyC0EtCyB0Azy0E0CyB0EtA2QtN0A0LzuyE&cr=2047286878&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_installertech_15_32&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0B0D0E0DyDyE0BtCyCyEtN0D0Tzu0StCtAtCyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyD0DyC0Ezz0DtB0FtGyB0CyEtDtG0FzyyDtBtGyCyB0E0EtG0B0E0CzyyC0CyD0EtBtA0FyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByD0DtC0ByCtG0FtCyDtAtGyEtAyDtAtGzzyC0C0EtGtAyC0EtCyB0Azy0E0CyB0EtA2QtN0A0LzuyE&cr=2047286878&ir=
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3325283&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP2A3F2634-37E6-4F8D-912E-937AEB6007EF&q={searchTerms}&SSPV=
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=&D=081215
FF SearchPlugin: C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\searchplugins\cassiopesa.xml [2015-08-12]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx <not found>
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3240184 2015-08-03] (Client Connect LTD)
R2 comyninu; C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\hnsq5471.tmp [161792 2015-08-08] () [File not signed]
R2 FindingDiscount; C:\Program Files (x86)\Windows Discount\FindingDiscount\FindingDiscount.exe [330240 2015-06-10] () [File not signed]
R2 hyverumu; C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\jnsi33E7.tmp [209920 2015-08-08] () [File not signed]
R2 RuntimeManager; C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe [101888 2015-06-10] () [File not signed]
R2 SushiLeadsUpdaterService; C:\Program Files (x86)\sushileads\NpUpdaterService.exe [10240 2015-08-03] () [File not signed]
R2 WaInterEnhancer Service; C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\InternetEnhancerService.exe [1182720 2015-08-07] () [File not signed]
R2 WeWatcherProxy; C:\Program Files (x86)\ServiceUpdater\WeWatcherProxy.exe [1741016 2015-08-06] (WeWatcher)
R2 wsasvc_1.10.0.19; C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe [299608 2015-06-15] (Word Surfer)
R2 wyhumyqu; C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\knsc1441.tmp [647680 2015-08-14] () [File not signed]
S2 consumerinput_update; no ImagePath
S3 consumerinput_updatem; no ImagePath
S2 RelevantKnowledge; no ImagePath <==== ATTENTION
R1 wsafd_1_10_0_19; C:\Windows\System32\drivers\wsafd_1_10_0_19.sys [57728 2015-06-15] (Word Surfer)
S1 netfilter64; system32\drivers\netfilter64.sys [X]
S3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]
2015-08-14 19:22 - 2015-08-14 19:22 - 00000000 ____D C:\ProgramData\FlashBeat
2015-08-14 19:12 - 2015-08-15 10:15 - 00001154 _____ C:\Users\Kiersten\Desktop\Continue Live Installation.lnk
2015-08-14 05:39 - 2015-08-14 06:38 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP3.job
2015-08-14 05:39 - 2015-08-14 06:38 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP2.job
2015-08-14 05:39 - 2015-08-14 05:59 - 00000378 _____ C:\WINDOWS\Tasks\APSnotifierPP1.job
2015-08-14 05:39 - 2015-08-14 05:39 - 00002830 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP1
2015-08-14 05:39 - 2015-08-14 05:39 - 00002828 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP3
2015-08-14 05:39 - 2015-08-14 05:39 - 00002828 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP2
2015-08-14 05:36 - 2015-08-13 21:26 - 00613255 _____ (CMI Limited) C:\Users\Kiersten\AppData\Local\nscB0F3.tmp
2015-08-13 21:26 - 2015-08-13 21:26 - 00000000 __SHD C:\Users\Kiersten\AppData\Roaming\AnyProtectEx
2015-08-13 21:23 - 2015-08-14 18:39 - 00000000 ____D C:\Users\Kiersten\AppData\Local\SmartWeb
2015-08-12 20:23 - 2015-08-12 20:23 - 00000000 ____D C:\Users\Kiersten\Documents\DailyPCClean
2015-08-12 20:22 - 2015-08-14 05:37 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support
2015-08-12 20:21 - 2015-08-13 02:58 - 00009848 _____ C:\WINDOWS\SysWOW64\WeWatcherProxyOff.ini
2015-08-12 20:21 - 2015-08-13 02:58 - 00009848 _____ C:\WINDOWS\system32\WeWatcherProxyOff.ini
2015-08-12 20:21 - 2015-08-12 20:21 - 00003252 _____ C:\WINDOWS\System32\Tasks\runTask
2015-08-12 20:21 - 2015-08-12 20:21 - 00003156 _____ C:\WINDOWS\System32\Tasks\updateTask
2015-08-12 20:21 - 2015-08-12 20:21 - 00000217 _____ C:\task.vbs
2015-08-12 20:21 - 2015-08-12 20:21 - 00000000 ____D C:\Program Files (x86)\ServiceUpdater
2015-08-12 20:21 - 2015-08-06 18:19 - 00357432 _____ (WeWatcher) C:\WINDOWS\system32\WeWatcherLSP64.dll
2015-08-12 20:21 - 2015-08-06 18:18 - 00305960 _____ (WeWatcher) C:\WINDOWS\SysWOW64\WeWatcherLSP.dll
2015-08-12 20:14 - 2015-08-13 00:19 - 00000000 ____D C:\ProgramData\sushileads
2015-08-12 20:14 - 2015-08-12 20:14 - 00003518 _____ C:\WINDOWS\System32\Tasks\SushiLeads
2015-08-12 20:14 - 2015-08-12 20:14 - 00000000 ____D C:\Program Files (x86)\sushileads
2015-08-12 19:39 - 2015-08-14 18:44 - 00000000 ____D C:\Program Files\SpaceSoundPro
2015-08-12 19:39 - 2015-08-12 20:21 - 00000000 _____ C:\END
2015-08-12 19:39 - 2015-08-12 19:44 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v53.1434
2015-08-12 19:39 - 2015-08-12 19:39 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2015-08-12 19:39 - 2015-08-12 19:39 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2015-08-12 19:29 - 2015-08-12 19:29 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\Compete
2015-08-08 12:21 - 2015-07-21 12:17 - 01084696 _____ (TMRG, Inc.) C:\WINDOWS\system32\rlls64.dll
2015-08-08 12:20 - 2015-08-08 12:20 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\Compete
2015-08-08 12:19 - 2015-08-08 12:19 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\OpenSoftwareUpdater
2015-08-08 12:19 - 2015-08-08 12:19 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\InstantSupport
2015-08-08 12:18 - 2015-08-08 12:18 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\PCAcceleratePro
2015-08-08 12:17 - 2015-08-08 12:17 - 00003488 _____ C:\WINDOWS\System32\Tasks\bvxvyxvec
2015-08-08 12:16 - 2015-08-15 09:54 - 00000354 _____ C:\WINDOWS\Tasks\OMYQNNDMU1.job
2015-08-08 12:16 - 2015-08-14 07:16 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-08-08 12:16 - 2015-08-12 19:25 - 00000000 ____D C:\Users\Kiersten\AppData\Local\SearchProtect
2015-08-08 12:16 - 2015-08-08 12:18 - 00000000 ____D C:\ProgramData\Service1291
2015-08-08 12:16 - 2015-08-08 12:17 - 00000000 ____D C:\Users\Kiersten\AppData\Local\bvxvyxvec
2015-08-08 12:16 - 2015-08-08 12:16 - 00002868 _____ C:\WINDOWS\System32\Tasks\OMYQNNDMU1
2015-08-08 12:16 - 2015-08-08 12:16 - 00000000 ____D C:\Users\CareBear17\AppData\Local\SearchProtect
2015-08-08 12:16 - 2015-08-08 12:16 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-08-08 12:15 - 2015-08-08 12:15 - 00004180 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update
2015-08-08 12:15 - 2015-08-08 12:15 - 00004170 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core
2015-08-08 12:15 - 2015-08-08 12:15 - 00000000 ____D C:\Program Files (x86)\WordSurfer_1.10.0.19
2015-08-08 12:07 - 2015-08-15 10:12 - 00000992 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job
2015-08-08 12:07 - 2015-08-15 09:54 - 00000988 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job
2015-08-08 12:07 - 2015-08-08 12:07 - 00003862 _____ C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2015-08-08 12:07 - 2015-08-08 12:07 - 00003626 _____ C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2015-08-08 12:07 - 2015-08-08 12:07 - 00001162 _____ C:\Users\Public\Desktop\OpenSoftwareUpdater.lnk
2015-08-08 12:07 - 2015-08-08 12:07 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\OpenSoftwareUpdater
2015-08-08 12:07 - 2015-08-08 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSoftwareUpdater
2015-08-08 12:07 - 2015-08-08 12:07 - 00000000 ____D C:\Program Files (x86)\OpenSoftwareUpdater
2015-08-08 12:06 - 2015-08-08 12:06 - 00000000 ____D C:\ProgramData\Windows Discount
2015-08-08 12:06 - 2015-08-08 12:06 - 00000000 ____D C:\Program Files (x86)\Windows Discount
2015-08-08 12:05 - 2015-08-14 05:37 - 00000000 ____D C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E
2015-08-08 12:05 - 2015-08-12 19:30 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2015-08-08 12:05 - 2015-08-08 12:05 - 00003256 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
2015-08-08 12:05 - 2015-08-08 12:05 - 00001090 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2015-08-08 12:05 - 2015-08-08 12:05 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-08-08 12:05 - 2015-08-08 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer
2015-08-08 12:05 - 2015-08-08 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2015-08-08 12:05 - 2015-08-08 12:05 - 00000000 ____D C:\Program Files (x86)\WaInterEnhancer
2015-08-08 12:04 - 2015-08-08 12:04 - 03719524 _____ C:\Users\CareBear17\Downloads\forge-1.8-11.14.3.1502-installer.jar
2015-08-08 12:04 - 2015-08-08 12:04 - 00000000 ____D C:\Users\Kiersten\AppData\Local\59790140
2015-08-08 12:04 - 2015-08-08 12:04 - 00000000 ____D C:\Users\Kiersten\AppData\Local\{C35BF507-E7F3-99BF-8A6B-BC57AE0340CF}
2015-08-08 12:04 - 2015-08-08 12:04 - 00000000 ____D C:\Program Files (x86)\TestXp
Task: {0AAB1B5D-C707-4706-B31E-1FA577F47CEF} - System32\Tasks\bvxvyxvec => C:\Users\Kiersten\AppData\Local\bvxvyxvec\bvxvyxvec.exe [2015-08-03] () <==== ATTENTION
Task: {0C1AD099-B7C9-459C-94B8-304166BBDFA9} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {0F23281E-688D-406A-937D-B9D31FD51139} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2015-07-31] ()
Task: {1CEFB9CD-0DFE-47CA-A74A-6B18DEF92CAB} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {2E230C96-DC86-4858-9ED7-768E6FED8C5A} - System32\Tasks\OMYQNNDMU1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {5151ED8B-07EE-45AC-8E74-7107D2752C55} - System32\Tasks\{ED9F8D0B-4A34-4DE7-8103-6CEC5E3CBBB8} => pcalua.exe -a "C:\Program Files (x86)\AnyProtectEx\uninstall.exe" <==== ATTENTION
Task: {61195080-B284-4AEA-8C83-7B536CBEEC1A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {7375A6A9-E560-48AE-A811-DD1FBF702843} - \One System Care Run Delay -> No File <==== ATTENTION
Task: {76DB686F-AC50-43EE-8971-FEFD12BB88C6} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {7C8EA910-6B1F-4251-B74A-8AA54F8D89B3} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {7DDB85A3-5086-477B-8D93-1FD7B3CEE020} - System32\Tasks\Kaomonaenuvn => C:\ProgramData\Kaomonaenuvn\1.0.1.0\jlewroan.exe <==== ATTENTION
Task: {820F8488-4F1B-4C16-8B2E-FA99306D80AC} - System32\Tasks\runTask => %TEMP%/Updater.exe
Task: {83C4FBA0-2389-48DF-9A3F-531F055C89C8} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {84E5164E-1A4D-4834-ABE1-CD184C7B634E} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {8675385C-87AA-4D64-AF15-2B55C8347137} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-15] (Word Surfer)
Task: {9AFB7AD6-53F0-4FD0-B40F-B5D90F731EA3} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe [2015-08-03] ()
Task: {A5F3B644-7F68-4BC4-B5F2-881E9341C414} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {AA43EE18-EC9A-4DFF-9BC3-AC656808AAD3} - \PennyBee -> No File <==== ATTENTION
Task: {AB864495-C7A3-4D17-B8B8-30C9E3C4897B} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EDC411FF-FC17-421C-A3B3-78562294A7C0} - System32\Tasks\updateTask => c:\task.vbs [2015-08-12] ()
Task: {F8C498A3-C4A9-4ABB-A093-7C53DBA1FCA4} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {FC34BC7A-110D-41BB-B52F-C875FA80F7CB} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-15] (Word Surfer)
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\OMYQNNDMU1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WeWatcherProxy => ""="service"
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\Optimizer Pro
C:\Program Files (x86)\Windows Discount
C:\Program Files (x86)\Windows NT
C:\Program Files (x86)\sushileads
C:\Program Files (x86)\WaInterEnhancer
C:\Program Files (x86)\ServiceUpdater
C:\Program Files (x86)\WordSurfer_1.10.0.19
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\OneSystemCare
C:\Program Files (x86)\SpaceSondPro_v53.1434
C:\Program Files (x86)\OpenSoftwareUpdater
C:\Program Files (x86)\Lavasoft\
C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpaceSoundPro => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\OpenSoftwareUpdater => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\SpaceSondPro_v53.1434 => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SushiLeadsApplication => value removed successfully
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" => Value data removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully
HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully
HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully
HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully
HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully.
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1505448478-352576845-3373465650-1004\User => moved successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1505448478-352576845-3373465650-1001\User => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000016" => key removed successfully
Firefox "newtab" removed successfully
C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\searchplugins\cassiopesa.xml => moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole" => key removed successfully
CltMngSvc => Unable to stop service.
CltMngSvc => service removed successfully
comyninu => Unable to stop service.
comyninu => service removed successfully
FindingDiscount => Unable to stop service.
FindingDiscount => service removed successfully
hyverumu => Unable to stop service.
hyverumu => service removed successfully
RuntimeManager => Unable to stop service.
RuntimeManager => service removed successfully
SushiLeadsUpdaterService => Unable to stop service.
SushiLeadsUpdaterService => service removed successfully
WaInterEnhancer Service => Unable to stop service.
WaInterEnhancer Service => service removed successfully
WeWatcherProxy => Unable to stop service.
WeWatcherProxy => service removed successfully
wsasvc_1.10.0.19 => Unable to stop service.
wsasvc_1.10.0.19 => service removed successfully
wyhumyqu => service not found.
consumerinput_update => service removed successfully
consumerinput_updatem => service removed successfully
RelevantKnowledge => service removed successfully
wsafd_1_10_0_19 => Unable to stop service.
wsafd_1_10_0_19 => service removed successfully
netfilter64 => service removed successfully
SPPD => service removed successfully
C:\ProgramData\FlashBeat => moved successfully.
C:\Users\Kiersten\Desktop\Continue Live Installation.lnk => moved successfully.
C:\WINDOWS\Tasks\APSnotifierPP3.job => moved successfully.
C:\WINDOWS\Tasks\APSnotifierPP2.job => moved successfully.
C:\WINDOWS\Tasks\APSnotifierPP1.job => moved successfully.
C:\WINDOWS\System32\Tasks\APSnotifierPP1 => moved successfully.
C:\WINDOWS\System32\Tasks\APSnotifierPP3 => moved successfully.
C:\WINDOWS\System32\Tasks\APSnotifierPP2 => moved successfully.
C:\Users\Kiersten\AppData\Local\nscB0F3.tmp => moved successfully.
C:\Users\Kiersten\AppData\Roaming\AnyProtectEx => moved successfully.

"C:\Users\Kiersten\AppData\Local\SmartWeb" folder move:

Could not move "C:\Users\Kiersten\AppData\Local\SmartWeb" => Scheduled to move on reboot.

C:\Users\Kiersten\Documents\DailyPCClean => moved successfully.
C:\Program Files (x86)\DailyPcClean Support => moved successfully.
C:\WINDOWS\SysWOW64\WeWatcherProxyOff.ini => moved successfully.
C:\WINDOWS\system32\WeWatcherProxyOff.ini => moved successfully.
C:\WINDOWS\System32\Tasks\runTask => moved successfully.
C:\WINDOWS\System32\Tasks\updateTask => moved successfully.
C:\task.vbs => moved successfully.
C:\Program Files (x86)\ServiceUpdater => moved successfully.
C:\WINDOWS\system32\WeWatcherLSP64.dll => moved successfully.
C:\WINDOWS\SysWOW64\WeWatcherLSP.dll => moved successfully.
C:\ProgramData\sushileads => moved successfully.
C:\WINDOWS\System32\Tasks\SushiLeads => moved successfully.

"C:\Program Files (x86)\sushileads" folder move:

Could not move "C:\Program Files (x86)\sushileads" => Scheduled to move on reboot.

C:\Program Files\SpaceSoundPro => moved successfully.
C:\END => moved successfully.
C:\Program Files (x86)\SpaceSondPro_v53.1434 => moved successfully.
C:\Program Files (x86)\SpaceSondPro => moved successfully.
C:\WINDOWS\SysWOW64\Number of results => moved successfully.
C:\Users\Kiersten\AppData\Roaming\Compete => moved successfully.
C:\WINDOWS\system32\rlls64.dll => moved successfully.
C:\Users\CareBear17\AppData\Roaming\Compete => moved successfully.
C:\Users\CareBear17\AppData\Roaming\OpenSoftwareUpdater => moved successfully.
C:\Users\CareBear17\AppData\Roaming\InstantSupport => moved successfully.
C:\Users\CareBear17\AppData\Roaming\PCAcceleratePro => moved successfully.
C:\WINDOWS\System32\Tasks\bvxvyxvec => moved successfully.
C:\WINDOWS\Tasks\OMYQNNDMU1.job => moved successfully.

"C:\Program Files (x86)\SearchProtect" folder move:

Could not move "C:\Program Files (x86)\SearchProtect" => Scheduled to move on reboot.


"C:\Users\Kiersten\AppData\Local\SearchProtect" folder move:

Could not move "C:\Users\Kiersten\AppData\Local\SearchProtect" => Scheduled to move on reboot.

C:\ProgramData\Service1291 => moved successfully.
C:\Users\Kiersten\AppData\Local\bvxvyxvec => moved successfully.
C:\WINDOWS\System32\Tasks\OMYQNNDMU1 => moved successfully.

"C:\Users\CareBear17\AppData\Local\SearchProtect" folder move:

Could not move "C:\Users\CareBear17\AppData\Local\SearchProtect" => Scheduled to move on reboot.

C:\ProgramData\28341ff220e0446c9fff27c4493d622e => moved successfully.
C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update => moved successfully.
C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core => moved successfully.
C:\Program Files (x86)\WordSurfer_1.10.0.19 => moved successfully.
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => moved successfully.
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => moved successfully.
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA => moved successfully.
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore => moved successfully.
C:\Users\Public\Desktop\OpenSoftwareUpdater.lnk => moved successfully.
C:\Users\Kiersten\AppData\Roaming\OpenSoftwareUpdater => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSoftwareUpdater => moved successfully.
C:\Program Files (x86)\OpenSoftwareUpdater => moved successfully.
C:\ProgramData\Windows Discount => moved successfully.

"C:\Program Files (x86)\Windows Discount" folder move:

Could not move "C:\Program Files (x86)\Windows Discount" => Scheduled to move on reboot.

C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E => moved successfully.
C:\Program Files (x86)\OneSystemCare => moved successfully.
C:\WINDOWS\System32\Tasks\One System Care Monitor => moved successfully.
C:\Users\Public\Desktop\Launch One System Care.lnk => moved successfully.
C:\Users\Kiersten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care => moved successfully.

"C:\Program Files (x86)\WaInterEnhancer" folder move:

Could not move "C:\Program Files (x86)\WaInterEnhancer" => Scheduled to move on reboot.

C:\Users\CareBear17\Downloads\forge-1.8-11.14.3.1502-installer.jar => moved successfully.
C:\Users\Kiersten\AppData\Local\59790140 => moved successfully.
C:\Users\Kiersten\AppData\Local\{C35BF507-E7F3-99BF-8A6B-BC57AE0340CF} => moved successfully.
C:\Program Files (x86)\TestXp => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AAB1B5D-C707-4706-B31E-1FA577F47CEF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AAB1B5D-C707-4706-B31E-1FA577F47CEF}" => key removed successfully
C:\WINDOWS\System32\Tasks\bvxvyxvec not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvyxvec" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C1AD099-B7C9-459C-94B8-304166BBDFA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C1AD099-B7C9-459C-94B8-304166BBDFA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0F23281E-688D-406A-937D-B9D31FD51139}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F23281E-688D-406A-937D-B9D31FD51139}" => key removed successfully
C:\WINDOWS\System32\Tasks\One System Care Monitor not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CEFB9CD-0DFE-47CA-A74A-6B18DEF92CAB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CEFB9CD-0DFE-47CA-A74A-6B18DEF92CAB}" => key removed successfully
C:\WINDOWS\System32\Tasks\APSnotifierPP2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E230C96-DC86-4858-9ED7-768E6FED8C5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E230C96-DC86-4858-9ED7-768E6FED8C5A}" => key removed successfully
C:\WINDOWS\System32\Tasks\OMYQNNDMU1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OMYQNNDMU1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5151ED8B-07EE-45AC-8E74-7107D2752C55}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5151ED8B-07EE-45AC-8E74-7107D2752C55}" => key removed successfully
C:\WINDOWS\System32\Tasks\{ED9F8D0B-4A34-4DE7-8103-6CEC5E3CBBB8} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ED9F8D0B-4A34-4DE7-8103-6CEC5E3CBBB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61195080-B284-4AEA-8C83-7B536CBEEC1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61195080-B284-4AEA-8C83-7B536CBEEC1A}" => key removed successfully
C:\WINDOWS\System32\Tasks\LaunchSignup => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7375A6A9-E560-48AE-A811-DD1FBF702843}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7375A6A9-E560-48AE-A811-DD1FBF702843}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Run Delay" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76DB686F-AC50-43EE-8971-FEFD12BB88C6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76DB686F-AC50-43EE-8971-FEFD12BB88C6}" => key removed successfully
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C8EA910-6B1F-4251-B74A-8AA54F8D89B3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C8EA910-6B1F-4251-B74A-8AA54F8D89B3}" => key removed successfully
C:\WINDOWS\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7DDB85A3-5086-477B-8D93-1FD7B3CEE020}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DDB85A3-5086-477B-8D93-1FD7B3CEE020}" => key removed successfully
C:\WINDOWS\System32\Tasks\Kaomonaenuvn => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Kaomonaenuvn" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{820F8488-4F1B-4C16-8B2E-FA99306D80AC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{820F8488-4F1B-4C16-8B2E-FA99306D80AC}" => key removed successfully
C:\WINDOWS\System32\Tasks\runTask not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\runTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{83C4FBA0-2389-48DF-9A3F-531F055C89C8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83C4FBA0-2389-48DF-9A3F-531F055C89C8}" => key removed successfully
C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{84E5164E-1A4D-4834-ABE1-CD184C7B634E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84E5164E-1A4D-4834-ABE1-CD184C7B634E}" => key removed successfully
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8675385C-87AA-4D64-AF15-2B55C8347137}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8675385C-87AA-4D64-AF15-2B55C8347137}" => key removed successfully
C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Pending Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AFB7AD6-53F0-4FD0-B40F-B5D90F731EA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AFB7AD6-53F0-4FD0-B40F-B5D90F731EA3}" => key removed successfully
C:\WINDOWS\System32\Tasks\SushiLeads not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SushiLeads" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5F3B644-7F68-4BC4-B5F2-881E9341C414}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5F3B644-7F68-4BC4-B5F2-881E9341C414}" => key removed successfully
C:\WINDOWS\System32\Tasks\APSnotifierPP1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA43EE18-EC9A-4DFF-9BC3-AC656808AAD3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA43EE18-EC9A-4DFF-9BC3-AC656808AAD3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PennyBee" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB864495-C7A3-4D17-B8B8-30C9E3C4897B} => key not found.
C:\WINDOWS\System32\Tasks\APSnotifierPP3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDC411FF-FC17-421C-A3B3-78562294A7C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDC411FF-FC17-421C-A3B3-78562294A7C0}" => key removed successfully
C:\WINDOWS\System32\Tasks\updateTask not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\updateTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8C498A3-C4A9-4ABB-A093-7C53DBA1FCA4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8C498A3-C4A9-4ABB-A093-7C53DBA1FCA4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC34BC7A-110D-41BB-B52F-C875FA80F7CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC34BC7A-110D-41BB-B52F-C875FA80F7CB}" => key removed successfully
C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Core" => key removed successfully
C:\WINDOWS\Tasks\APSnotifierPP1.job not found.
C:\WINDOWS\Tasks\APSnotifierPP2.job not found.
C:\WINDOWS\Tasks\APSnotifierPP3.job not found.
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job not found.
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job not found.
C:\WINDOWS\Tasks\OMYQNNDMU1.job not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WeWatcherProxy" => key removed successfully
"C:\Program Files (x86)\MyPC Backup" => File/Folder not found.
"C:\Program Files (x86)\Optimizer Pro" => File/Folder not found.

"C:\Program Files (x86)\Windows Discount" folder move:

Could not move "C:\Program Files (x86)\Windows Discount" => Scheduled to move on reboot.

C:\Program Files (x86)\Windows NT => moved successfully.

"C:\Program Files (x86)\sushileads" folder move:

Could not move "C:\Program Files (x86)\sushileads" => Scheduled to move on reboot.


"C:\Program Files (x86)\WaInterEnhancer" folder move:

Could not move "C:\Program Files (x86)\WaInterEnhancer" => Scheduled to move on reboot.

"C:\Program Files (x86)\ServiceUpdater" => File/Folder not found.
"C:\Program Files (x86)\WordSurfer_1.10.0.19" => File/Folder not found.

"C:\Program Files (x86)\SearchProtect" folder move:

Could not move "C:\Program Files (x86)\SearchProtect" => Scheduled to move on reboot.

"C:\Program Files (x86)\OneSystemCare" => File/Folder not found.
"C:\Program Files (x86)\SpaceSondPro_v53.1434" => File/Folder not found.
"C:\Program Files (x86)\OpenSoftwareUpdater" => File/Folder not found.
"C:\Program Files (x86)\Lavasoft" => File/Folder not found.
"C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E" => File/Folder not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

========= netsh advfirewall reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Subinterface, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : fd57:6348:bced:0:cd56:c92f:ef98:9f0e
Temporary IPv6 Address. . . . . . : fd57:6348:bced:0:e464:503a:4a79:6849
Link-local IPv6 Address . . . . . : fe80::cd56:c92f:ef98:9f0e%4
Default Gateway . . . . . . . . . : fe80::cad7:19ff:fea5:beb3%4

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . : columbus.rr.com
IPv6 Address. . . . . . . . . . . : fd57:6348:bced:0:cd56:c92f:ef98:9f0e
Temporary IPv6 Address. . . . . . : fd57:6348:bced:0:e464:503a:4a79:6849
Link-local IPv6 Address . . . . . : fe80::cd56:c92f:ef98:9f0e%4
IPv4 Address. . . . . . . . . . . : 192.168.1.112
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::cad7:19ff:fea5:beb3%4
192.168.1.1

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting , failed.
Access is denied.

Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Subinterface, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {34787C0A-E82D-4656-8C7D-DA0B8F3F2CC8}.
Unable to cancel {C2FCF6D5-9D94-429A-B59A-FEB24B92A73F}.
Unable to cancel {064B3A71-2759-4893-A47A-DA420376DAA1}.
Unable to cancel {4DB67FF0-E5C1-487A-A1DB-7B3D8F8569A3}.
Unable to cancel {D6119A37-37B6-426F-A0F5-CBBA44A4E929}.
Unable to cancel {CA2CEAD4-C255-49BF-9FE4-D48FF5C6B032}.
Unable to cancel {696408CD-68D3-410A-A9E3-F8EC1E9B45A9}.
Unable to cancel {5D173780-AB00-48B8-A751-B598C945F50A}.
Unable to cancel {252736BE-C242-4C98-883B-9136176B1FCD}.
Unable to cancel {A4AD1335-71CB-432F-B291-11DD0C3DFFA1}.
Unable to cancel {B7A14566-1934-45C5-A110-A430D9CA0130}.
Unable to cancel {9DCFE038-3059-4A34-9184-97770CDC6BFC}.
Unable to cancel {4BD6B64E-799E-4005-9FD2-436157920E80}.
Unable to cancel {8BBE22B5-C6D6-46DD-8781-DDCA4362E7A5}.
Unable to cancel {DE092A0C-43CB-443F-9996-8B236D140D13}.
Unable to cancel {1C5C0BB9-2F30-4E0C-8A71-989728CCCC9C}.
{453C8E2E-A2B6-4509-B87B-600C2E28FEEB} canceled.
{67D5E6BB-ED0C-46B7-9B10-3E6089537DB3} canceled.
{B8DA2AF0-35FE-4C0A-AACC-7A1E352F9B3F} canceled.
{6122BEB2-562A-4B09-81CA-3B0EDD97E01E} canceled.
{3A9AA76C-E680-4B2A-917A-F0E9A70F6A29} canceled.
Unable to cancel {3C93527D-9AA2-4008-B633-774B563F7941}.
Unable to cancel {223BB204-C5A3-4EDA-8478-5011AE00A745}.
Unable to cancel {7DB489F9-D72F-453F-9267-793586F8E4C5}.
Unable to cancel {625C19BB-7EEB-4078-94EA-75BF15727748}.
Unable to cancel {89F82724-5117-4EDE-9644-0231351AB27C}.
Unable to cancel {1CECE875-73A3-4516-B6C9-73DC2D355663}.
Unable to cancel {C6776E96-511A-4659-9240-B5D3573C90C1}.
Unable to cancel {04032296-446D-4541-A730-3FA618FF98BC}.
Unable to cancel {AD670A3D-17A6-4596-8333-7E4C54525A8D}.
Unable to cancel {9C311F36-2D61-40DF-8487-ADC7A20B76D8}.
Unable to cancel {BB7A6B56-396A-47FE-9B30-B7CD92DE3E06}.
Unable to cancel {7016B37D-15B7-4207-BAA7-83889D6B696C}.
Unable to cancel {6A6C08ED-5DB9-4A33-9DEB-E0BDDC0C7588}.
Unable to cancel {5B6E3DE1-3183-473E-A8A1-68F4FAC42791}.
Unable to cancel {2A6E0C98-78F7-4F0B-8632-54F4DF1C0540}.
Unable to cancel {15589567-6101-46E1-A97D-FAC882799D4E}.
Unable to cancel {EE01D9BD-E975-414D-B22A-00E68C5D38AA}.
{7275342F-D90C-4C19-A992-30A1BFF8A3CB} canceled.
6 out of 39 jobs canceled.

========= End of CMD: =========


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-08-15 16:05:21)<=

==> ATTENTION: System is not rebooted.
"C:\Users\Kiersten\AppData\Local\SmartWeb" => Could not move
"C:\Program Files (x86)\sushileads" => Could not move
"C:\Program Files (x86)\SearchProtect" => Could not move
"C:\Users\Kiersten\AppData\Local\SearchProtect" => Could not move
"C:\Users\CareBear17\AppData\Local\SearchProtect" => Could not move
"C:\Program Files (x86)\Windows Discount" => Could not move
"C:\Program Files (x86)\WaInterEnhancer" => Could not move
"C:\Program Files (x86)\Windows Discount" => Could not move
"C:\Program Files (x86)\sushileads" => Could not move
"C:\Program Files (x86)\WaInterEnhancer" => Could not move
"C:\Program Files (x86)\SearchProtect" => Could not move

==== End of Fixlog 16:05:44 ====
  • 0

#4
Kiersten

Kiersten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Kiersten (2015-08-15 15:54:11) Run:1
Running from C:\Users\Kiersten\Desktop
Loaded Profiles: Kiersten (Available Profiles: & Kiersten & CareBear17)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [OpenSoftwareUpdater] => C:\Program Files (x86)\OpenSoftwareUpdater\OpenSoftwareUpdater.exe [3733504 2014-04-08] (Installer Technology Co.)
HKLM-x32\...\RunOnce: [SpaceSondPro_v53.1434] => C:\Program Files (x86)\SpaceSondPro_v53.1434\SpaceSondPro_Service.exe [33480 2015-08-12] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [SushiLeadsApplication] => C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe [381440 2015-08-03] ()
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [247032 2015-08-03] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219896 2015-08-03] (Client Connect LTD)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1505448478-352576845-3373465650-1004\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1505448478-352576845-3373465650-1001\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_installertech_15_32&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0B0D0E0DyDyE0BtCyCyEtN0D0Tzu0StCtAtCyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyD0DyC0Ezz0DtB0FtGyB0CyEtDtG0FzyyDtBtGyCyB0E0EtG0B0E0CzyyC0CyD0EtBtA0FyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByD0DtC0ByCtG0FtCyDtAtGyEtAyDtAtGzzyC0C0EtGtAyC0EtCyB0Azy0E0CyB0EtA2QtN0A0LzuyE&cr=2047286878&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_installertech_15_32&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0B0D0E0DyDyE0BtCyCyEtN0D0Tzu0StCtAtCyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1R1B1E1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2SyD0DyC0Ezz0DtB0FtGyB0CyEtDtG0FzyyDtBtGyCyB0E0EtG0B0E0CzyyC0CyD0EtBtA0FyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtBtByD0DtC0ByCtG0FtCyDtAtGyEtAyDtAtGzzyC0C0EtGtAyC0EtCyB0Azy0E0CyB0EtA2QtN0A0LzuyE&cr=2047286878&ir=
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> URL hxxp://search.conduit.com/Results.aspx?ctid=CT3325283&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP2A3F2634-37E6-4F8D-912E-937AEB6007EF&q={searchTerms}&SSPV=
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\WeWatcherLSP.dll [305960 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\WeWatcherLSP64.dll [357432 2015-08-12] (WeWatcher)
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=&D=081215
FF SearchPlugin: C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\searchplugins\cassiopesa.xml [2015-08-12]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx <not found>
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3240184 2015-08-03] (Client Connect LTD)
R2 comyninu; C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\hnsq5471.tmp [161792 2015-08-08] () [File not signed]
R2 FindingDiscount; C:\Program Files (x86)\Windows Discount\FindingDiscount\FindingDiscount.exe [330240 2015-06-10] () [File not signed]
R2 hyverumu; C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\jnsi33E7.tmp [209920 2015-08-08] () [File not signed]
R2 RuntimeManager; C:\Program Files (x86)\Windows NT\Accessories\RuntimeManager\runtimemanager.exe [101888 2015-06-10] () [File not signed]
R2 SushiLeadsUpdaterService; C:\Program Files (x86)\sushileads\NpUpdaterService.exe [10240 2015-08-03] () [File not signed]
R2 WaInterEnhancer Service; C:\Program Files (x86)\WaInterEnhancer\WaInterEnhancer Internet Enhancer\InternetEnhancerService.exe [1182720 2015-08-07] () [File not signed]
R2 WeWatcherProxy; C:\Program Files (x86)\ServiceUpdater\WeWatcherProxy.exe [1741016 2015-08-06] (WeWatcher)
R2 wsasvc_1.10.0.19; C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe [299608 2015-06-15] (Word Surfer)
R2 wyhumyqu; C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\knsc1441.tmp [647680 2015-08-14] () [File not signed]
S2 consumerinput_update; no ImagePath
S3 consumerinput_updatem; no ImagePath
S2 RelevantKnowledge; no ImagePath <==== ATTENTION
R1 wsafd_1_10_0_19; C:\Windows\System32\drivers\wsafd_1_10_0_19.sys [57728 2015-06-15] (Word Surfer)
S1 netfilter64; system32\drivers\netfilter64.sys [X]
S3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]
2015-08-14 19:22 - 2015-08-14 19:22 - 00000000 ____D C:\ProgramData\FlashBeat
2015-08-14 19:12 - 2015-08-15 10:15 - 00001154 _____ C:\Users\Kiersten\Desktop\Continue Live Installation.lnk
2015-08-14 05:39 - 2015-08-14 06:38 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP3.job
2015-08-14 05:39 - 2015-08-14 06:38 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP2.job
2015-08-14 05:39 - 2015-08-14 05:59 - 00000378 _____ C:\WINDOWS\Tasks\APSnotifierPP1.job
2015-08-14 05:39 - 2015-08-14 05:39 - 00002830 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP1
2015-08-14 05:39 - 2015-08-14 05:39 - 00002828 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP3
2015-08-14 05:39 - 2015-08-14 05:39 - 00002828 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP2
2015-08-14 05:36 - 2015-08-13 21:26 - 00613255 _____ (CMI Limited) C:\Users\Kiersten\AppData\Local\nscB0F3.tmp
2015-08-13 21:26 - 2015-08-13 21:26 - 00000000 __SHD C:\Users\Kiersten\AppData\Roaming\AnyProtectEx
2015-08-13 21:23 - 2015-08-14 18:39 - 00000000 ____D C:\Users\Kiersten\AppData\Local\SmartWeb
2015-08-12 20:23 - 2015-08-12 20:23 - 00000000 ____D C:\Users\Kiersten\Documents\DailyPCClean
2015-08-12 20:22 - 2015-08-14 05:37 - 00000000 ____D C:\Program Files (x86)\DailyPcClean Support
2015-08-12 20:21 - 2015-08-13 02:58 - 00009848 _____ C:\WINDOWS\SysWOW64\WeWatcherProxyOff.ini
2015-08-12 20:21 - 2015-08-13 02:58 - 00009848 _____ C:\WINDOWS\system32\WeWatcherProxyOff.ini
2015-08-12 20:21 - 2015-08-12 20:21 - 00003252 _____ C:\WINDOWS\System32\Tasks\runTask
2015-08-12 20:21 - 2015-08-12 20:21 - 00003156 _____ C:\WINDOWS\System32\Tasks\updateTask
2015-08-12 20:21 - 2015-08-12 20:21 - 00000217 _____ C:\task.vbs
2015-08-12 20:21 - 2015-08-12 20:21 - 00000000 ____D C:\Program Files (x86)\ServiceUpdater
2015-08-12 20:21 - 2015-08-06 18:19 - 00357432 _____ (WeWatcher) C:\WINDOWS\system32\WeWatcherLSP64.dll
2015-08-12 20:21 - 2015-08-06 18:18 - 00305960 _____ (WeWatcher) C:\WINDOWS\SysWOW64\WeWatcherLSP.dll
2015-08-12 20:14 - 2015-08-13 00:19 - 00000000 ____D C:\ProgramData\sushileads
2015-08-12 20:14 - 2015-08-12 20:14 - 00003518 _____ C:\WINDOWS\System32\Tasks\SushiLeads
2015-08-12 20:14 - 2015-08-12 20:14 - 00000000 ____D C:\Program Files (x86)\sushileads
2015-08-12 19:39 - 2015-08-14 18:44 - 00000000 ____D C:\Program Files\SpaceSoundPro
2015-08-12 19:39 - 2015-08-12 20:21 - 00000000 _____ C:\END
2015-08-12 19:39 - 2015-08-12 19:44 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v53.1434
2015-08-12 19:39 - 2015-08-12 19:39 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2015-08-12 19:39 - 2015-08-12 19:39 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2015-08-12 19:29 - 2015-08-12 19:29 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\Compete
2015-08-08 12:21 - 2015-07-21 12:17 - 01084696 _____ (TMRG, Inc.) C:\WINDOWS\system32\rlls64.dll
2015-08-08 12:20 - 2015-08-08 12:20 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\Compete
2015-08-08 12:19 - 2015-08-08 12:19 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\OpenSoftwareUpdater
2015-08-08 12:19 - 2015-08-08 12:19 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\InstantSupport
2015-08-08 12:18 - 2015-08-08 12:18 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\PCAcceleratePro
2015-08-08 12:17 - 2015-08-08 12:17 - 00003488 _____ C:\WINDOWS\System32\Tasks\bvxvyxvec
2015-08-08 12:16 - 2015-08-15 09:54 - 00000354 _____ C:\WINDOWS\Tasks\OMYQNNDMU1.job
2015-08-08 12:16 - 2015-08-14 07:16 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-08-08 12:16 - 2015-08-12 19:25 - 00000000 ____D C:\Users\Kiersten\AppData\Local\SearchProtect
2015-08-08 12:16 - 2015-08-08 12:18 - 00000000 ____D C:\ProgramData\Service1291
2015-08-08 12:16 - 2015-08-08 12:17 - 00000000 ____D C:\Users\Kiersten\AppData\Local\bvxvyxvec
2015-08-08 12:16 - 2015-08-08 12:16 - 00002868 _____ C:\WINDOWS\System32\Tasks\OMYQNNDMU1
2015-08-08 12:16 - 2015-08-08 12:16 - 00000000 ____D C:\Users\CareBear17\AppData\Local\SearchProtect
2015-08-08 12:16 - 2015-08-08 12:16 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-08-08 12:15 - 2015-08-08 12:15 - 00004180 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update
2015-08-08 12:15 - 2015-08-08 12:15 - 00004170 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core
2015-08-08 12:15 - 2015-08-08 12:15 - 00000000 ____D C:\Program Files (x86)\WordSurfer_1.10.0.19
2015-08-08 12:07 - 2015-08-15 10:12 - 00000992 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job
2015-08-08 12:07 - 2015-08-15 09:54 - 00000988 _____ C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job
2015-08-08 12:07 - 2015-08-08 12:07 - 00003862 _____ C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2015-08-08 12:07 - 2015-08-08 12:07 - 00003626 _____ C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2015-08-08 12:07 - 2015-08-08 12:07 - 00001162 _____ C:\Users\Public\Desktop\OpenSoftwareUpdater.lnk
2015-08-08 12:07 - 2015-08-08 12:07 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\OpenSoftwareUpdater
2015-08-08 12:07 - 2015-08-08 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSoftwareUpdater
2015-08-08 12:07 - 2015-08-08 12:07 - 00000000 ____D C:\Program Files (x86)\OpenSoftwareUpdater
2015-08-08 12:06 - 2015-08-08 12:06 - 00000000 ____D C:\ProgramData\Windows Discount
2015-08-08 12:06 - 2015-08-08 12:06 - 00000000 ____D C:\Program Files (x86)\Windows Discount
2015-08-08 12:05 - 2015-08-14 05:37 - 00000000 ____D C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E
2015-08-08 12:05 - 2015-08-12 19:30 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2015-08-08 12:05 - 2015-08-08 12:05 - 00003256 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
2015-08-08 12:05 - 2015-08-08 12:05 - 00001090 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2015-08-08 12:05 - 2015-08-08 12:05 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-08-08 12:05 - 2015-08-08 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer
2015-08-08 12:05 - 2015-08-08 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2015-08-08 12:05 - 2015-08-08 12:05 - 00000000 ____D C:\Program Files (x86)\WaInterEnhancer
2015-08-08 12:04 - 2015-08-08 12:04 - 03719524 _____ C:\Users\CareBear17\Downloads\forge-1.8-11.14.3.1502-installer.jar
2015-08-08 12:04 - 2015-08-08 12:04 - 00000000 ____D C:\Users\Kiersten\AppData\Local\59790140
2015-08-08 12:04 - 2015-08-08 12:04 - 00000000 ____D C:\Users\Kiersten\AppData\Local\{C35BF507-E7F3-99BF-8A6B-BC57AE0340CF}
2015-08-08 12:04 - 2015-08-08 12:04 - 00000000 ____D C:\Program Files (x86)\TestXp
Task: {0AAB1B5D-C707-4706-B31E-1FA577F47CEF} - System32\Tasks\bvxvyxvec => C:\Users\Kiersten\AppData\Local\bvxvyxvec\bvxvyxvec.exe [2015-08-03] () <==== ATTENTION
Task: {0C1AD099-B7C9-459C-94B8-304166BBDFA9} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {0F23281E-688D-406A-937D-B9D31FD51139} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2015-07-31] ()
Task: {1CEFB9CD-0DFE-47CA-A74A-6B18DEF92CAB} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {2E230C96-DC86-4858-9ED7-768E6FED8C5A} - System32\Tasks\OMYQNNDMU1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {5151ED8B-07EE-45AC-8E74-7107D2752C55} - System32\Tasks\{ED9F8D0B-4A34-4DE7-8103-6CEC5E3CBBB8} => pcalua.exe -a "C:\Program Files (x86)\AnyProtectEx\uninstall.exe" <==== ATTENTION
Task: {61195080-B284-4AEA-8C83-7B536CBEEC1A} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {7375A6A9-E560-48AE-A811-DD1FBF702843} - \One System Care Run Delay -> No File <==== ATTENTION
Task: {76DB686F-AC50-43EE-8971-FEFD12BB88C6} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {7C8EA910-6B1F-4251-B74A-8AA54F8D89B3} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {7DDB85A3-5086-477B-8D93-1FD7B3CEE020} - System32\Tasks\Kaomonaenuvn => C:\ProgramData\Kaomonaenuvn\1.0.1.0\jlewroan.exe <==== ATTENTION
Task: {820F8488-4F1B-4C16-8B2E-FA99306D80AC} - System32\Tasks\runTask => %TEMP%/Updater.exe
Task: {83C4FBA0-2389-48DF-9A3F-531F055C89C8} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {84E5164E-1A4D-4834-ABE1-CD184C7B634E} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: {8675385C-87AA-4D64-AF15-2B55C8347137} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-15] (Word Surfer)
Task: {9AFB7AD6-53F0-4FD0-B40F-B5D90F731EA3} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe [2015-08-03] ()
Task: {A5F3B644-7F68-4BC4-B5F2-881E9341C414} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {AA43EE18-EC9A-4DFF-9BC3-AC656808AAD3} - \PennyBee -> No File <==== ATTENTION
Task: {AB864495-C7A3-4D17-B8B8-30C9E3C4897B} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {EDC411FF-FC17-421C-A3B3-78562294A7C0} - System32\Tasks\updateTask => c:\task.vbs [2015-08-12] ()
Task: {F8C498A3-C4A9-4ABB-A093-7C53DBA1FCA4} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {FC34BC7A-110D-41BB-B52F-C875FA80F7CB} - System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core => C:\Program Files (x86)\WordSurfer_1.10.0.19\Update\WordSurferAutoUpdateClient.exe [2015-06-15] (Word Surfer)
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\OMYQNNDMU1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WeWatcherProxy => ""="service"
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\Optimizer Pro
C:\Program Files (x86)\Windows Discount
C:\Program Files (x86)\Windows NT
C:\Program Files (x86)\sushileads
C:\Program Files (x86)\WaInterEnhancer
C:\Program Files (x86)\ServiceUpdater
C:\Program Files (x86)\WordSurfer_1.10.0.19
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\OneSystemCare
C:\Program Files (x86)\SpaceSondPro_v53.1434
C:\Program Files (x86)\OpenSoftwareUpdater
C:\Program Files (x86)\Lavasoft\
C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpaceSoundPro => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\OpenSoftwareUpdater => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\SpaceSondPro_v53.1434 => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SushiLeadsApplication => value removed successfully
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value data removed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" => Value data removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully
HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully
HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully
HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully
HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully.
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1505448478-352576845-3373465650-1004\User => moved successfully.
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1505448478-352576845-3373465650-1001\User => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000016" => key removed successfully
Firefox "newtab" removed successfully
C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\searchplugins\cassiopesa.xml => moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole" => key removed successfully
CltMngSvc => Unable to stop service.
CltMngSvc => service removed successfully
comyninu => Unable to stop service.
comyninu => service removed successfully
FindingDiscount => Unable to stop service.
FindingDiscount => service removed successfully
hyverumu => Unable to stop service.
hyverumu => service removed successfully
RuntimeManager => Unable to stop service.
RuntimeManager => service removed successfully
SushiLeadsUpdaterService => Unable to stop service.
SushiLeadsUpdaterService => service removed successfully
WaInterEnhancer Service => Unable to stop service.
WaInterEnhancer Service => service removed successfully
WeWatcherProxy => Unable to stop service.
WeWatcherProxy => service removed successfully
wsasvc_1.10.0.19 => Unable to stop service.
wsasvc_1.10.0.19 => service removed successfully
wyhumyqu => service not found.
consumerinput_update => service removed successfully
consumerinput_updatem => service removed successfully
RelevantKnowledge => service removed successfully
wsafd_1_10_0_19 => Unable to stop service.
wsafd_1_10_0_19 => service removed successfully
netfilter64 => service removed successfully
SPPD => service removed successfully
C:\ProgramData\FlashBeat => moved successfully.
C:\Users\Kiersten\Desktop\Continue Live Installation.lnk => moved successfully.
C:\WINDOWS\Tasks\APSnotifierPP3.job => moved successfully.
C:\WINDOWS\Tasks\APSnotifierPP2.job => moved successfully.
C:\WINDOWS\Tasks\APSnotifierPP1.job => moved successfully.
C:\WINDOWS\System32\Tasks\APSnotifierPP1 => moved successfully.
C:\WINDOWS\System32\Tasks\APSnotifierPP3 => moved successfully.
C:\WINDOWS\System32\Tasks\APSnotifierPP2 => moved successfully.
C:\Users\Kiersten\AppData\Local\nscB0F3.tmp => moved successfully.
C:\Users\Kiersten\AppData\Roaming\AnyProtectEx => moved successfully.

"C:\Users\Kiersten\AppData\Local\SmartWeb" folder move:

Could not move "C:\Users\Kiersten\AppData\Local\SmartWeb" => Scheduled to move on reboot.

C:\Users\Kiersten\Documents\DailyPCClean => moved successfully.
C:\Program Files (x86)\DailyPcClean Support => moved successfully.
C:\WINDOWS\SysWOW64\WeWatcherProxyOff.ini => moved successfully.
C:\WINDOWS\system32\WeWatcherProxyOff.ini => moved successfully.
C:\WINDOWS\System32\Tasks\runTask => moved successfully.
C:\WINDOWS\System32\Tasks\updateTask => moved successfully.
C:\task.vbs => moved successfully.
C:\Program Files (x86)\ServiceUpdater => moved successfully.
C:\WINDOWS\system32\WeWatcherLSP64.dll => moved successfully.
C:\WINDOWS\SysWOW64\WeWatcherLSP.dll => moved successfully.
C:\ProgramData\sushileads => moved successfully.
C:\WINDOWS\System32\Tasks\SushiLeads => moved successfully.

"C:\Program Files (x86)\sushileads" folder move:

Could not move "C:\Program Files (x86)\sushileads" => Scheduled to move on reboot.

C:\Program Files\SpaceSoundPro => moved successfully.
C:\END => moved successfully.
C:\Program Files (x86)\SpaceSondPro_v53.1434 => moved successfully.
C:\Program Files (x86)\SpaceSondPro => moved successfully.
C:\WINDOWS\SysWOW64\Number of results => moved successfully.
C:\Users\Kiersten\AppData\Roaming\Compete => moved successfully.
C:\WINDOWS\system32\rlls64.dll => moved successfully.
C:\Users\CareBear17\AppData\Roaming\Compete => moved successfully.
C:\Users\CareBear17\AppData\Roaming\OpenSoftwareUpdater => moved successfully.
C:\Users\CareBear17\AppData\Roaming\InstantSupport => moved successfully.
C:\Users\CareBear17\AppData\Roaming\PCAcceleratePro => moved successfully.
C:\WINDOWS\System32\Tasks\bvxvyxvec => moved successfully.
C:\WINDOWS\Tasks\OMYQNNDMU1.job => moved successfully.

"C:\Program Files (x86)\SearchProtect" folder move:

Could not move "C:\Program Files (x86)\SearchProtect" => Scheduled to move on reboot.


"C:\Users\Kiersten\AppData\Local\SearchProtect" folder move:

Could not move "C:\Users\Kiersten\AppData\Local\SearchProtect" => Scheduled to move on reboot.

C:\ProgramData\Service1291 => moved successfully.
C:\Users\Kiersten\AppData\Local\bvxvyxvec => moved successfully.
C:\WINDOWS\System32\Tasks\OMYQNNDMU1 => moved successfully.

"C:\Users\CareBear17\AppData\Local\SearchProtect" folder move:

Could not move "C:\Users\CareBear17\AppData\Local\SearchProtect" => Scheduled to move on reboot.

C:\ProgramData\28341ff220e0446c9fff27c4493d622e => moved successfully.
C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update => moved successfully.
C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core => moved successfully.
C:\Program Files (x86)\WordSurfer_1.10.0.19 => moved successfully.
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job => moved successfully.
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job => moved successfully.
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA => moved successfully.
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore => moved successfully.
C:\Users\Public\Desktop\OpenSoftwareUpdater.lnk => moved successfully.
C:\Users\Kiersten\AppData\Roaming\OpenSoftwareUpdater => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSoftwareUpdater => moved successfully.
C:\Program Files (x86)\OpenSoftwareUpdater => moved successfully.
C:\ProgramData\Windows Discount => moved successfully.

"C:\Program Files (x86)\Windows Discount" folder move:

Could not move "C:\Program Files (x86)\Windows Discount" => Scheduled to move on reboot.

C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E => moved successfully.
C:\Program Files (x86)\OneSystemCare => moved successfully.
C:\WINDOWS\System32\Tasks\One System Care Monitor => moved successfully.
C:\Users\Public\Desktop\Launch One System Care.lnk => moved successfully.
C:\Users\Kiersten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WaInterEnhancer => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care => moved successfully.

"C:\Program Files (x86)\WaInterEnhancer" folder move:

Could not move "C:\Program Files (x86)\WaInterEnhancer" => Scheduled to move on reboot.

C:\Users\CareBear17\Downloads\forge-1.8-11.14.3.1502-installer.jar => moved successfully.
C:\Users\Kiersten\AppData\Local\59790140 => moved successfully.
C:\Users\Kiersten\AppData\Local\{C35BF507-E7F3-99BF-8A6B-BC57AE0340CF} => moved successfully.
C:\Program Files (x86)\TestXp => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AAB1B5D-C707-4706-B31E-1FA577F47CEF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AAB1B5D-C707-4706-B31E-1FA577F47CEF}" => key removed successfully
C:\WINDOWS\System32\Tasks\bvxvyxvec not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvyxvec" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C1AD099-B7C9-459C-94B8-304166BBDFA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C1AD099-B7C9-459C-94B8-304166BBDFA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0F23281E-688D-406A-937D-B9D31FD51139}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F23281E-688D-406A-937D-B9D31FD51139}" => key removed successfully
C:\WINDOWS\System32\Tasks\One System Care Monitor not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CEFB9CD-0DFE-47CA-A74A-6B18DEF92CAB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CEFB9CD-0DFE-47CA-A74A-6B18DEF92CAB}" => key removed successfully
C:\WINDOWS\System32\Tasks\APSnotifierPP2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E230C96-DC86-4858-9ED7-768E6FED8C5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E230C96-DC86-4858-9ED7-768E6FED8C5A}" => key removed successfully
C:\WINDOWS\System32\Tasks\OMYQNNDMU1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OMYQNNDMU1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5151ED8B-07EE-45AC-8E74-7107D2752C55}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5151ED8B-07EE-45AC-8E74-7107D2752C55}" => key removed successfully
C:\WINDOWS\System32\Tasks\{ED9F8D0B-4A34-4DE7-8103-6CEC5E3CBBB8} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ED9F8D0B-4A34-4DE7-8103-6CEC5E3CBBB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61195080-B284-4AEA-8C83-7B536CBEEC1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61195080-B284-4AEA-8C83-7B536CBEEC1A}" => key removed successfully
C:\WINDOWS\System32\Tasks\LaunchSignup => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7375A6A9-E560-48AE-A811-DD1FBF702843}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7375A6A9-E560-48AE-A811-DD1FBF702843}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Run Delay" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76DB686F-AC50-43EE-8971-FEFD12BB88C6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76DB686F-AC50-43EE-8971-FEFD12BB88C6}" => key removed successfully
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineUA not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C8EA910-6B1F-4251-B74A-8AA54F8D89B3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C8EA910-6B1F-4251-B74A-8AA54F8D89B3}" => key removed successfully
C:\WINDOWS\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7DDB85A3-5086-477B-8D93-1FD7B3CEE020}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DDB85A3-5086-477B-8D93-1FD7B3CEE020}" => key removed successfully
C:\WINDOWS\System32\Tasks\Kaomonaenuvn => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Kaomonaenuvn" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{820F8488-4F1B-4C16-8B2E-FA99306D80AC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{820F8488-4F1B-4C16-8B2E-FA99306D80AC}" => key removed successfully
C:\WINDOWS\System32\Tasks\runTask not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\runTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{83C4FBA0-2389-48DF-9A3F-531F055C89C8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83C4FBA0-2389-48DF-9A3F-531F055C89C8}" => key removed successfully
C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{84E5164E-1A4D-4834-ABE1-CD184C7B634E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84E5164E-1A4D-4834-ABE1-CD184C7B634E}" => key removed successfully
C:\WINDOWS\System32\Tasks\ConsumerInputUpdateTaskMachineCore not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8675385C-87AA-4D64-AF15-2B55C8347137}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8675385C-87AA-4D64-AF15-2B55C8347137}" => key removed successfully
C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Pending Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AFB7AD6-53F0-4FD0-B40F-B5D90F731EA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AFB7AD6-53F0-4FD0-B40F-B5D90F731EA3}" => key removed successfully
C:\WINDOWS\System32\Tasks\SushiLeads not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SushiLeads" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5F3B644-7F68-4BC4-B5F2-881E9341C414}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5F3B644-7F68-4BC4-B5F2-881E9341C414}" => key removed successfully
C:\WINDOWS\System32\Tasks\APSnotifierPP1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA43EE18-EC9A-4DFF-9BC3-AC656808AAD3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA43EE18-EC9A-4DFF-9BC3-AC656808AAD3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PennyBee" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB864495-C7A3-4D17-B8B8-30C9E3C4897B} => key not found.
C:\WINDOWS\System32\Tasks\APSnotifierPP3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDC411FF-FC17-421C-A3B3-78562294A7C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDC411FF-FC17-421C-A3B3-78562294A7C0}" => key removed successfully
C:\WINDOWS\System32\Tasks\updateTask not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\updateTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8C498A3-C4A9-4ABB-A093-7C53DBA1FCA4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8C498A3-C4A9-4ABB-A093-7C53DBA1FCA4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC34BC7A-110D-41BB-B52F-C875FA80F7CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC34BC7A-110D-41BB-B52F-C875FA80F7CB}" => key removed successfully
C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Core" => key removed successfully
C:\WINDOWS\Tasks\APSnotifierPP1.job not found.
C:\WINDOWS\Tasks\APSnotifierPP2.job not found.
C:\WINDOWS\Tasks\APSnotifierPP3.job not found.
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineCore.job not found.
C:\WINDOWS\Tasks\ConsumerInputUpdateTaskMachineUA.job not found.
C:\WINDOWS\Tasks\OMYQNNDMU1.job not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WeWatcherProxy" => key removed successfully
"C:\Program Files (x86)\MyPC Backup" => File/Folder not found.
"C:\Program Files (x86)\Optimizer Pro" => File/Folder not found.

"C:\Program Files (x86)\Windows Discount" folder move:

Could not move "C:\Program Files (x86)\Windows Discount" => Scheduled to move on reboot.

C:\Program Files (x86)\Windows NT => moved successfully.

"C:\Program Files (x86)\sushileads" folder move:

Could not move "C:\Program Files (x86)\sushileads" => Scheduled to move on reboot.


"C:\Program Files (x86)\WaInterEnhancer" folder move:

Could not move "C:\Program Files (x86)\WaInterEnhancer" => Scheduled to move on reboot.

"C:\Program Files (x86)\ServiceUpdater" => File/Folder not found.
"C:\Program Files (x86)\WordSurfer_1.10.0.19" => File/Folder not found.

"C:\Program Files (x86)\SearchProtect" folder move:

Could not move "C:\Program Files (x86)\SearchProtect" => Scheduled to move on reboot.

"C:\Program Files (x86)\OneSystemCare" => File/Folder not found.
"C:\Program Files (x86)\SpaceSondPro_v53.1434" => File/Folder not found.
"C:\Program Files (x86)\OpenSoftwareUpdater" => File/Folder not found.
"C:\Program Files (x86)\Lavasoft" => File/Folder not found.
"C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E" => File/Folder not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

========= netsh advfirewall reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Subinterface, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /release =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : fd57:6348:bced:0:cd56:c92f:ef98:9f0e
Temporary IPv6 Address. . . . . . : fd57:6348:bced:0:e464:503a:4a79:6849
Link-local IPv6 Address . . . . . : fe80::cd56:c92f:ef98:9f0e%4
Default Gateway . . . . . . . . . : fe80::cad7:19ff:fea5:beb3%4

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . : columbus.rr.com
IPv6 Address. . . . . . . . . . . : fd57:6348:bced:0:cd56:c92f:ef98:9f0e
Temporary IPv6 Address. . . . . . : fd57:6348:bced:0:e464:503a:4a79:6849
Link-local IPv6 Address . . . . . : fe80::cd56:c92f:ef98:9f0e%4
IPv4 Address. . . . . . . . . . . : 192.168.1.112
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::cad7:19ff:fea5:beb3%4
192.168.1.1

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

========= End of CMD: =========


========= netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting , failed.
Access is denied.

Restart the computer to complete this action.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Subinterface, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {34787C0A-E82D-4656-8C7D-DA0B8F3F2CC8}.
Unable to cancel {C2FCF6D5-9D94-429A-B59A-FEB24B92A73F}.
Unable to cancel {064B3A71-2759-4893-A47A-DA420376DAA1}.
Unable to cancel {4DB67FF0-E5C1-487A-A1DB-7B3D8F8569A3}.
Unable to cancel {D6119A37-37B6-426F-A0F5-CBBA44A4E929}.
Unable to cancel {CA2CEAD4-C255-49BF-9FE4-D48FF5C6B032}.
Unable to cancel {696408CD-68D3-410A-A9E3-F8EC1E9B45A9}.
Unable to cancel {5D173780-AB00-48B8-A751-B598C945F50A}.
Unable to cancel {252736BE-C242-4C98-883B-9136176B1FCD}.
Unable to cancel {A4AD1335-71CB-432F-B291-11DD0C3DFFA1}.
Unable to cancel {B7A14566-1934-45C5-A110-A430D9CA0130}.
Unable to cancel {9DCFE038-3059-4A34-9184-97770CDC6BFC}.
Unable to cancel {4BD6B64E-799E-4005-9FD2-436157920E80}.
Unable to cancel {8BBE22B5-C6D6-46DD-8781-DDCA4362E7A5}.
Unable to cancel {DE092A0C-43CB-443F-9996-8B236D140D13}.
Unable to cancel {1C5C0BB9-2F30-4E0C-8A71-989728CCCC9C}.
{453C8E2E-A2B6-4509-B87B-600C2E28FEEB} canceled.
{67D5E6BB-ED0C-46B7-9B10-3E6089537DB3} canceled.
{B8DA2AF0-35FE-4C0A-AACC-7A1E352F9B3F} canceled.
{6122BEB2-562A-4B09-81CA-3B0EDD97E01E} canceled.
{3A9AA76C-E680-4B2A-917A-F0E9A70F6A29} canceled.
Unable to cancel {3C93527D-9AA2-4008-B633-774B563F7941}.
Unable to cancel {223BB204-C5A3-4EDA-8478-5011AE00A745}.
Unable to cancel {7DB489F9-D72F-453F-9267-793586F8E4C5}.
Unable to cancel {625C19BB-7EEB-4078-94EA-75BF15727748}.
Unable to cancel {89F82724-5117-4EDE-9644-0231351AB27C}.
Unable to cancel {1CECE875-73A3-4516-B6C9-73DC2D355663}.
Unable to cancel {C6776E96-511A-4659-9240-B5D3573C90C1}.
Unable to cancel {04032296-446D-4541-A730-3FA618FF98BC}.
Unable to cancel {AD670A3D-17A6-4596-8333-7E4C54525A8D}.
Unable to cancel {9C311F36-2D61-40DF-8487-ADC7A20B76D8}.
Unable to cancel {BB7A6B56-396A-47FE-9B30-B7CD92DE3E06}.
Unable to cancel {7016B37D-15B7-4207-BAA7-83889D6B696C}.
Unable to cancel {6A6C08ED-5DB9-4A33-9DEB-E0BDDC0C7588}.
Unable to cancel {5B6E3DE1-3183-473E-A8A1-68F4FAC42791}.
Unable to cancel {2A6E0C98-78F7-4F0B-8632-54F4DF1C0540}.
Unable to cancel {15589567-6101-46E1-A97D-FAC882799D4E}.
Unable to cancel {EE01D9BD-E975-414D-B22A-00E68C5D38AA}.
{7275342F-D90C-4C19-A992-30A1BFF8A3CB} canceled.
6 out of 39 jobs canceled.

========= End of CMD: =========


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-08-15 16:05:21)<=

==> ATTENTION: System is not rebooted.
"C:\Users\Kiersten\AppData\Local\SmartWeb" => Could not move
"C:\Program Files (x86)\sushileads" => Could not move
"C:\Program Files (x86)\SearchProtect" => Could not move
"C:\Users\Kiersten\AppData\Local\SearchProtect" => Could not move
"C:\Users\CareBear17\AppData\Local\SearchProtect" => Could not move
"C:\Program Files (x86)\Windows Discount" => Could not move
"C:\Program Files (x86)\WaInterEnhancer" => Could not move
"C:\Program Files (x86)\Windows Discount" => Could not move
"C:\Program Files (x86)\sushileads" => Could not move
"C:\Program Files (x86)\WaInterEnhancer" => Could not move
"C:\Program Files (x86)\SearchProtect" => Could not move

==== End of Fixlog 16:05:44 ====
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Hi could you ensure that the system is rebooted after FRST has finished please


  • 0

#6
Kiersten

Kiersten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
# AdwCleaner v5.000 - Logfile created 15/08/2015 at 16:18:42
# Updated 14/08/2015 by Xplode
# Database : 2015-08-15.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Kiersten - KIERSTEN
# Running from : C:\Users\Kiersten\Downloads\AdwCleaner(1).exe
# Option : Cleaning

***** [ Services ] *****

[-] Service Deleted : BrsHelper
[-] Service Deleted : CltMngSvc
[-] Service Deleted : consumerinput_update
[-] Service Deleted : consumerinput_updatem
[-] Service Deleted : FindingDiscount
[-] Service Deleted : globalUpdate
[-] Service Deleted : globalUpdatem
[-] Service Deleted : netfilter64
[-] Service Deleted : RelevantKnowledge
[-] Service Deleted : RuntimeManager
[-] Service Deleted : sbmntr
[-] Service Deleted : SPBIUpd
[-] Service Deleted : SPBIUpdd
[-] Service Deleted : SPPD
[-] Service Deleted : wbsvc
[-] Service Deleted : SushiLeadsUpdaterService
[-] Service Deleted : WaInterEnhancer Service
[-] Service Deleted : WeWatcherProxy
[-] Service Deleted : SPDRIVER_1.42.1.2307

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\WebBar
[-] Folder Deleted : C:\Program Files (x86)\AnyProtectEx
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\Object Browser
[-] Folder Deleted : C:\Program Files (x86)\predm
[-] Folder Deleted : C:\Program Files (x86)\Probit Software
[-] Folder Deleted : C:\Program Files (x86)\SearchProtect
[-] Folder Deleted : C:\Program Files (x86)\ShopperPro
[-] Folder Deleted : C:\Program Files (x86)\YTDownloader
[-] Folder Deleted : C:\Program Files (x86)\video download converter
[-] Folder Deleted : C:\Program Files (x86)\Windows Discount
[-] Folder Deleted : C:\Program Files (x86)\sushileads
[-] Folder Deleted : C:\Program Files (x86)\WaInterEnhancer
[-] Folder Deleted : C:\Program Files (x86)\FriendlyError
[-] Folder Deleted : C:\Program Files (x86)\FelexibleSHopper
[-] Folder Deleted : C:\Program Files (x86)\saferweb
[-] Folder Deleted : C:\Program Files (x86)\gmsd_us_005010061
[-] Folder Deleted : C:\Program Files (x86)\CinemaPlus-3.2cV15.08
[!] Folder Not Deleted : C:\Program Files (x86)\Object Browser
[-] Folder Deleted : C:\Program Files\Common Files\ShopperPro
[-] Folder Deleted : C:\ProgramData\Browser
[-] Folder Deleted : C:\ProgramData\ShopperPro
[-] Folder Deleted : C:\ProgramData\FlashBeat
[-] Folder Deleted : C:\ProgramData\InstallSightSDK
[-] Folder Deleted : C:\ProgramData\radio
[-] Folder Deleted : C:\ProgramData\sushileads
[-] Folder Deleted : C:\ProgramData\FelexibleSHopper
[-] Folder Deleted : C:\ProgramData\saferweb
[-] Folder Deleted : C:\ProgramData\3eff6cd90042a15e
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\video download converter
[-] Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
[-] Folder Deleted : C:\Users\Administrator\AppData\Local\torch
[-] Folder Deleted : C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\effnldllekmcdnhdgabpdmpccheomegl
[-] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\effnldllekmcdnhdgabpdmpccheomegl
[-] Folder Deleted : C:\Users\CareBear17\AppData\Local\Chromatic Browser
[-] Folder Deleted : C:\Users\CareBear17\AppData\Local\iac
[-] Folder Deleted : C:\Users\CareBear17\AppData\Local\Rocket
[-] Folder Deleted : C:\Users\CareBear17\AppData\Local\SearchProtect
[-] Folder Deleted : C:\Users\CareBear17\AppData\Local\torch
[-] Folder Deleted : C:\Users\CareBear17\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb
[-] Folder Deleted : C:\Users\CareBear17\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\effnldllekmcdnhdgabpdmpccheomegl
[-] Folder Deleted : C:\Users\CareBear17\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb
[-] Folder Deleted : C:\Users\CareBear17\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\effnldllekmcdnhdgabpdmpccheomegl
[-] Folder Deleted : C:\Users\CareBear17\AppData\Local\Google\Chrome\User Data\Default\Extensions\faoigfclahgbjjjaopddafnnapmeppnc
[-] Folder Deleted : C:\Users\CareBear17\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmchcpboeofpnjchpaegbibodfnpmjjc
[-] Folder Deleted : C:\Users\CareBear17\AppData\LocalLow\adawaretb
[-] Folder Deleted : C:\Users\CareBear17\AppData\LocalLow\iac
[-] Folder Deleted : C:\Users\CareBear17\AppData\Roaming\Systweak
[-] Folder Deleted : C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\adawaretb
[-] Folder Deleted : C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[!] Folder Not Deleted : C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[-] Folder Deleted : C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\Extensions\[email protected]_4z.com
[-] Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
[-] Folder Deleted : C:\Users\Guest\AppData\Local\torch
[-] Folder Deleted : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\effnldllekmcdnhdgabpdmpccheomegl
[-] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\effnldllekmcdnhdgabpdmpccheomegl
[-] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
[-] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
[-] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\effnldllekmcdnhdgabpdmpccheomegl
[-] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\effnldllekmcdnhdgabpdmpccheomegl
[-] Folder Deleted : C:\Users\Kiersten\AppData\Local\Chromatic Browser
[-] Folder Deleted : C:\Users\Kiersten\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Kiersten\AppData\Local\SearchProtect
[-] Folder Deleted : C:\Users\Kiersten\AppData\Local\torch
[-] Folder Deleted : C:\Users\Kiersten\AppData\Local\SmartWeb
[-] Folder Deleted : C:\Users\Kiersten\AppData\Local\WebBar
[-] Folder Deleted : C:\Users\Kiersten\AppData\Local\BrowserHelper
[-] Folder Deleted : C:\Users\Kiersten\AppData\Local\gmsd_us_005010061
[-] Folder Deleted : C:\Users\Kiersten\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb
[-] Folder Deleted : C:\Users\Kiersten\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\effnldllekmcdnhdgabpdmpccheomegl
[-] Folder Deleted : C:\Users\Kiersten\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb
[-] Folder Deleted : C:\Users\Kiersten\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\effnldllekmcdnhdgabpdmpccheomegl
[-] Folder Deleted : C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp
[-] Folder Deleted : C:\Users\Kiersten\AppData\LocalLow\SmartWeb
[-] Folder Deleted : C:\Users\Kiersten\AppData\Roaming\AnyProtectEx
[-] Folder Deleted : C:\Users\Kiersten\AppData\Roaming\pccustubinstaller
[-] Folder Deleted : C:\Users\Kiersten\AppData\Roaming\Probit Software
[-] Folder Deleted : C:\Users\Kiersten\AppData\Roaming\Systweak
[-] Folder Deleted : C:\Users\Kiersten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
[-] Folder Deleted : C:\Users\Kiersten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
[-] Folder Deleted : C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\adawaretb
[-] Folder Deleted : C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
[-] Folder Deleted : C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[!] Folder Not Deleted : C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[-] Folder Deleted : C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\[email protected]936311db9.com
[!] Folder Not Deleted : C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\[email protected]936311db9.com
[!] Folder Not Deleted : C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
[!] Folder Not Deleted : C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\[email protected]936311db9.com
[-] Folder Deleted : C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\[email protected]
[-] Folder Deleted : C:\Users\Public\Documents\ShopperPro
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\AnyProtectEx

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\uninstaller.exe
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Program Files\Common Files\System\SysMenu.dll
[-] File Deleted : C:\Program Files\Common Files\System\SysMenu64.dll
[-] File Deleted : C:\Users\CareBear17\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_faoigfclahgbjjjaopddafnnapmeppnc_0.localstorage
[-] File Deleted : C:\Users\CareBear17\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_faoigfclahgbjjjaopddafnnapmeppnc_0.localstorage-journal
[-] File Deleted : C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\user.js
[-] File Deleted : C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\searchplugins\cassiopesa.xml
[-] File Deleted : C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0.localstorage
[-] File Deleted : C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0.localstorage-journal
[-] File Deleted : C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0
[-] File Deleted : C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
[-] File Deleted : C:\Users\Kiersten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
[-] File Deleted : C:\Users\Kiersten\Desktop\AnyProtect.lnk
[-] File Deleted : C:\Users\Kiersten\Desktop\YTDownloader.lnk
[-] File Deleted : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
[-] File Deleted : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[-] File Deleted : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
[-] File Deleted : C:\WINDOWS\AppPatch\nbin\VC32Loader.dll

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : APSnotifierPP1
[-] Task Deleted : APSnotifierPP2
[-] Task Deleted : APSnotifierPP3
[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA
[-] Task Deleted : ShopperPro
[-] Task Deleted : ShopperProJSUpd
[-] Task Deleted : SPDriver
[-] Task Deleted : WebBarLaunchTask
[-] Task Deleted : WebBarUpdateTask
[-] Task Deleted : YTDownloader
[-] Task Deleted : YTDownloaderUpd
[-] Task Deleted : a71062c1-39ca-43f8-ae61-980e11447b43-1-6
[-] Task Deleted : a71062c1-39ca-43f8-ae61-980e11447b43-1-7
[-] Task Deleted : a71062c1-39ca-43f8-ae61-980e11447b43-4
[-] Task Deleted : a71062c1-39ca-43f8-ae61-980e11447b43-5
[-] Task Deleted : a71062c1-39ca-43f8-ae61-980e11447b43-5_user
[-] Task Deleted : a71062c1-39ca-43f8-ae61-980e11447b43-6
[-] Task Deleted : a71062c1-39ca-43f8-ae61-980e11447b43-7
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10_user
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5_user
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7
[-] Task Deleted : a71062c1-39ca-43f8-ae61-980e11447b43-1-6
[-] Task Deleted : a71062c1-39ca-43f8-ae61-980e11447b43-1-7
[-] Task Deleted : a71062c1-39ca-43f8-ae61-980e11447b43-4
[-] Task Deleted : a71062c1-39ca-43f8-ae61-980e11447b43-5
[-] Task Deleted : a71062c1-39ca-43f8-ae61-980e11447b43-5_user
[-] Task Deleted : a71062c1-39ca-43f8-ae61-980e11447b43-6
[-] Task Deleted : a71062c1-39ca-43f8-ae61-980e11447b43-7
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10_user
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5_user
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6
[-] Task Deleted : ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7
[-] Task Deleted : SPBIW_UpdateTask_Time_323830313431363031362d2d5b50342a4155456c5a236c
[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO
[-] Key Deleted : HKLM\SOFTWARE\Classes\ShopperPro.ShopperProBHO.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SPDriver]
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
[-] Value Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SPDriver]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SmartWeb]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ShopperPro.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\YTDownloader.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WeWatcherProxyLib.DataContainer
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WeWatcherProxyLib.DataContainer.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WeWatcherProxyLib.DataController
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WeWatcherProxyLib.DataController.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WeWatcherProxyLib.DataTable
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WeWatcherProxyLib.DataTable.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WeWatcherProxyLib.DataTableFields
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WeWatcherProxyLib.DataTableFields.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WeWatcherProxyLib.DataTableHolder
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WeWatcherProxyLib.DataTableHolder.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WeWatcherProxyLib.LSPLogic
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WeWatcherProxyLib.LSPLogic.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WeWatcherProxyLib.ReadOnlyManager
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WeWatcherProxyLib.ReadOnlyManager.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WeWatcherProxyLib.WatchDog
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\WeWatcherProxyLib.WatchDog.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\APPID\WeWatcherProxy.EXE
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_us_005010061]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [upgmsd_us_005010061.exe]
[-] Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\abfd5cc0-58e6-455a-82d2-43bf970a448a
[-] Key Deleted : HKLM\SOFTWARE\b350d6e4-4f94-4a47-a7a1-8387e422c24f
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F1C51A2C-95E6-4BE8-8323-4ACDA99F68B3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B9C5796-93EC-4BD1-B78B-7CA9CC41CBF4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2811C0FA-9761-43EA-9AD5-A0421A0B7F39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41CB0A85-E6F1-4870-A57C-26B9A4621E48}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48FA6A2A-A39E-4E08-A210-57D7E485F9C2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4AA35302-BF9B-4094-9CDF-BE94BF46E3C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61A32176-4B99-4D75-BFCB-5CB2B3B7E42E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{85F3ED44-E37B-46D1-8BF8-6E49D4F34EC8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF0D7E34-16EC-4682-8144-34007DD3A8C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC3AB55D-3513-40CB-8A9B-7ABEF8CA30F2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DED2C126-AACF-4F4C-B916-8A220ACCC234}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EC67C245-F357-4687-A695-B96A7DACF38D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07FD117E-BAC6-4F75-8570-B4FCE1084A67}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FB1A663-2820-468B-95C4-5060A4C5F413}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5534719D-3FBF-4B02-9EB1-460277DBE138}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F1C51A2C-95E6-4BE8-8323-4ACDA99F68B3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B9C5796-93EC-4BD1-B78B-7CA9CC41CBF4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2811C0FA-9761-43EA-9AD5-A0421A0B7F39}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41CB0A85-E6F1-4870-A57C-26B9A4621E48}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48FA6A2A-A39E-4E08-A210-57D7E485F9C2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4AA35302-BF9B-4094-9CDF-BE94BF46E3C1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{61A32176-4B99-4D75-BFCB-5CB2B3B7E42E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{85F3ED44-E37B-46D1-8BF8-6E49D4F34EC8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF0D7E34-16EC-4682-8144-34007DD3A8C7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC3AB55D-3513-40CB-8A9B-7ABEF8CA30F2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DED2C126-AACF-4F4C-B916-8A220ACCC234}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EC67C245-F357-4687-A695-B96A7DACF38D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{07FD117E-BAC6-4F75-8570-B4FCE1084A67}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
[-] Key Deleted : HKU\.DEFAULT\Software\AnyProtect
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\AnyProtect
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\Microsoft\KanarCore
[-] Key Deleted : HKCU\Software\SearchProtect
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\YTDownloader
[-] Key Deleted : HKCU\Software\WajIEnhance
[-] Key Deleted : HKCU\Software\CrossBrowser
[-] Key Deleted : HKCU\Software\Crossbrowse
[-] Key Deleted : HKCU\Software\YorkNewCin
[-] Key Deleted : HKCU\Software\HighDefAction
[-] Key Deleted : HKCU\Software\ArenaHD
[-] Key Deleted : HKCU\Software\Tny_Cassiopesa
[-] Key Deleted : HKCU\Software\One System Care
[-] Key Deleted : HKCU\Software\Probit Software
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\WaInterEnhancer
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\CinemaPlus-3.2cV15.08
[!] Key Not Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
[-] Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Key Deleted : HKLM\SOFTWARE\CompeteInc
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\NpApp
[-] Key Deleted : HKLM\SOFTWARE\Object Browser
[-] Key Deleted : HKLM\SOFTWARE\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\ShopperPro
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\YTDownloader
[-] Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
[-] Key Deleted : HKLM\SOFTWARE\SPPDCOM
[-] Key Deleted : HKLM\SOFTWARE\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : HKLM\SOFTWARE\WaInterEnhancer
[-] Key Deleted : HKLM\SOFTWARE\SpaceSondPro
[-] Key Deleted : HKLM\SOFTWARE\CinemaPlus-3.2cV15.08
[!] Key Not Deleted : HKLM\SOFTWARE\Object Browser
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F488658-35A7-2AB8-A756-560BA8F103C3}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Object Browser
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperPro
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YTDownloader
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tny_Cassiopesa
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sushileads
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WaInterEnhancer
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FriendlyError
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebWatcherInstall
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_005010061_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CinemaPlus-3.2cV15.08
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Object Browser
[!] Key Not Deleted : [x64] HKCU\Software\AnyProtect
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\InstalledBrowserExtensions
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\KanarCore
[!] Key Not Deleted : [x64] HKCU\Software\SearchProtect
[!] Key Not Deleted : [x64] HKCU\Software\systweak
[!] Key Not Deleted : [x64] HKCU\Software\Tutorials
[!] Key Not Deleted : [x64] HKCU\Software\TutoTag
[!] Key Not Deleted : [x64] HKCU\Software\YTDownloader
[!] Key Not Deleted : [x64] HKCU\Software\WajIEnhance
[!] Key Not Deleted : [x64] HKCU\Software\CrossBrowser
[!] Key Not Deleted : [x64] HKCU\Software\Crossbrowse
[!] Key Not Deleted : [x64] HKCU\Software\YorkNewCin
[!] Key Not Deleted : [x64] HKCU\Software\HighDefAction
[!] Key Not Deleted : [x64] HKCU\Software\ArenaHD
[!] Key Not Deleted : [x64] HKCU\Software\Tny_Cassiopesa
[!] Key Not Deleted : [x64] HKCU\Software\One System Care
[!] Key Not Deleted : [x64] HKCU\Software\Probit Software
[!] Key Not Deleted : [x64] HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[!] Key Not Deleted : [x64] HKCU\Software\WaInterEnhancer
[!] Key Not Deleted : [x64] HKCU\Software\DAILYPCCLEAN
[!] Key Not Deleted : [x64] HKCU\Software\CinemaPlus-3.2cV15.08
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
[-] Key Deleted : [x64] HKLM\SOFTWARE\FlashBeat
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[-] Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]

***** [ Web browsers ] *****

[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxp://www.cassiopessa.com/?f=1&a=csp_installertech_15_32&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyC0B0D0E0DyDyE0BtCyCyEtN0D0Tzu0StCtAtCyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1R[...]
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.2hyjg6.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumor[...]
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=AC8774D4-CD31-4F99-827F-954AE38E7786&n=77fc70ae&ind=2013032622&p2=^YJ^yyyyyy^YY^us&sea[...]
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.pVQm3j6SB3.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"s[...]
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.BUTTON_STRUCTURE", "[{\"b\":221584481,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221584482,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.startup.homepage.savedPrev", "true");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=FE2206FB-E775-4112-BF81-9A19A3E180D2&n=77fd0a33&p2=^HJ^xdm017^YYA^us&si=pconve[...]
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.startup.page.savedPrev", 1);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.browser.startup.page.tb", 1);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.firstKnownVersion", "5.75.3.8617");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=FE2206FB-E775-4112-BF81-9A19A3E180D2&n=77fd0a33&p2=^HJ^xdm017^YYA^us&si=pconverter");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.guardType", "HPG");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.lastGuardTime", 1804106033);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.numGuards", 1);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.user.defined", false);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013071923");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm017^YYA^us");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconverter");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "FE2206FB-E775-4112-BF81-9A19A3E180D2");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.isCompliantUninstallImplementation", true);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1417390666150");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastKnownVersion", "6.66.4.33738");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", true);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", true);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.partnerPixelFired", false);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.searchHistory", "facebook.com");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.toolbarCollapsed", false);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "45401");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=AC8774D4-CD31-4F99-827F-954AE38E7786&n=77fc70ae&p2=^YJ^yyyyyy^YY^us");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.hp.enabled", true);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.hp.lastGuardTime", -1041568812);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.hp.numGuards", 1);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.initialized", true);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.installation.contextKey", "");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.installation.installDate", "2013032622");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.installation.partnerId", "^YJ^yyyyyy^YY^us");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.installation.partnerSubId", "");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.installation.success", true);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.installation.toolbarId", "AC8774D4-CD31-4F99-827F-954AE38E7786");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.lastActivePing", "1407707704688");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.options.defaultSearch", true);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.options.homePageEnabled", true);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.options.keywordEnabled", true);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.options.tabEnabled", true);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.searchHistory", "");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._u4Members_.weather.location", "44101");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "[email protected]");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
[-] [C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\prefs.js] [Preference] Deleted : user_pref("iminent.BirthDate", "1406404761");
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.2hyjg6.scode", "(function(){try{if(window.location.href.indexOf(\"rHr7qdsHrjY4qTa9qHs9qHY8qa\")>-1){return;}}catch(e){}try{var d=[[\"search.asistents.com\",\"cryptogmail.com\",\"[...]
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.96x.scode", "(function(){try{if(window.location.href.indexOf(\"rHr7qdsHrjY4qTa9qHs9qHY8qa\")>-1){return;}}catch(e){}try{var d=[[\"search.asistents.com\",\"cryptogmail.com\",\"ban[...]
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossrider.bic", "14f32cc8851edd895d5e6e5948be7ac2");
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.Visibility", false);
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.backPageCapacity", 3);
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.backPageCounter", 0);
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.backPageDay", 11);
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.backPageLastEvent", "1407628164722");
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.backPageMinInterval", 15);
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.barcodeid", "144150");
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.countryiso", "us");
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.downloadprovider", "irssf");
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.fromautoupdate", "false");
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.installationid", "00b1a72d-681a-6ebb-3a69-4db96eb56146");
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.installdate", "11/08/2014");
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.keepAliveLastevent", "1407800954");
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.helperbar.publisher", "irssf");
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[-] [C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js] [Preference] Deleted : user_pref("iminent.BirthDate", "1406404761");
[-] [C:\Users\CareBear17\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : WSE Rocket.com
[-] [C:\Users\CareBear17\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : start.iminent.com
[-] [C:\Users\CareBear17\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.yahoo.com
[-] [C:\Users\CareBear17\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\CareBear17\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : cassiopesa.com
[-] [C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : ","id":"23","image_url":"","image_url_post_params":"","input_encodings":[],"instant_url":"","instant_url_post_params":"","keyword":"cassiopesa.com
[-] [C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=58&CUI=&UM=8&UP=&D=081215&q={searchTerms}&SSPV=
[-] [C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfoQRlU9C7SLLXcFTGdpi36xgfvdlEAb94qAApcjs1f-3w28HhtoN5Mxuq1gNWyOUft91X23uxXqdmJob6-1kI89qNX-YYyOAyhKqGUq4Ajdt3Vw1nfzNtpPtustLmou4fWqujFkwvaV6FDv9G5JdQ,,
[-] [C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfoQRlU9C7SLLXcFTGdpi36xgfvdlEAb94qAApcjs1f-3w28HhtoN5Mxuq1gNWyOUft91X23uxXqdmJob6-1kI89qNX-YYyOAyhKqGUq4Ajdt3Vw1nfzNtpPtustLmou4fWqujFkwvaV6FDv9G5JdQ,,

*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner[C1].txt - [54677 octets] - [15/08/2015 16:18:42]
C:\AdwCleaner[S1].txt - [51724 octets] - [15/08/2015 16:16:09]

########## EOF - C:\AdwCleaner[C1].txt - [54805 octets] ##########
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?
  • 0

#8
Kiersten

Kiersten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
It is way better already. An extra tool bar that has recently showed up is gone along with pop-up windows and tabs.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK a few more bits to kill and a final check before I send you on your way :)

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\[email protected]936311db9.com
C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
C:\Program Files (x86)\Object Browser
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#10
Kiersten

Kiersten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Kiersten (2015-08-15 17:07:08) Run:2
Running from C:\Users\Kiersten\Desktop
Loaded Profiles: Kiersten (Available Profiles:  & Kiersten & CareBear17)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\[email protected]936311db9.com
C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}
C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
C:\Program Files (x86)\Object Browser
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
"C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\[email protected]936311db9.com" => File/Folder not found.
"C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}" => File/Folder not found.
"C:\Users\CareBear17\AppData\Roaming\Mozilla\Firefox\Profiles\41ou9rc3.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}" => File/Folder not found.
"C:\Program Files (x86)\Object Browser" => File/Folder not found.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {34787C0A-E82D-4656-8C7D-DA0B8F3F2CC8}.
Unable to cancel {C2FCF6D5-9D94-429A-B59A-FEB24B92A73F}.
Unable to cancel {064B3A71-2759-4893-A47A-DA420376DAA1}.
Unable to cancel {4DB67FF0-E5C1-487A-A1DB-7B3D8F8569A3}.
Unable to cancel {D6119A37-37B6-426F-A0F5-CBBA44A4E929}.
Unable to cancel {CA2CEAD4-C255-49BF-9FE4-D48FF5C6B032}.
Unable to cancel {696408CD-68D3-410A-A9E3-F8EC1E9B45A9}.
Unable to cancel {5D173780-AB00-48B8-A751-B598C945F50A}.
Unable to cancel {252736BE-C242-4C98-883B-9136176B1FCD}.
Unable to cancel {A4AD1335-71CB-432F-B291-11DD0C3DFFA1}.
Unable to cancel {B7A14566-1934-45C5-A110-A430D9CA0130}.
Unable to cancel {9DCFE038-3059-4A34-9184-97770CDC6BFC}.
Unable to cancel {4BD6B64E-799E-4005-9FD2-436157920E80}.
Unable to cancel {8BBE22B5-C6D6-46DD-8781-DDCA4362E7A5}.
Unable to cancel {DE092A0C-43CB-443F-9996-8B236D140D13}.
Unable to cancel {1C5C0BB9-2F30-4E0C-8A71-989728CCCC9C}.
Unable to cancel {0CFD136B-C2EC-4186-84C4-0AF93BDECF52}.
Unable to cancel {DE44FEE5-1220-4284-A3E2-E6705A1486B1}.
Unable to cancel {C81039BA-40FF-4B5F-86E9-3ADC525081D2}.
Unable to cancel {8F205541-6156-4F59-8C34-7317FD42A806}.
Unable to cancel {80FDEB33-C174-43EF-8F5F-4C599F90A69D}.
0 out of 21 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 2 GB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 17:09:20 ====

 

 

 

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-08-15 17:29:06
-----------------------------
17:29:06.698    OS Version: Windows x64 6.2.9200
17:29:06.698    Number of processors: 4 586 0x3A09
17:29:06.699    ComputerName: KIERSTEN  UserName: Kiersten
17:29:08.829    Initialize success
17:29:08.947    VM: initialized successfully
17:29:08.949    VM: Intel CPU BiosDisabled
17:35:26.470    AVAST engine defs: 15081500
17:40:38.719    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002f
17:40:38.719    Disk 0 Vendor: HITACHI_HTS547575A9E384 JE4ZD60D Size: 715404MB BusType: 11
17:40:39.156    Disk 0 MBR read successfully
17:40:39.172    Disk 0 MBR scan
17:40:39.187    Disk 0 unknown MBR code
17:40:39.219    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
17:40:39.858    Disk 0 scanning C:\WINDOWS\system32\drivers
17:41:35.207    Service scanning
17:42:55.267    Modules scanning
17:42:55.267    Disk 0 trace - called modules:
17:42:55.314    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
17:42:55.329    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001c73e6060]
17:42:55.329    3 CLASSPNP.SYS[fffff80096a64170] -> nt!IofCallDriver -> \Device\0000002f[0xffffe001c6604060]
17:42:58.017    AVAST engine scan C:\WINDOWS
17:43:23.151    AVAST engine scan C:\WINDOWS\system32
17:49:57.146    AVAST engine scan C:\WINDOWS\system32\drivers
17:50:28.993    AVAST engine scan C:\Users\Kiersten
17:50:31.680    File: C:\Users\Kiersten\AppData\Local\7B402D49-5A27-42E7-A7F3-C880DF116F83\7B402D49-5A27-42E7-A7F3-C880DF116F83.exe  **INFECTED** Win32:Malware-gen
17:50:43.509    File: C:\Users\Kiersten\AppData\Local\Installer\Install_22237\YTDownloader.exe  **INFECTED** Win32:Adware-gen [Adw]
20:03:11.772    AVAST engine scan C:\ProgramData
20:10:32.043    Disk 0 statistics 4658277/0/0 @ 1.39 MB/s
20:10:32.058    Scan finished successfully
20:10:54.467    Disk 0 MBR has been saved successfully to "C:\Users\Kiersten\Desktop\MBR.dat"
20:10:54.482    The log file has been saved successfully to "C:\Users\Kiersten\Desktop\aswMBR.txt"

 


  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets take out the last two that Avast found.... Any further problems apparent before I tidy up ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
C:\Users\Kiersten\AppData\Local\7B402D49-5A27-42E7-A7F3-C880DF116F83
C:\Users\Kiersten\AppData\Local\Installer\Install_22237


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#12
Kiersten

Kiersten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
The only things I am noticing at this point is that I keep getting a pop-up that webpages are not responding and giving the option to recover the page. Also when I try to go to websites on Firefox it is taking me to different websites
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets take a closer look at firefox :)

Could you run a fresh FRST scan for me please
  • 0

#14
Kiersten

Kiersten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is the fixlog--will run frst scan again Fix result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01 Ran by Kiersten (2015-08-16 11:53:12) Run:3 Running from C:\Users\Kiersten\Desktop Loaded Profiles: Kiersten (Available Profiles: & Kiersten & CareBear17) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: C:\Users\Kiersten\AppData\Local\7B402D49-5A27-42E7-A7F3-C880DF116F83 C:\Users\Kiersten\AppData\Local\Installer\Install_22237 ***************** Restore point was successfully created. C:\Users\Kiersten\AppData\Local\7B402D49-5A27-42E7-A7F3-C880DF116F83 => moved successfully. C:\Users\Kiersten\AppData\Local\Installer\Install_22237 => moved successfully. ==== End of Fixlog 11:53:49 ====
  • 0

#15
Kiersten

Kiersten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by Kiersten (administrator) on KIERSTEN (16-08-2015 12:14:22)
Running from C:\Users\Kiersten\Desktop
Loaded Profiles: Kiersten (Available Profiles:  & Kiersten & CareBear17)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Cinema PlusV16.08) C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-1-6.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Cinema PlusV16.08) C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-10.exe
(Cinema PlusV15.08) C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6.exe
(Cinema PlusV15.08) C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10.exe
(Cinema PlusV16.08) C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-6.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(onepcoptimizer) C:\Program Files (x86)\OnePCOptimizer\OnePCOptimizer.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Farbar) C:\Users\Kiersten\Desktop\FRST64(1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-16] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-10-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-10-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [Lenovo EasyCamera_Monitor] => C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe [257224 2010-08-24] ()
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-03] (Lenovo)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1272704 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [GoogleChromeAutoLaunch_25A8A4F1613307037910DB1CD61EA586] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-04-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL File not found
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => "C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-10-07]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-01-24]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OnePCOptimizer.lnk [2015-08-15]
ShortcutTarget: OnePCOptimizer.lnk -> C:\Windows\Installer\{7394AE4B-5F34-4312-BA38-F6DDE78A39FF}\NewShortcut1_7B068A586C574F9D98837D1A8B7DE097.exe (Flexera Software LLC)
Startup: C:\Users\CareBear17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2013-05-11]
ShortcutTarget: IMVU.lnk -> C:\Users\Kiersten\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
Startup: C:\Users\CareBear17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-03-17]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D032015-AC44713A88D0B45FFA7F&form=CONMHP&conlogo=CT3331981
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D032015-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D032015-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> {6E1F3657-4FA0-428B-ACC9-0670D408AD84} URL =
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D032015-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-19] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: TunePro360 -> {5E04457F-D6D4-4A7E-8277-5EF1CA591CC7} -> C:\Program Files (x86)\adlevel\TunePRO360.dll [2015-06-16] (TunePro360)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-19] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-19] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-19] (Google Inc.)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{6E81E6E8-CCD9-4B50-9CC0-E32B757BD967}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{6E81E6E8-CCD9-4B50-9CC0-E32B757BD967}: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{6FA0805A-085C-4D4B-A02B-91B22C21879E}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{9F03B164-EA0D-44DB-B5C9-F56786DAD5B8}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{d56524bb-5e4e-11e4-8250-806e6f6e6963}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{E236AC00-1294-4A29-AC64-CCEDC682C7FD}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{E236AC00-1294-4A29-AC64-CCEDC682C7FD}: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D032015-AC44713A88D0B45FFA7F&form=CONMHP&conlogo=CT3331981
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-07-16] ( )
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-16] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-08-16] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3942197\npmathplugin.dll [2012-12-19] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1505448478-352576845-3373465650-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kiersten\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-02] (Unity Technologies ApS)
FF Extension: CinemaPlus-3.2cV15.08 - C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\[email protected] [2015-08-15]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\[email protected] [2015-04-26]
FF Extension: Roaming Rate - C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\{ce6c03f1-0fd5-4d72-bbdb-eaa0c0124531}.xpi [2015-03-20]
FF Extension: TunePro360 - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c} [2015-08-15]
FF HKLM-x32\...\Firefox\Extensions: [web2[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-10-07]
FF HKLM-x32\...\Firefox\Extensions: [{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c}] - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c}
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-19]
CHR Extension: (Google Wallet) - C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (CinemaPlus-3.2cV15.08) - C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-08-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-20] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953720 2012-08-17] (Broadcom Corporation.)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-16] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-16] (globalUpdate) [File not signed] <==== ATTENTION
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-06] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
S2 rexesine; C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\knso6B69.tmp [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-03-20] (Broadcom Corporation.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-31] (GFI Software)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-20] (REALiX™)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-08-15] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-03-20] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2015-03-20] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1059064 2012-08-24] (Sunplus)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 11:55 - 2015-08-16 12:07 - 00004518 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-4.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00003162 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00003162 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00002470 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-5_user.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00002470 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-5.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00001024 _____ C:\WINDOWS\Tasks\WQwv3KpmPsr.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00001022 _____ C:\WINDOWS\Tasks\PDCCKeQhID.job
2015-08-16 11:55 - 2015-08-16 11:55 - 00007522 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-4
2015-08-16 11:55 - 2015-08-16 11:55 - 00006166 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7
2015-08-16 11:55 - 2015-08-16 11:55 - 00006166 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6
2015-08-16 11:55 - 2015-08-16 11:55 - 00005474 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-5
2015-08-16 11:55 - 2015-08-16 11:55 - 00004036 _____ C:\WINDOWS\System32\Tasks\WQwv3KpmPsr
2015-08-16 11:55 - 2015-08-16 11:55 - 00004034 _____ C:\WINDOWS\System32\Tasks\PDCCKeQhID
2015-08-16 11:54 - 2015-08-16 12:07 - 00005542 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-7.job
2015-08-16 11:54 - 2015-08-16 12:07 - 00005542 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-6.job
2015-08-16 11:54 - 2015-08-16 12:07 - 00004182 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-3.job
2015-08-16 11:54 - 2015-08-16 11:54 - 00008546 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-7
2015-08-16 11:54 - 2015-08-16 11:54 - 00008546 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-6
2015-08-16 11:54 - 2015-08-16 11:54 - 00007186 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-3
2015-08-16 11:54 - 2015-08-16 11:54 - 00000000 ____D C:\Program Files (x86)\309b873d-18a3-4b8e-bb23-52109d087189
2015-08-16 11:53 - 2015-08-16 12:07 - 00002136 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-10_user.job
2015-08-16 11:53 - 2015-08-16 11:55 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV16.08
2015-08-16 01:28 - 2015-08-16 12:07 - 00001032 _____ C:\WINDOWS\Tasks\nT6b9z6fHoHYLK2.job
2015-08-16 01:28 - 2015-08-16 12:07 - 00001028 _____ C:\WINDOWS\Tasks\nT6b9z6fHoHYL.job
2015-08-16 01:28 - 2015-08-16 01:28 - 00004046 _____ C:\WINDOWS\System32\Tasks\nT6b9z6fHoHYLK2
2015-08-16 01:28 - 2015-08-16 01:28 - 00004042 _____ C:\WINDOWS\System32\Tasks\nT6b9z6fHoHYL
2015-08-15 23:27 - 2015-08-16 12:07 - 00001044 _____ C:\WINDOWS\Tasks\EnKJGdwNBHGGRlmNf8SRE.job
2015-08-15 23:27 - 2015-08-16 12:07 - 00001028 _____ C:\WINDOWS\Tasks\ve5g6cGfqjZz2.job
2015-08-15 23:27 - 2015-08-15 23:27 - 00004058 _____ C:\WINDOWS\System32\Tasks\EnKJGdwNBHGGRlmNf8SRE
2015-08-15 23:27 - 2015-08-15 23:27 - 00004040 _____ C:\WINDOWS\System32\Tasks\ve5g6cGfqjZz2
2015-08-15 20:53 - 2015-08-15 20:53 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-08-15 20:11 - 2015-08-16 12:07 - 00003162 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7.job
2015-08-15 20:11 - 2015-08-16 12:07 - 00003162 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6.job
2015-08-15 20:11 - 2015-08-16 12:07 - 00002470 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5_user.job
2015-08-15 20:11 - 2015-08-16 12:07 - 00002470 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.job
2015-08-15 20:11 - 2015-08-16 12:07 - 00001048 _____ C:\WINDOWS\Tasks\fOBTR2h8vsNdtKZcEfZRk2P.job
2015-08-15 20:11 - 2015-08-16 12:07 - 00001046 _____ C:\WINDOWS\Tasks\YCRGisIZoD9Cm6DqeoWc1A.job
2015-08-15 20:11 - 2015-08-16 01:28 - 00006166 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7
2015-08-15 20:11 - 2015-08-16 01:28 - 00006166 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6
2015-08-15 20:11 - 2015-08-16 01:28 - 00005474 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5
2015-08-15 20:11 - 2015-08-15 20:11 - 00004062 _____ C:\WINDOWS\System32\Tasks\fOBTR2h8vsNdtKZcEfZRk2P
2015-08-15 20:11 - 2015-08-15 20:11 - 00004058 _____ C:\WINDOWS\System32\Tasks\YCRGisIZoD9Cm6DqeoWc1A
2015-08-15 20:10 - 2015-08-16 12:07 - 00005542 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7.job
2015-08-15 20:10 - 2015-08-16 12:07 - 00005542 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6.job
2015-08-15 20:10 - 2015-08-16 12:07 - 00004518 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4.job
2015-08-15 20:10 - 2015-08-16 01:28 - 00007522 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4
2015-08-15 20:10 - 2015-08-16 01:27 - 00008546 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7
2015-08-15 20:10 - 2015-08-16 01:27 - 00008546 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6
2015-08-15 20:10 - 2015-08-15 20:10 - 00002153 _____ C:\Users\Kiersten\Desktop\aswMBR.txt
2015-08-15 20:10 - 2015-08-15 20:10 - 00000512 _____ C:\Users\Kiersten\Desktop\MBR.dat
2015-08-15 20:09 - 2015-08-16 12:07 - 00004182 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3.job
2015-08-15 20:09 - 2015-08-16 12:07 - 00002136 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10_user.job
2015-08-15 20:09 - 2015-08-16 12:07 - 00000994 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-08-15 20:09 - 2015-08-16 11:59 - 00000998 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-08-15 20:09 - 2015-08-16 11:54 - 00003970 _____ C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-08-15 20:09 - 2015-08-16 11:54 - 00003734 _____ C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-08-15 20:09 - 2015-08-16 01:27 - 00007186 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3
2015-08-15 20:09 - 2015-08-15 20:11 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV15.08
2015-08-15 20:09 - 2015-08-15 20:09 - 00000000 ____D C:\Users\Kiersten\AppData\Local\globalUpdate
2015-08-15 20:09 - 2015-08-15 20:09 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-15 16:18 - 2015-08-15 16:19 - 00055099 _____ C:\AdwCleaner[C1].txt
2015-08-15 16:16 - 2015-08-15 16:18 - 00000000 ____D C:\AdwCleaner
2015-08-15 16:16 - 2015-08-15 16:16 - 00051724 _____ C:\AdwCleaner[S1].txt
2015-08-15 16:14 - 2015-08-15 16:14 - 01563648 _____ C:\Users\Kiersten\Downloads\AdwCleaner(1).exe
2015-08-15 16:14 - 2015-08-15 16:14 - 00613255 _____ (CMI Limited) C:\Users\Kiersten\AppData\Local\nssF779.tmp
2015-08-15 16:12 - 2015-08-15 16:12 - 01563648 _____ C:\Users\Kiersten\Downloads\AdwCleaner.exe
2015-08-15 16:11 - 2015-08-15 16:11 - 00003252 _____ C:\WINDOWS\System32\Tasks\runTask
2015-08-15 16:11 - 2015-08-15 16:11 - 00003156 _____ C:\WINDOWS\System32\Tasks\updateTask
2015-08-15 16:11 - 2015-08-15 16:11 - 00000217 _____ C:\task.vbs
2015-08-15 16:10 - 2015-08-16 12:09 - 00000000 ____D C:\ProgramData\DataFile
2015-08-15 16:10 - 2015-08-15 16:10 - 00002631 _____ C:\Users\Public\Desktop\OnePCOptimizer.lnk
2015-08-15 16:10 - 2015-08-15 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\one pc optimizer
2015-08-15 16:10 - 2015-08-15 16:10 - 00000000 ____D C:\Program Files (x86)\OnePCOptimizer
2015-08-15 16:10 - 2015-08-15 16:10 - 00000000 ____D C:\Program Files (x86)\02c3a71d-57e0-485c-be0e-ad2830231d0f
2015-08-15 16:08 - 2015-08-15 16:09 - 00000000 ____D C:\Program Files (x86)\adlevel
2015-08-15 16:08 - 2015-08-15 16:08 - 00001154 _____ C:\Users\Kiersten\Desktop\TunePRO360.lnk
2015-08-15 16:08 - 2015-08-15 16:08 - 00000000 ____D C:\Program Files (x86)\TechVedic
2015-08-15 16:07 - 2015-08-15 16:07 - 00271872 _____ C:\WINDOWS\SysWOW64\0459cf.exe
2015-08-15 16:06 - 2015-08-15 16:06 - 00000000 ____D C:\Users\Kiersten\AppData\Local\CrashRpt
2015-08-15 14:07 - 2015-08-16 12:07 - 00001040 _____ C:\WINDOWS\Tasks\T4gXCLnUMxzjjehK499.job
2015-08-15 14:07 - 2015-08-16 12:07 - 00001018 _____ C:\WINDOWS\Tasks\teKMkB6K.job
2015-08-15 14:07 - 2015-08-15 14:07 - 00004054 _____ C:\WINDOWS\System32\Tasks\T4gXCLnUMxzjjehK499
2015-08-15 14:07 - 2015-08-15 14:07 - 00004030 _____ C:\WINDOWS\System32\Tasks\teKMkB6K
2015-08-15 12:08 - 2015-08-16 12:08 - 00001054 _____ C:\WINDOWS\Tasks\iLGQeLMFxsk54Y2v9R0Wq0VeYg.job
2015-08-15 12:08 - 2015-08-16 12:08 - 00001034 _____ C:\WINDOWS\Tasks\EdfyOM4fBIDgSFgg.job
2015-08-15 12:08 - 2015-08-15 12:08 - 00004068 _____ C:\WINDOWS\System32\Tasks\iLGQeLMFxsk54Y2v9R0Wq0VeYg
2015-08-15 12:08 - 2015-08-15 12:08 - 00004046 _____ C:\WINDOWS\System32\Tasks\EdfyOM4fBIDgSFgg
2015-08-15 12:07 - 2015-08-16 11:54 - 00000000 ____D C:\Program Files (x86)\094486eb-82bc-4e53-8cf5-92b1bd4d0ed1
2015-08-15 12:06 - 2015-08-16 12:07 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-15 10:39 - 2015-08-15 10:39 - 00613255 _____ (CMI Limited) C:\Users\Kiersten\AppData\Local\nsu7F4A.tmp
2015-08-15 10:25 - 2015-08-15 10:25 - 00004306 _____ C:\WINDOWS\System32\Tasks\7B402D49-5A27-42E7-A7F3-C880DF116F83
2015-08-15 10:16 - 2015-08-15 10:17 - 00051380 _____ C:\Users\Kiersten\Desktop\Addition.txt
2015-08-15 10:14 - 2015-08-16 12:15 - 00027217 _____ C:\Users\Kiersten\Desktop\FRST.txt
2015-08-15 10:07 - 2015-08-16 12:14 - 00000000 ____D C:\FRST
2015-08-15 10:06 - 2015-08-15 10:06 - 02173952 _____ (Farbar) C:\Users\Kiersten\Desktop\FRST64(1).exe
2015-08-15 10:05 - 2015-08-15 10:06 - 02173952 _____ (Farbar) C:\Users\Kiersten\Downloads\FRST64.exe
2015-08-14 19:24 - 2015-08-14 19:24 - 00291000 _____ C:\WINDOWS\Minidump\081415-34265-01.dmp
2015-08-14 18:50 - 2015-08-14 18:50 - 00288360 _____ C:\WINDOWS\Minidump\081415-38546-01.dmp
2015-08-14 18:28 - 2015-08-14 18:29 - 00289936 _____ C:\WINDOWS\Minidump\081415-29500-01.dmp
2015-08-13 03:22 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:22 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 02:56 - 2015-08-16 12:06 - 00003191 _____ C:\WINDOWS\setupact.log
2015-08-13 02:56 - 2015-08-15 17:17 - 00033842 _____ C:\WINDOWS\PFRO.log
2015-08-13 02:56 - 2015-08-13 02:57 - 00291000 _____ C:\WINDOWS\Minidump\081315-24968-01.dmp
2015-08-13 02:56 - 2015-08-13 02:56 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-12 21:01 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-12 21:01 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 20:55 - 2015-07-16 17:14 - 25192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-12 20:55 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-12 20:55 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-12 20:55 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-12 20:55 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-12 20:55 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-12 20:55 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-12 20:55 - 2015-07-16 16:20 - 19870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-12 20:55 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-12 20:55 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-12 20:55 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-12 20:55 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-12 20:55 - 2015-07-16 15:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-12 20:55 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-12 20:55 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-12 20:55 - 2015-07-16 15:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-12 20:55 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-12 20:55 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 20:55 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-12 20:55 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-12 20:55 - 2015-07-16 15:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-12 20:55 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-12 20:55 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-12 20:55 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 20:55 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-12 20:55 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-12 20:55 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-12 20:55 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-12 20:55 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-12 20:55 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-12 20:55 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-12 20:48 - 2015-07-13 23:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-12 20:48 - 2015-07-13 23:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-12 20:48 - 2015-07-10 13:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-12 20:48 - 2015-07-10 12:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-12 20:47 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-12 20:47 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-12 20:47 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-12 20:47 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-12 20:47 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-12 20:47 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-12 20:47 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-12 20:46 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-12 20:46 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-12 20:46 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-12 20:42 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-12 20:42 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-12 20:42 - 2015-06-09 14:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-12 20:39 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-12 20:39 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-12 20:39 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-12 20:37 - 2015-07-18 21:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-12 20:37 - 2015-07-18 14:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-12 20:37 - 2015-07-18 14:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-12 20:37 - 2015-07-18 14:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-12 20:37 - 2015-07-18 14:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-12 20:37 - 2015-07-18 14:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-12 20:37 - 2015-07-18 14:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-12 20:37 - 2015-07-18 14:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-12 20:37 - 2015-07-18 14:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-12 20:37 - 2015-07-18 14:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-12 20:37 - 2015-07-18 14:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-12 20:37 - 2015-07-18 14:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-12 20:33 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 20:33 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 20:33 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 20:33 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 20:33 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 20:33 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-12 20:33 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-12 20:33 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-12 20:33 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-12 20:29 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-12 20:29 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-12 20:28 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 20:28 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 20:28 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 20:28 - 2015-05-11 20:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-08-12 20:18 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-12 20:18 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-12 20:18 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-12 20:18 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-12 20:08 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 20:08 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 20:08 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 20:08 - 2015-07-24 14:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-12 20:08 - 2015-07-24 14:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 20:08 - 2015-07-24 14:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-12 20:08 - 2015-07-24 13:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 20:08 - 2015-07-24 13:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-08 12:05 - 2015-08-05 21:14 - 00000854 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-08 12:03 - 2015-08-08 12:23 - 00000000 ____D C:\Program Files (x86)\OSDownloader
2015-08-08 12:03 - 2015-08-08 12:03 - 00000003 _____ C:\Users\CareBear17\Desktop\2.txt
2015-08-08 12:03 - 2015-08-08 12:03 - 00000003 _____ C:\Users\CareBear17\Desktop\1.txt
2015-08-08 10:36 - 2015-08-08 12:10 - 02125197 _____ C:\Users\CareBear17\Downloads\BattleTowers-1.7.10.zip
2015-08-08 10:31 - 2015-08-08 12:06 - 01164029 _____ C:\Users\CareBear17\Downloads\GraveStone-2.11.3.jar
2015-08-08 10:30 - 2015-08-08 10:30 - 00625453 _____ C:\Users\CareBear17\Downloads\DoomlikeDungeons-1.7.5-MC1.7.10.jar
2015-08-08 10:26 - 2015-08-08 10:26 - 00117768 _____ C:\Users\CareBear17\Downloads\EasyCrafting-1.7.10-2.0.1.16.jar
2015-08-08 10:23 - 2015-08-08 10:23 - 00063764 _____ C:\Users\CareBear17\Downloads\FinderCompass-1.7.10.jar
2015-08-08 10:20 - 2015-08-08 10:20 - 00133784 _____ C:\Users\CareBear17\Downloads\xaeros_minimap_v1.4.9.2_1.7.10_Forge.jar
2015-08-07 19:27 - 2015-08-08 09:55 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-07 19:27 - 2015-08-08 09:55 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-06 16:13 - 2015-08-06 16:14 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-08-06 16:13 - 2015-08-06 16:13 - 00000984 _____ C:\Users\Public\Desktop\Minecraft.lnk
2015-08-06 16:13 - 2015-08-06 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-08-06 06:35 - 2015-08-06 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-08-06 06:34 - 2015-08-06 06:34 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2015-08-05 21:52 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-08-05 21:52 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-08-05 21:52 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-08-05 21:52 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-05 21:52 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-08-05 21:52 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-05 21:52 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-08-05 21:52 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-08-05 21:52 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-08-05 21:52 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-08-05 21:52 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-08-05 21:52 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-08-05 21:52 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-08-05 21:52 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-08-05 21:52 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-08-05 21:52 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-08-05 21:52 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-08-05 21:52 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-08-05 21:52 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-08-05 21:52 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-08-05 21:52 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-08-05 21:52 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-08-05 21:52 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-08-05 21:52 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-08-05 21:52 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-05 21:52 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-08-05 21:52 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-05 21:52 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-05 21:52 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-08-05 21:52 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-08-05 21:52 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-08-05 21:52 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-08-05 21:51 - 2015-05-11 14:17 - 01201664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-08-05 21:51 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-08-05 21:51 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-08-05 21:51 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-08-05 21:50 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-05 21:50 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-05 21:50 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-08-05 21:50 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-08-05 21:49 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-08-05 21:49 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-08-05 21:49 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-08-05 21:49 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-08-05 21:49 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-08-05 21:49 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-08-05 21:49 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-08-05 21:49 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-08-05 21:49 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-08-05 21:49 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-08-05 21:49 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-08-05 21:49 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-08-05 21:49 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-08-05 21:49 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-08-05 21:48 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-08-05 21:48 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-08-05 21:48 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-08-05 21:48 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-05 21:48 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-05 21:48 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-08-05 21:48 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-08-05 21:48 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-08-05 21:48 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-08-05 21:48 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-08-05 21:47 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-08-05 21:47 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-08-05 21:47 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-08-05 21:47 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-08-05 21:14 - 2015-08-05 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-08-05 21:14 - 2015-08-05 21:14 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 12:12 - 2014-10-27 23:52 - 01787995 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-16 12:08 - 2015-03-20 19:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-16 12:08 - 2014-10-28 00:05 - 00000000 ___RD C:\Users\Kiersten\OneDrive
2015-08-16 12:07 - 2013-01-26 11:59 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-16 12:06 - 2014-09-14 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-16 12:06 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-16 12:04 - 2015-04-26 14:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-16 12:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-16 11:58 - 2015-03-18 19:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-16 11:52 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-16 11:45 - 2014-10-28 00:14 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{631CFC46-6FD0-4139-B4FF-7409B198DDA2}
2015-08-16 01:28 - 2013-01-26 11:59 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-15 21:23 - 2014-09-08 22:55 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-15 20:12 - 2015-04-05 13:07 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-08-15 17:46 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-15 17:38 - 2013-01-26 01:11 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1505448478-352576845-3373465650-1001
2015-08-15 17:18 - 2015-03-20 20:17 - 00000000 ____D C:\ProgramData\ProductData
2015-08-15 16:21 - 2014-11-02 08:35 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-08-15 16:20 - 2014-10-27 23:18 - 00000000 ____D C:\Users\Kiersten
2015-08-15 16:19 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-15 16:10 - 2014-07-26 15:59 - 00000000 ____D C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45
2015-08-15 15:54 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-08-15 15:54 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-15 15:32 - 2015-07-09 22:27 - 923325890 _____ C:\WINDOWS\MEMORY.DMP
2015-08-15 15:32 - 2014-12-26 11:29 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-15 09:55 - 2015-03-20 20:16 - 00002208 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-08-14 18:40 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-14 18:36 - 2015-03-20 20:17 - 00003372 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Kiersten
2015-08-14 18:35 - 2014-10-27 23:18 - 00000000 ____D C:\Users\CareBear17
2015-08-14 07:17 - 2014-09-07 21:55 - 00106469 _____ C:\WINDOWS\wininit.ini
2015-08-14 06:46 - 2014-09-24 03:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-13 21:18 - 2013-01-26 01:03 - 00000000 ____D C:\Users\Kiersten\AppData\Local\Packages
2015-08-13 03:37 - 2013-08-22 10:44 - 00509824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-13 03:34 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 03:34 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 03:34 - 2013-08-22 09:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-08-13 03:33 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-13 03:33 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-13 03:23 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-13 03:22 - 2013-08-04 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 03:22 - 2013-08-04 22:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 03:22 - 2013-08-04 22:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 03:21 - 2013-07-21 01:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-13 03:17 - 2013-01-27 16:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 03:17 - 2013-01-26 10:46 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-13 03:15 - 2014-12-14 20:30 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-13 03:15 - 2014-09-24 05:50 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-13 03:14 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 03:14 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 03:14 - 2012-07-26 01:26 - 00000167 _____ C:\WINDOWS\win.ini
2015-08-13 02:39 - 2014-11-01 08:56 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D957F1F4-BC28-4951-902D-C2055D430341}
2015-08-12 21:47 - 2013-01-26 14:57 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1505448478-352576845-3373465650-1004
2015-08-12 19:58 - 2015-03-18 19:50 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-09 15:40 - 2013-11-01 22:47 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\.minecraft
2015-08-09 14:12 - 2015-02-13 11:19 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\IMVU
2015-08-08 12:04 - 2014-09-14 21:36 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-07 19:20 - 2015-04-05 13:07 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-08-07 19:20 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-08-07 19:20 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-08-07 17:41 - 2014-07-02 12:27 - 00000000 ____D C:\Users\CareBear17\AppData\Local\Screencast-O-Matic
2015-08-06 09:46 - 2014-12-26 09:36 - 00001419 _____ C:\Users\CareBear17\Desktop\ROBLOX Player.lnk
2015-08-06 09:46 - 2014-12-26 09:34 - 00001234 _____ C:\Users\CareBear17\Desktop\ROBLOX Studio.lnk
2015-08-06 09:46 - 2014-12-26 09:34 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-08-06 09:46 - 2013-01-26 15:03 - 00000000 ____D C:\Users\CareBear17\AppData\Local\Google
2015-08-06 06:35 - 2013-05-29 12:47 - 00003062 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-08-06 06:35 - 2013-05-29 12:46 - 00003060 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-08-06 06:35 - 2013-01-26 16:26 - 00003118 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-08-06 06:35 - 2013-01-26 16:26 - 00003092 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-08-06 06:35 - 2013-01-26 16:26 - 00003090 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-08-05 21:14 - 2015-03-18 19:50 - 00001961 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-08-05 21:14 - 2015-03-18 19:50 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-08-05 20:18 - 2013-08-22 11:36 - 00000000 __RSD C:\WINDOWS\Media
2015-08-05 20:18 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2015-08-05 20:18 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2015-08-05 20:18 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-08-05 20:17 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-05 20:17 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\servicing
2015-08-05 20:16 - 2015-04-03 07:45 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\ProductData
2015-08-05 20:16 - 2015-03-20 20:18 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\ProductData
2015-08-05 20:16 - 2015-03-20 20:16 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\IObit
2015-08-05 20:16 - 2014-07-02 14:16 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screencast-O-Matic
2015-08-05 20:16 - 2013-11-08 23:11 - 00000000 ____D C:\Users\Public\StarStableOnline
2015-08-05 20:14 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-05 19:25 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\registration
2015-08-02 20:10 - 2014-10-28 03:01 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-02 20:04 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-02 19:17 - 2014-11-14 21:58 - 00000000 __SHD C:\Users\Kiersten\AppData\Local\EmieBrowserModeList
2015-08-02 19:17 - 2014-10-28 00:13 - 00000000 __SHD C:\Users\Kiersten\AppData\Local\EmieUserList
2015-08-02 19:17 - 2014-10-28 00:13 - 00000000 __SHD C:\Users\Kiersten\AppData\Local\EmieSiteList
2015-07-19 18:23 - 2013-01-26 11:59 - 00003896 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-19 18:23 - 2013-01-26 11:59 - 00003660 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2015-05-12 19:22 - 2015-05-12 19:22 - 0099678 _____ () C:\Program Files (x86)\tunepro138x138.ico
2014-03-05 00:25 - 2014-03-05 00:25 - 0000476 _____ () C:\Users\Kiersten\AppData\Roaming\com.zoosk.Desktop_state.xml
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\EdfyOM4fBIDgSFgg
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\EdfyOM4fBIDgSFgg.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\EnKJGdwNBHGGRlmNf8SRE
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\EnKJGdwNBHGGRlmNf8SRE.exe
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\fOBTR2h8vsNdtKZcEfZRk2P
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\fOBTR2h8vsNdtKZcEfZRk2P.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\iLGQeLMFxsk54Y2v9R0Wq0VeYg
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\iLGQeLMFxsk54Y2v9R0Wq0VeYg.exe
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYL
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYL.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYLK2
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYLK2.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\PDCCKeQhID
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\PDCCKeQhID.exe
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\T4gXCLnUMxzjjehK499
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\T4gXCLnUMxzjjehK499.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\teKMkB6K
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\teKMkB6K.exe
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\ve5g6cGfqjZz2
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\ve5g6cGfqjZz2.exe
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\WQwv3KpmPsr
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\WQwv3KpmPsr.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\YCRGisIZoD9Cm6DqeoWc1A
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\YCRGisIZoD9Cm6DqeoWc1A.exe
2013-01-30 12:06 - 2014-10-10 23:15 - 0000173 _____ () C:\Users\Kiersten\AppData\Local\msmathematics.qat.Kiersten
2015-08-15 16:14 - 2015-08-15 16:14 - 0613255 _____ (CMI Limited) C:\Users\Kiersten\AppData\Local\nssF779.tmp
2015-08-15 10:39 - 2015-08-15 10:39 - 0613255 _____ (CMI Limited) C:\Users\Kiersten\AppData\Local\nsu7F4A.tmp
2012-10-07 04:39 - 2012-10-07 04:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-10-08 20:46 - 2015-03-21 09:40 - 0003173 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Kiersten\AppData\Local\Temp\1584.exe
C:\Users\Kiersten\AppData\Local\Temp\3531.exe
C:\Users\Kiersten\AppData\Local\Temp\4709.exe
C:\Users\Kiersten\AppData\Local\Temp\5704.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-15 17:39

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Kiersten (2015-08-16 12:16:25)
Running from C:\Users\Kiersten\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1505448478-352576845-3373465650-500 - Administrator - Disabled)
CareBear17 (S-1-5-21-1505448478-352576845-3373465650-1004 - Limited - Enabled) => C:\Users\CareBear17
Guest (S-1-5-21-1505448478-352576845-3373465650-501 - Limited - Disabled)
Kiersten (S-1-5-21-1505448478-352576845-3373465650-1001 - Administrator - Enabled) => C:\Users\Kiersten

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510nz_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.8 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.2.0 - IObit)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CinemaPlus-3.2cV15.08 (HKLM-x32\...\CinemaPlus-3.2cV15.08) (Version: 1.36.01.22 - Cinema PlusV15.08) <==== ATTENTION
CinemaPlus-3.2cV16.08 (HKLM-x32\...\CinemaPlus-3.2cV16.08) (Version: 1.36.01.22 - Cinema PlusV16.08) <==== ATTENTION
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12212.0 - Cisco Consumer Products LLC)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
EasyTether (HKLM-x32\...\{8d3ac0f3-14ee-49ab-9193-a8dbdc6fec0c}) (Version: 1.1.17 - Mobile Stream)
EasyTether (Version: 1.1.17 - Mobile Stream) Hidden
EasyTether ADB USB driver (HKLM\...\{7DD41AE3-10F5-4C46-961C-FAE786519FFF}) (Version: 1.0.0 - Mobile Stream)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
Enterprise (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version:  - SEIKO EPSON Corporation)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FindingDiscount (HKLM-x32\...\FindingDiscount) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 G510n-z 14.0 Rel. 6 (HKLM\...\{6B9B2E57-D988-4258-8A2C-6F3657A600BD}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{DD7D6D84-93AB-48CA-A759-94324E341CBA}) (Version: 2.00.0012.0723 - Lenovo)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1900 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.5.7 - Lenovo EasyCamera)
Lenovo MuteSync (HKLM-x32\...\{16D5D9E9-C8DE-4014-A09C-B9B5ABA0F7FA}) (Version: 1.0.10 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version:  - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mathematica Extras 9.0 (3942197) (HKLM\...\A-WIN-Extras 9.0.0 3942197_is1) (Version: 9.0.0 - Wolfram Research, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 en-US)) (Version: 24.5.0 - Mozilla)
Nitro Pro 7 (HKLM\...\{72D264E5-0C44-42DF-820B-621303E5C183}) (Version: 7.4.1.21 - Nitro PDF Software)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.0.9 - Lenovo)
OnePCOptimizer (HKLM-x32\...\{7394AE4B-5F34-4312-BA38-F6DDE78A39FF}) (Version: 1.0.0.0 - One PC Optimizer)
OpenSoftwareUpdater (HKLM-x32\...\OpenSoftwareUpdater) (Version:  - )
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ServiceUpdater (HKLM-x32\...\ServiceUpdater) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SpaceSoundPro Service (HKLM-x32\...\zz.1434.ssp) (Version: 1.0.0 - CSDI)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TI-83 Plus Flash Debugger (HKLM-x32\...\TI-83 Plus Flash Debugger) (Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
TunePro360 (HKLM-x32\...\TunePRO360) (Version: 0.01 - )
Unity Web Player (HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Wolfram CDF Player (M-WIN-D 9.0.0 3942419) (HKLM-x32\...\M-WIN-D 9.0.0 3942419_is1) (Version: 9.0.0 - Wolfram Research, Inc.)
WordSurfer 1.10.0.19 (HKLM-x32\...\WordSurfer_1.10.0.19) (Version: 1.10.0.19 - WordSurfer)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

13-08-2015 03:11:31 Windows Update
15-08-2015 15:54:18 Restore Point Created by FRST
15-08-2015 17:07:09 Restore Point Created by FRST
16-08-2015 11:53:18 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-08-05 21:14 - 00000854 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C84AA99-7CCC-451A-80C6-558FA6B4CDBE} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION
Task: {0CAF5098-9231-44C2-BD9D-9E73CE1937A3} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION
Task: {0CC3D984-17C1-4356-941A-D14A574162FE} - System32\Tasks\ve5g6cGfqjZz2 => C:\Users\Kiersten\AppData\Roaming\ve5g6cGfqjZz2.exe [2015-04-20] () <==== ATTENTION
Task: {0F2EA028-090E-4ECD-9850-35A00EE95AD3} - System32\Tasks\nT6b9z6fHoHYL => C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYL.exe [2015-04-20] () <==== ATTENTION
Task: {16DF8F86-86A7-4051-8D7B-C06E8664273C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {17E20163-0834-4C13-BDBC-A0A5783949B1} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-6 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-6.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {20406E07-045A-4231-9B2E-F26EFDD93FF7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-13] (Microsoft Corporation)
Task: {2BBD2779-6BEF-43A4-85E9-9B22B0872E64} - System32\Tasks\nT6b9z6fHoHYLK2 => C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYLK2.exe [2015-04-20] () <==== ATTENTION
Task: {2E0A50E2-1432-4B5A-84D5-4136A3882D93} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
Task: {326BDB2B-3C16-4A4F-8B3F-ACD8EACA30CC} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)
Task: {32817BC4-66BF-459F-B45C-FDD3AD8616CB} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-5.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {3286B120-D4CE-485C-AEE5-4DFBE40563ED} - System32\Tasks\EdfyOM4fBIDgSFgg => C:\Users\Kiersten\AppData\Roaming\EdfyOM4fBIDgSFgg.exe [2015-04-20] () <==== ATTENTION
Task: {380B84BB-F8F2-4C71-B65B-0393429F1242} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {3C9A647B-D726-47C2-928E-707D242A3676} - System32\Tasks\7B402D49-5A27-42E7-A7F3-C880DF116F83 => C:\Users\Kiersten\AppData\Local\7B402D49-5A27-42E7-A7F3-C880DF116F83\7B402D49-5A27-42E7-A7F3-C880DF116F83.exe <==== ATTENTION
Task: {3D7CEF9F-3D01-4687-A7A4-2D22A9D17A3D} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION
Task: {4169F62E-3ED7-4827-A12C-93F41EC1EB55} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-16] (globalUpdate) <==== ATTENTION
Task: {4E773E9C-4F97-4EFB-8C5E-F07FBD5C96DE} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-4 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-4.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {4F10265A-E6D9-40C3-854E-CC56E4EF6A11} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
Task: {57153552-5504-4A39-B869-361C2C873914} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {5AE75F92-C3B5-4D07-AD60-FCAF3CA63CE3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {5B288AB1-313C-4A59-92BA-E6592E8D3E44} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-5 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-5.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {5CAC4706-2C72-4A3F-A88D-B1B223DB0523} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {5D4E11FF-6143-43E8-B8A8-44A41B05AE8C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {66BD1350-62D0-4011-A248-1F276B18066C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {6D45B620-9BF8-4A9F-907F-5C4E7269193A} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION
Task: {7A357250-BC15-400E-806E-88922511B75A} - System32\Tasks\YCRGisIZoD9Cm6DqeoWc1A => C:\Users\Kiersten\AppData\Roaming\YCRGisIZoD9Cm6DqeoWc1A.exe [2015-04-20] () <==== ATTENTION
Task: {7BD84A73-1020-424B-97CE-9CDE65B8BC9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {7C0AEB60-255E-40A8-B941-BB8460204D64} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {80C5E719-FEEE-48A3-A6EF-94BA01B6A848} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
Task: {8C0B3E81-F4D7-4D4F-8BC8-1B5AD7F2CC69} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {8E87B4FA-A509-453D-9F36-DEBCB87BD3EC} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {9246DC46-2AA7-4EED-BEC2-47AC01590513} - System32\Tasks\updateTask => c:\task.vbs [2015-08-15] ()
Task: {99CF0B8F-F3CA-4D6A-858A-CA82C9D2E40E} - System32\Tasks\EnKJGdwNBHGGRlmNf8SRE => C:\Users\Kiersten\AppData\Roaming\EnKJGdwNBHGGRlmNf8SRE.exe [2015-04-20] () <==== ATTENTION
Task: {9CD7D940-C229-4207-B8D5-74C688014175} - System32\Tasks\teKMkB6K => C:\Users\Kiersten\AppData\Roaming\teKMkB6K.exe [2015-04-20] () <==== ATTENTION
Task: {A32A336F-28B7-41BA-A3C3-0FC2EBAF278D} - System32\Tasks\runTask => %TEMP%/Updater.exe
Task: {A9A7318B-4F3E-48DB-8D19-AB71D683953F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {B19B4CBE-ABAA-4CD9-890A-E0107E90E234} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {B2FB4EC0-6033-4AFF-920D-54B19AE68537} - System32\Tasks\WQwv3KpmPsr => C:\Users\Kiersten\AppData\Roaming\WQwv3KpmPsr.exe [2015-04-20] () <==== ATTENTION
Task: {BAFD7445-065F-4573-9E4E-E6538D68D9E4} - System32\Tasks\T4gXCLnUMxzjjehK499 => C:\Users\Kiersten\AppData\Roaming\T4gXCLnUMxzjjehK499.exe [2015-04-20] () <==== ATTENTION
Task: {BBFE1D45-4ADE-49B4-87C9-5E334799BB9C} - System32\Tasks\fOBTR2h8vsNdtKZcEfZRk2P => C:\Users\Kiersten\AppData\Roaming\fOBTR2h8vsNdtKZcEfZRk2P.exe [2015-04-20] () <==== ATTENTION
Task: {C1711E75-2B1B-4188-9182-79C0212E5F22} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-1-7.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {C834974A-52E6-4A4F-9BF9-2F3E7C9487B2} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {C87F3C20-B98D-4E71-92B4-6912914C7210} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-10.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {CC7CFE79-CF70-4674-A3E6-6E2A46126790} - System32\Tasks\PDCCKeQhID => C:\Users\Kiersten\AppData\Roaming\PDCCKeQhID.exe [2015-04-20] () <==== ATTENTION
Task: {CF25B38B-3D77-4344-889A-3A13010CE892} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION
Task: {CFAD7F61-F40B-40E5-B9AC-3BDAB601EFD1} - System32\Tasks\iLGQeLMFxsk54Y2v9R0Wq0VeYg => C:\Users\Kiersten\AppData\Roaming\iLGQeLMFxsk54Y2v9R0Wq0VeYg.exe [2015-04-20] () <==== ATTENTION
Task: {D2BAD76E-3A9E-4816-A926-7EDEC2001E9A} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-3 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-3.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {E27805AE-0FAF-4443-8156-E833317E3DD7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {E8E98ED9-C66B-4B46-9B59-0116A861EF5A} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-1-6.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {E979C603-755D-49B2-BC2D-CCCB3662FAEB} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-7 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-7.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {EC44560A-1013-4015-8820-528768360B8A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {F39034BB-F7FD-49FA-BD3F-41AC9D2ED566} - System32\Tasks\Uninstaller_SkipUac_Kiersten => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {F65CC83F-2FE4-43ED-A8CB-364874510AF6} - System32\Tasks\ASC8_SkipUac_Kiersten => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-04-09] (IObit)
Task: {FEE1CA23-5E89-4EFD-9669-AB244C3BF701} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-16] (globalUpdate) <==== ATTENTION
Task: {FF1AC3B4-7881-4013-8653-FA5EE995CEC2} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-3.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-4.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\EdfyOM4fBIDgSFgg.job => C:\Users\Kiersten\AppData\Roaming\EdfyOM4fBIDgSFgg.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\EnKJGdwNBHGGRlmNf8SRE.job => C:\Users\Kiersten\AppData\Roaming\EnKJGdwNBHGGRlmNf8SRE.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\fOBTR2h8vsNdtKZcEfZRk2P.job => C:\Users\Kiersten\AppData\Roaming\fOBTR2h8vsNdtKZcEfZRk2P.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\iLGQeLMFxsk54Y2v9R0Wq0VeYg.job => C:\Users\Kiersten\AppData\Roaming\iLGQeLMFxsk54Y2v9R0Wq0VeYg.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\nT6b9z6fHoHYL.job => C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYL.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\nT6b9z6fHoHYLK2.job => C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYLK2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PDCCKeQhID.job => C:\Users\Kiersten\AppData\Roaming\PDCCKeQhID.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\T4gXCLnUMxzjjehK499.job => C:\Users\Kiersten\AppData\Roaming\T4gXCLnUMxzjjehK499.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\teKMkB6K.job => C:\Users\Kiersten\AppData\Roaming\teKMkB6K.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ve5g6cGfqjZz2.job => C:\Users\Kiersten\AppData\Roaming\ve5g6cGfqjZz2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\WQwv3KpmPsr.job => C:\Users\Kiersten\AppData\Roaming\WQwv3KpmPsr.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\YCRGisIZoD9Cm6DqeoWc1A.job => C:\Users\Kiersten\AppData\Roaming\YCRGisIZoD9Cm6DqeoWc1A.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2012-08-17 13:23 - 2012-08-17 13:23 - 00044408 _____ () C:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-07-16 03:49 - 2012-07-16 03:49 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2010-08-24 10:44 - 2010-08-24 10:44 - 00257224 _____ () C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe
2015-03-20 20:16 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2015-03-20 20:17 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2014-09-07 21:01 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-07 21:01 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-07 21:01 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-07 21:01 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-07 21:01 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-20 20:16 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl
2015-03-20 20:16 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl
2015-03-20 20:16 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2015-08-15 20:10 - 2015-08-16 01:28 - 00200272 _____ () C:\Program Files (x86)\CinemaPlus-3.2cV15.08\b350d6e4-4f94-4a47-a7a1-8387e422c24f.dll
2015-08-16 11:54 - 2015-08-16 11:54 - 00175696 _____ () C:\Program Files (x86)\CinemaPlus-3.2cV16.08\3a442584-55d6-4f89-8127-76386519ddd5.dll
2015-03-20 20:16 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2015-08-12 20:44 - 2015-08-07 20:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll
2015-08-12 20:44 - 2015-08-07 20:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2015-03-20 20:17 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-03-20 20:17 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-03-20 20:17 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2012-10-07 04:20 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Kiersten\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kiersten\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img6.jpg
DNS Servers: 199.115.114.39 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8C927F82-77F8-402B-8CF9-AC105F20D017}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{F9249D40-6372-4CF6-BEDF-C13443ABE034}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{306CF4D6-33CB-46C5-BBDE-8C1982EE0FA2}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{BE268FBD-6C6D-4237-B038-E4EF14598C7C}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [{8B9E7302-FCF3-4B51-99D0-C4490B34F8BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{939EF656-3005-43E7-AB3B-C47A2BD1924A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2015 12:14:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (08/16/2015 12:14:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/16/2015 12:14:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (08/16/2015 12:14:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/16/2015 12:08:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (08/16/2015 12:08:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/16/2015 12:07:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (08/16/2015 12:07:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/16/2015 12:04:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (08/16/2015 12:04:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

System errors:
=============
Error: (08/16/2015 12:17:03 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 12:16:45 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 12:16:45 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 12:16:45 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 12:16:45 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 12:16:44 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 12:16:44 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 12:15:56 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 12:15:41 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 12:15:41 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Microsoft Office:
=========================
Error: (08/16/2015 12:14:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (08/16/2015 12:14:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/16/2015 12:14:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (08/16/2015 12:14:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/16/2015 12:08:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (08/16/2015 12:08:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/16/2015 12:07:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (08/16/2015 12:07:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/16/2015 12:04:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (08/16/2015 12:04:18 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

CodeIntegrity:
===================================
  Date: 2015-08-15 23:27:06.242
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 23:27:05.945
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 21:25:02.346
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 21:25:02.112
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 21:25:01.783
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 21:25:01.549
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 21:24:58.424
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 21:24:58.158
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 21:24:57.924
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 21:24:57.705
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 25%
Total physical RAM: 8052.91 MB
Available physical RAM: 5982.5 MB
Total Virtual: 16244.91 MB
Available Virtual: 13978.9 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:650.86 GB) (Free:565.88 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1EE3F689)

Partition: GPT.

==================== End of log ============================


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP