Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected Computer [Solved]

Started by Kiersten , Aug 15 2015 08:26 AM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 16 August 2015 - 10:40 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi Kiersten you downloaded this programme yesterday and that is the one the brings all the adware with it
2015-08-15 20:09 - 2015-08-15 20:11 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV15.08

Also the vast majority of optimiser type programmes are snake oil and some bring along some friends with them
2015-08-15 16:10 - 2015-08-15 16:10 - 00002631 _____ C:\Users\Public\Desktop\OnePCOptimizer.lnk

I will give you some security tips once you are clean but meanwhile please do not install any other programmes until you are clean

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL File not found
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => "C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OnePCOptimizer.lnk [2015-08-15]
ShortcutTarget: OnePCOptimizer.lnk -> C:\Windows\Installer\{7394AE4B-5F34-4312-BA38-F6DDE78A39FF}\NewShortcut1_7B068A586C574F9D98837D1A8B7DE097.exe (Flexera Software LLC)
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO-x32: TunePro360 -> {5E04457F-D6D4-4A7E-8277-5EF1CA591CC7} -> C:\Program Files (x86)\adlevel\TunePRO360.dll [2015-06-16] (TunePro360)
FF Extension: CinemaPlus-3.2cV15.08 - C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\[email protected] [2015-08-15]
FF Extension: Roaming Rate - C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\{ce6c03f1-0fd5-4d72-bbdb-eaa0c0124531}.xpi [2015-03-20]
FF Extension: TunePro360 - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c} [2015-08-15]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-16] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-16] (globalUpdate) [File not signed] <==== ATTENTION
S2 rexesine; C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\knso6B69.tmp [X]
2015-08-16 11:55 - 2015-08-16 12:07 - 00004518 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-4.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00003162 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00003162 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00002470 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-5_user.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00002470 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-5.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00001024 _____ C:\WINDOWS\Tasks\WQwv3KpmPsr.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00001022 _____ C:\WINDOWS\Tasks\PDCCKeQhID.job
2015-08-16 11:55 - 2015-08-16 11:55 - 00007522 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-4
2015-08-16 11:55 - 2015-08-16 11:55 - 00006166 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7
2015-08-16 11:55 - 2015-08-16 11:55 - 00006166 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6
2015-08-16 11:55 - 2015-08-16 11:55 - 00005474 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-5
2015-08-16 11:55 - 2015-08-16 11:55 - 00004036 _____ C:\WINDOWS\System32\Tasks\WQwv3KpmPsr
2015-08-16 11:55 - 2015-08-16 11:55 - 00004034 _____ C:\WINDOWS\System32\Tasks\PDCCKeQhID
2015-08-16 11:54 - 2015-08-16 12:07 - 00005542 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-7.job
2015-08-16 11:54 - 2015-08-16 12:07 - 00005542 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-6.job
2015-08-16 11:54 - 2015-08-16 12:07 - 00004182 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-3.job
2015-08-16 11:54 - 2015-08-16 11:54 - 00008546 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-7
2015-08-16 11:54 - 2015-08-16 11:54 - 00008546 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-6
2015-08-16 11:54 - 2015-08-16 11:54 - 00007186 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-3
2015-08-16 11:54 - 2015-08-16 11:54 - 00000000 ____D C:\Program Files (x86)\309b873d-18a3-4b8e-bb23-52109d087189
2015-08-16 11:53 - 2015-08-16 12:07 - 00002136 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-10_user.job
2015-08-16 11:53 - 2015-08-16 11:55 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV16.08
2015-08-16 01:28 - 2015-08-16 12:07 - 00001032 _____ C:\WINDOWS\Tasks\nT6b9z6fHoHYLK2.job
2015-08-16 01:28 - 2015-08-16 12:07 - 00001028 _____ C:\WINDOWS\Tasks\nT6b9z6fHoHYL.job
2015-08-16 01:28 - 2015-08-16 01:28 - 00004046 _____ C:\WINDOWS\System32\Tasks\nT6b9z6fHoHYLK2
2015-08-16 01:28 - 2015-08-16 01:28 - 00004042 _____ C:\WINDOWS\System32\Tasks\nT6b9z6fHoHYL
2015-08-15 23:27 - 2015-08-16 12:07 - 00001044 _____ C:\WINDOWS\Tasks\EnKJGdwNBHGGRlmNf8SRE.job
2015-08-15 23:27 - 2015-08-16 12:07 - 00001028 _____ C:\WINDOWS\Tasks\ve5g6cGfqjZz2.job
2015-08-15 23:27 - 2015-08-15 23:27 - 00004058 _____ C:\WINDOWS\System32\Tasks\EnKJGdwNBHGGRlmNf8SRE
2015-08-15 23:27 - 2015-08-15 23:27 - 00004040 _____ C:\WINDOWS\System32\Tasks\ve5g6cGfqjZz2
2015-08-15 20:11 - 2015-08-16 12:07 - 00003162 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7.job
2015-08-15 20:11 - 2015-08-16 12:07 - 00003162 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6.job
2015-08-15 20:11 - 2015-08-16 12:07 - 00002470 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5_user.job
2015-08-15 20:11 - 2015-08-16 12:07 - 00002470 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.job
2015-08-15 20:11 - 2015-08-16 12:07 - 00001048 _____ C:\WINDOWS\Tasks\fOBTR2h8vsNdtKZcEfZRk2P.job
2015-08-15 20:11 - 2015-08-16 12:07 - 00001046 _____ C:\WINDOWS\Tasks\YCRGisIZoD9Cm6DqeoWc1A.job
2015-08-15 20:11 - 2015-08-16 01:28 - 00006166 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7
2015-08-15 20:11 - 2015-08-16 01:28 - 00006166 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6
2015-08-15 20:11 - 2015-08-16 01:28 - 00005474 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5
2015-08-15 20:11 - 2015-08-15 20:11 - 00004062 _____ C:\WINDOWS\System32\Tasks\fOBTR2h8vsNdtKZcEfZRk2P
2015-08-15 20:11 - 2015-08-15 20:11 - 00004058 _____ C:\WINDOWS\System32\Tasks\YCRGisIZoD9Cm6DqeoWc1A
2015-08-15 20:10 - 2015-08-16 12:07 - 00005542 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7.job
2015-08-15 20:10 - 2015-08-16 12:07 - 00005542 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6.job
2015-08-15 20:10 - 2015-08-16 12:07 - 00004518 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4.job
2015-08-15 20:10 - 2015-08-16 01:28 - 00007522 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4
2015-08-15 20:10 - 2015-08-16 01:27 - 00008546 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7
2015-08-15 20:10 - 2015-08-16 01:27 - 00008546 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6
2015-08-15 20:10 - 2015-08-15 20:10 - 00002153 _____ C:\Users\Kiersten\Desktop\aswMBR.txt
2015-08-15 20:10 - 2015-08-15 20:10 - 00000512 _____ C:\Users\Kiersten\Desktop\MBR.dat
2015-08-15 20:09 - 2015-08-16 12:07 - 00004182 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3.job
2015-08-15 20:09 - 2015-08-16 12:07 - 00002136 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10_user.job
2015-08-15 20:09 - 2015-08-16 12:07 - 00000994 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-08-15 20:09 - 2015-08-16 11:59 - 00000998 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-08-15 20:09 - 2015-08-16 11:54 - 00003970 _____ C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-08-15 20:09 - 2015-08-16 11:54 - 00003734 _____ C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-08-15 20:09 - 2015-08-16 01:27 - 00007186 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3
2015-08-15 20:09 - 2015-08-15 20:11 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV15.08
2015-08-15 20:09 - 2015-08-15 20:09 - 00000000 ____D C:\Users\Kiersten\AppData\Local\globalUpdate
2015-08-15 20:09 - 2015-08-15 20:09 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-15 16:14 - 2015-08-15 16:14 - 00613255 _____ (CMI Limited) C:\Users\Kiersten\AppData\Local\nssF779.tmp
2015-08-15 16:11 - 2015-08-15 16:11 - 00003252 _____ C:\WINDOWS\System32\Tasks\runTask
2015-08-15 16:11 - 2015-08-15 16:11 - 00003156 _____ C:\WINDOWS\System32\Tasks\updateTask
2015-08-15 16:11 - 2015-08-15 16:11 - 00000217 _____ C:\task.vbs
2015-08-15 16:10 - 2015-08-16 12:09 - 00000000 ____D C:\ProgramData\DataFile
2015-08-15 16:10 - 2015-08-15 16:10 - 00002631 _____ C:\Users\Public\Desktop\OnePCOptimizer.lnk
2015-08-15 16:10 - 2015-08-15 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\one pc optimizer
2015-08-15 16:10 - 2015-08-15 16:10 - 00000000 ____D C:\Program Files (x86)\OnePCOptimizer
2015-08-15 16:10 - 2015-08-15 16:10 - 00000000 ____D C:\Program Files (x86)\02c3a71d-57e0-485c-be0e-ad2830231d0f
2015-08-15 16:08 - 2015-08-15 16:09 - 00000000 ____D C:\Program Files (x86)\adlevel
2015-08-15 16:08 - 2015-08-15 16:08 - 00001154 _____ C:\Users\Kiersten\Desktop\TunePRO360.lnk
2015-08-15 16:08 - 2015-08-15 16:08 - 00000000 ____D C:\Program Files (x86)\TechVedic
2015-08-15 16:07 - 2015-08-15 16:07 - 00271872 _____ C:\WINDOWS\SysWOW64\0459cf.exe
2015-08-15 16:06 - 2015-08-15 16:06 - 00000000 ____D C:\Users\Kiersten\AppData\Local\CrashRpt
2015-08-15 14:07 - 2015-08-16 12:07 - 00001040 _____ C:\WINDOWS\Tasks\T4gXCLnUMxzjjehK499.job
2015-08-15 14:07 - 2015-08-16 12:07 - 00001018 _____ C:\WINDOWS\Tasks\teKMkB6K.job
2015-08-15 14:07 - 2015-08-15 14:07 - 00004054 _____ C:\WINDOWS\System32\Tasks\T4gXCLnUMxzjjehK499
2015-08-15 14:07 - 2015-08-15 14:07 - 00004030 _____ C:\WINDOWS\System32\Tasks\teKMkB6K
2015-08-15 12:08 - 2015-08-16 12:08 - 00001054 _____ C:\WINDOWS\Tasks\iLGQeLMFxsk54Y2v9R0Wq0VeYg.job
2015-08-15 12:08 - 2015-08-16 12:08 - 00001034 _____ C:\WINDOWS\Tasks\EdfyOM4fBIDgSFgg.job
2015-08-15 12:08 - 2015-08-15 12:08 - 00004068 _____ C:\WINDOWS\System32\Tasks\iLGQeLMFxsk54Y2v9R0Wq0VeYg
2015-08-15 12:08 - 2015-08-15 12:08 - 00004046 _____ C:\WINDOWS\System32\Tasks\EdfyOM4fBIDgSFgg
2015-08-15 12:07 - 2015-08-16 11:54 - 00000000 ____D C:\Program Files (x86)\094486eb-82bc-4e53-8cf5-92b1bd4d0ed1
2015-08-15 12:06 - 2015-08-16 12:07 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-15 10:39 - 2015-08-15 10:39 - 00613255 _____ (CMI Limited) C:\Users\Kiersten\AppData\Local\nsu7F4A.tmp
2015-08-15 10:25 - 2015-08-15 10:25 - 00004306 _____ C:\WINDOWS\System32\Tasks\7B402D49-5A27-42E7-A7F3-C880DF116F83
2015-08-15 16:10 - 2014-07-26 15:59 - 00000000 ____D C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45
2015-08-02 19:17 - 2014-11-14 21:58 - 00000000 __SHD C:\Users\Kiersten\AppData\Local\EmieBrowserModeList
2015-08-02 19:17 - 2014-10-28 00:13 - 00000000 __SHD C:\Users\Kiersten\AppData\Local\EmieUserList
2015-08-02 19:17 - 2014-10-28 00:13 - 00000000 __SHD C:\Users\Kiersten\AppData\Local\EmieSiteList
2015-05-12 19:22 - 2015-05-12 19:22 - 0099678 _____ () C:\Program Files (x86)\tunepro138x138.ico
2014-03-05 00:25 - 2014-03-05 00:25 - 0000476 _____ () C:\Users\Kiersten\AppData\Roaming\com.zoosk.Desktop_state.xml
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\EdfyOM4fBIDgSFgg
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\EdfyOM4fBIDgSFgg.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\EnKJGdwNBHGGRlmNf8SRE
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\EnKJGdwNBHGGRlmNf8SRE.exe
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\fOBTR2h8vsNdtKZcEfZRk2P
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\fOBTR2h8vsNdtKZcEfZRk2P.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\iLGQeLMFxsk54Y2v9R0Wq0VeYg
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\iLGQeLMFxsk54Y2v9R0Wq0VeYg.exe
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYL
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYL.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYLK2
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYLK2.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\PDCCKeQhID
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\PDCCKeQhID.exe
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\T4gXCLnUMxzjjehK499
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\T4gXCLnUMxzjjehK499.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\teKMkB6K
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\teKMkB6K.exe
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\ve5g6cGfqjZz2
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\ve5g6cGfqjZz2.exe
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\WQwv3KpmPsr
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\WQwv3KpmPsr.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\YCRGisIZoD9Cm6DqeoWc1A
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\YCRGisIZoD9Cm6DqeoWc1A.exe
2013-01-30 12:06 - 2014-10-10 23:15 - 0000173 _____ () C:\Users\Kiersten\AppData\Local\msmathematics.qat.Kiersten
2015-08-15 16:14 - 2015-08-15 16:14 - 0613255 _____ (CMI Limited) C:\Users\Kiersten\AppData\Local\nssF779.tmp
2015-08-15 10:39 - 2015-08-15 10:39 - 0613255 _____ (CMI Limited) C:\Users\Kiersten\AppData\Local\nsu7F4A.tmp
Task: {0C84AA99-7CCC-451A-80C6-558FA6B4CDBE} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION
Task: {0CAF5098-9231-44C2-BD9D-9E73CE1937A3} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION
Task: {0CC3D984-17C1-4356-941A-D14A574162FE} - System32\Tasks\ve5g6cGfqjZz2 => C:\Users\Kiersten\AppData\Roaming\ve5g6cGfqjZz2.exe [2015-04-20] () <==== ATTENTION
Task: {0F2EA028-090E-4ECD-9850-35A00EE95AD3} - System32\Tasks\nT6b9z6fHoHYL => C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYL.exe [2015-04-20] () <==== ATTENTION
Task: {16DF8F86-86A7-4051-8D7B-C06E8664273C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {17E20163-0834-4C13-BDBC-A0A5783949B1} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-6 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-6.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {20406E07-045A-4231-9B2E-F26EFDD93FF7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-13] (Microsoft Corporation)
Task: {2BBD2779-6BEF-43A4-85E9-9B22B0872E64} - System32\Tasks\nT6b9z6fHoHYLK2 => C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYLK2.exe [2015-04-20] () <==== ATTENTION
Task: {2E0A50E2-1432-4B5A-84D5-4136A3882D93} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
Task: {326BDB2B-3C16-4A4F-8B3F-ACD8EACA30CC} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)
Task: {32817BC4-66BF-459F-B45C-FDD3AD8616CB} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-5.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {3286B120-D4CE-485C-AEE5-4DFBE40563ED} - System32\Tasks\EdfyOM4fBIDgSFgg => C:\Users\Kiersten\AppData\Roaming\EdfyOM4fBIDgSFgg.exe [2015-04-20] () <==== ATTENTION
Task: {380B84BB-F8F2-4C71-B65B-0393429F1242} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {3C9A647B-D726-47C2-928E-707D242A3676} - System32\Tasks\7B402D49-5A27-42E7-A7F3-C880DF116F83 => C:\Users\Kiersten\AppData\Local\7B402D49-5A27-42E7-A7F3-C880DF116F83\7B402D49-5A27-42E7-A7F3-C880DF116F83.exe <==== ATTENTION
Task: {3D7CEF9F-3D01-4687-A7A4-2D22A9D17A3D} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION
Task: {4169F62E-3ED7-4827-A12C-93F41EC1EB55} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-16] (globalUpdate) <==== ATTENTION
Task: {4E773E9C-4F97-4EFB-8C5E-F07FBD5C96DE} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-4 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-4.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {4F10265A-E6D9-40C3-854E-CC56E4EF6A11} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
Task: {57153552-5504-4A39-B869-361C2C873914} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {5AE75F92-C3B5-4D07-AD60-FCAF3CA63CE3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {5B288AB1-313C-4A59-92BA-E6592E8D3E44} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-5 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-5.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {5CAC4706-2C72-4A3F-A88D-B1B223DB0523} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {5D4E11FF-6143-43E8-B8A8-44A41B05AE8C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {66BD1350-62D0-4011-A248-1F276B18066C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {6D45B620-9BF8-4A9F-907F-5C4E7269193A} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION
Task: {7A357250-BC15-400E-806E-88922511B75A} - System32\Tasks\YCRGisIZoD9Cm6DqeoWc1A => C:\Users\Kiersten\AppData\Roaming\YCRGisIZoD9Cm6DqeoWc1A.exe [2015-04-20] () <==== ATTENTION
Task: {7BD84A73-1020-424B-97CE-9CDE65B8BC9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {7C0AEB60-255E-40A8-B941-BB8460204D64} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {80C5E719-FEEE-48A3-A6EF-94BA01B6A848} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
Task: {8C0B3E81-F4D7-4D4F-8BC8-1B5AD7F2CC69} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {8E87B4FA-A509-453D-9F36-DEBCB87BD3EC} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {9246DC46-2AA7-4EED-BEC2-47AC01590513} - System32\Tasks\updateTask => c:\task.vbs [2015-08-15] ()
Task: {99CF0B8F-F3CA-4D6A-858A-CA82C9D2E40E} - System32\Tasks\EnKJGdwNBHGGRlmNf8SRE => C:\Users\Kiersten\AppData\Roaming\EnKJGdwNBHGGRlmNf8SRE.exe [2015-04-20] () <==== ATTENTION
Task: {9CD7D940-C229-4207-B8D5-74C688014175} - System32\Tasks\teKMkB6K => C:\Users\Kiersten\AppData\Roaming\teKMkB6K.exe [2015-04-20] () <==== ATTENTION
Task: {A32A336F-28B7-41BA-A3C3-0FC2EBAF278D} - System32\Tasks\runTask => %TEMP%/Updater.exe
Task: {A9A7318B-4F3E-48DB-8D19-AB71D683953F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {B19B4CBE-ABAA-4CD9-890A-E0107E90E234} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {B2FB4EC0-6033-4AFF-920D-54B19AE68537} - System32\Tasks\WQwv3KpmPsr => C:\Users\Kiersten\AppData\Roaming\WQwv3KpmPsr.exe [2015-04-20] () <==== ATTENTION
Task: {BAFD7445-065F-4573-9E4E-E6538D68D9E4} - System32\Tasks\T4gXCLnUMxzjjehK499 => C:\Users\Kiersten\AppData\Roaming\T4gXCLnUMxzjjehK499.exe [2015-04-20] () <==== ATTENTION
Task: {BBFE1D45-4ADE-49B4-87C9-5E334799BB9C} - System32\Tasks\fOBTR2h8vsNdtKZcEfZRk2P => C:\Users\Kiersten\AppData\Roaming\fOBTR2h8vsNdtKZcEfZRk2P.exe [2015-04-20] () <==== ATTENTION
Task: {C1711E75-2B1B-4188-9182-79C0212E5F22} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-1-7.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {C834974A-52E6-4A4F-9BF9-2F3E7C9487B2} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {C87F3C20-B98D-4E71-92B4-6912914C7210} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-10.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {CC7CFE79-CF70-4674-A3E6-6E2A46126790} - System32\Tasks\PDCCKeQhID => C:\Users\Kiersten\AppData\Roaming\PDCCKeQhID.exe [2015-04-20] () <==== ATTENTION
Task: {CF25B38B-3D77-4344-889A-3A13010CE892} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION
Task: {CFAD7F61-F40B-40E5-B9AC-3BDAB601EFD1} - System32\Tasks\iLGQeLMFxsk54Y2v9R0Wq0VeYg => C:\Users\Kiersten\AppData\Roaming\iLGQeLMFxsk54Y2v9R0Wq0VeYg.exe [2015-04-20] () <==== ATTENTION
Task: {D2BAD76E-3A9E-4816-A926-7EDEC2001E9A} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-3 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-3.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {E27805AE-0FAF-4443-8156-E833317E3DD7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {E8E98ED9-C66B-4B46-9B59-0116A861EF5A} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-1-6.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {E979C603-755D-49B2-BC2D-CCCB3662FAEB} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-7 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-7.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {EC44560A-1013-4015-8820-528768360B8A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {F39034BB-F7FD-49FA-BD3F-41AC9D2ED566} - System32\Tasks\Uninstaller_SkipUac_Kiersten => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {F65CC83F-2FE4-43ED-A8CB-364874510AF6} - System32\Tasks\ASC8_SkipUac_Kiersten => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-04-09] (IObit)
Task: {FEE1CA23-5E89-4EFD-9669-AB244C3BF701} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-16] (globalUpdate) <==== ATTENTION
Task: {FF1AC3B4-7881-4013-8653-FA5EE995CEC2} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-3.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-4.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\EdfyOM4fBIDgSFgg.job => C:\Users\Kiersten\AppData\Roaming\EdfyOM4fBIDgSFgg.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\EnKJGdwNBHGGRlmNf8SRE.job => C:\Users\Kiersten\AppData\Roaming\EnKJGdwNBHGGRlmNf8SRE.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\fOBTR2h8vsNdtKZcEfZRk2P.job => C:\Users\Kiersten\AppData\Roaming\fOBTR2h8vsNdtKZcEfZRk2P.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\iLGQeLMFxsk54Y2v9R0Wq0VeYg.job => C:\Users\Kiersten\AppData\Roaming\iLGQeLMFxsk54Y2v9R0Wq0VeYg.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\nT6b9z6fHoHYL.job => C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYL.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\nT6b9z6fHoHYLK2.job => C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYLK2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PDCCKeQhID.job => C:\Users\Kiersten\AppData\Roaming\PDCCKeQhID.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\T4gXCLnUMxzjjehK499.job => C:\Users\Kiersten\AppData\Roaming\T4gXCLnUMxzjjehK499.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\teKMkB6K.job => C:\Users\Kiersten\AppData\Roaming\teKMkB6K.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ve5g6cGfqjZz2.job => C:\Users\Kiersten\AppData\Roaming\ve5g6cGfqjZz2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\WQwv3KpmPsr.job => C:\Users\Kiersten\AppData\Roaming\WQwv3KpmPsr.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\YCRGisIZoD9Cm6DqeoWc1A.job => C:\Users\Kiersten\AppData\Roaming\YCRGisIZoD9Cm6DqeoWc1A.exe <==== ATTENTION

C:\Program Files (x86)\adlevel
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E
C:\Program Files (x86)\OnePCOptimizer
C:\Program Files (x86)\CinemaPlus-3.2cV16.08
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fCMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:

EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
    [

  • 0

Advertisements

#17
Kiersten
Posted 16 August 2015 - 11:04 AM

Kiersten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

The problem is that the only programs that I downloaded yesterday were the ones posted in this forum. Below is my log.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by Kiersten (2015-08-16 12:56:44) Run:4
Running from C:\Users\Kiersten\Desktop
Loaded Profiles: Kiersten (Available Profiles:  & Kiersten & CareBear17)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CreateRestorePoint:
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL File not found
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => "C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OnePCOptimizer.lnk [2015-08-15]
ShortcutTarget: OnePCOptimizer.lnk -> C:\Windows\Installer\{7394AE4B-5F34-4312-BA38-F6DDE78A39FF}\NewShortcut1_7B068A586C574F9D98837D1A8B7DE097.exe (Flexera Software LLC)
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO-x32: TunePro360 -> {5E04457F-D6D4-4A7E-8277-5EF1CA591CC7} -> C:\Program Files (x86)\adlevel\TunePRO360.dll [2015-06-16] (TunePro360)
FF Extension: CinemaPlus-3.2cV15.08 - C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\[email protected] [2015-08-15]
FF Extension: Roaming Rate - C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\{ce6c03f1-0fd5-4d72-bbdb-eaa0c0124531}.xpi [2015-03-20]
FF Extension: TunePro360 - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c} [2015-08-15]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-16] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-16] (globalUpdate) [File not signed] <==== ATTENTION
S2 rexesine; C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E\knso6B69.tmp [X]
2015-08-16 11:55 - 2015-08-16 12:07 - 00004518 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-4.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00003162 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00003162 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00002470 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-5_user.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00002470 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-5.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00001024 _____ C:\WINDOWS\Tasks\WQwv3KpmPsr.job
2015-08-16 11:55 - 2015-08-16 12:07 - 00001022 _____ C:\WINDOWS\Tasks\PDCCKeQhID.job
2015-08-16 11:55 - 2015-08-16 11:55 - 00007522 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-4
2015-08-16 11:55 - 2015-08-16 11:55 - 00006166 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7
2015-08-16 11:55 - 2015-08-16 11:55 - 00006166 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6
2015-08-16 11:55 - 2015-08-16 11:55 - 00005474 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-5
2015-08-16 11:55 - 2015-08-16 11:55 - 00004036 _____ C:\WINDOWS\System32\Tasks\WQwv3KpmPsr
2015-08-16 11:55 - 2015-08-16 11:55 - 00004034 _____ C:\WINDOWS\System32\Tasks\PDCCKeQhID
2015-08-16 11:54 - 2015-08-16 12:07 - 00005542 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-7.job
2015-08-16 11:54 - 2015-08-16 12:07 - 00005542 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-6.job
2015-08-16 11:54 - 2015-08-16 12:07 - 00004182 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-3.job
2015-08-16 11:54 - 2015-08-16 11:54 - 00008546 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-7
2015-08-16 11:54 - 2015-08-16 11:54 - 00008546 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-6
2015-08-16 11:54 - 2015-08-16 11:54 - 00007186 _____ C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-3
2015-08-16 11:54 - 2015-08-16 11:54 - 00000000 ____D C:\Program Files (x86)\309b873d-18a3-4b8e-bb23-52109d087189
2015-08-16 11:53 - 2015-08-16 12:07 - 00002136 _____ C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-10_user.job
2015-08-16 11:53 - 2015-08-16 11:55 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV16.08
2015-08-16 01:28 - 2015-08-16 12:07 - 00001032 _____ C:\WINDOWS\Tasks\nT6b9z6fHoHYLK2.job
2015-08-16 01:28 - 2015-08-16 12:07 - 00001028 _____ C:\WINDOWS\Tasks\nT6b9z6fHoHYL.job
2015-08-16 01:28 - 2015-08-16 01:28 - 00004046 _____ C:\WINDOWS\System32\Tasks\nT6b9z6fHoHYLK2
2015-08-16 01:28 - 2015-08-16 01:28 - 00004042 _____ C:\WINDOWS\System32\Tasks\nT6b9z6fHoHYL
2015-08-15 23:27 - 2015-08-16 12:07 - 00001044 _____ C:\WINDOWS\Tasks\EnKJGdwNBHGGRlmNf8SRE.job
2015-08-15 23:27 - 2015-08-16 12:07 - 00001028 _____ C:\WINDOWS\Tasks\ve5g6cGfqjZz2.job
2015-08-15 23:27 - 2015-08-15 23:27 - 00004058 _____ C:\WINDOWS\System32\Tasks\EnKJGdwNBHGGRlmNf8SRE
2015-08-15 23:27 - 2015-08-15 23:27 - 00004040 _____ C:\WINDOWS\System32\Tasks\ve5g6cGfqjZz2
2015-08-15 20:11 - 2015-08-16 12:07 - 00003162 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7.job
2015-08-15 20:11 - 2015-08-16 12:07 - 00003162 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6.job
2015-08-15 20:11 - 2015-08-16 12:07 - 00002470 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5_user.job
2015-08-15 20:11 - 2015-08-16 12:07 - 00002470 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.job
2015-08-15 20:11 - 2015-08-16 12:07 - 00001048 _____ C:\WINDOWS\Tasks\fOBTR2h8vsNdtKZcEfZRk2P.job
2015-08-15 20:11 - 2015-08-16 12:07 - 00001046 _____ C:\WINDOWS\Tasks\YCRGisIZoD9Cm6DqeoWc1A.job
2015-08-15 20:11 - 2015-08-16 01:28 - 00006166 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7
2015-08-15 20:11 - 2015-08-16 01:28 - 00006166 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6
2015-08-15 20:11 - 2015-08-16 01:28 - 00005474 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5
2015-08-15 20:11 - 2015-08-15 20:11 - 00004062 _____ C:\WINDOWS\System32\Tasks\fOBTR2h8vsNdtKZcEfZRk2P
2015-08-15 20:11 - 2015-08-15 20:11 - 00004058 _____ C:\WINDOWS\System32\Tasks\YCRGisIZoD9Cm6DqeoWc1A
2015-08-15 20:10 - 2015-08-16 12:07 - 00005542 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7.job
2015-08-15 20:10 - 2015-08-16 12:07 - 00005542 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6.job
2015-08-15 20:10 - 2015-08-16 12:07 - 00004518 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4.job
2015-08-15 20:10 - 2015-08-16 01:28 - 00007522 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4
2015-08-15 20:10 - 2015-08-16 01:27 - 00008546 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7
2015-08-15 20:10 - 2015-08-16 01:27 - 00008546 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6
2015-08-15 20:10 - 2015-08-15 20:10 - 00002153 _____ C:\Users\Kiersten\Desktop\aswMBR.txt
2015-08-15 20:10 - 2015-08-15 20:10 - 00000512 _____ C:\Users\Kiersten\Desktop\MBR.dat
2015-08-15 20:09 - 2015-08-16 12:07 - 00004182 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3.job
2015-08-15 20:09 - 2015-08-16 12:07 - 00002136 _____ C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10_user.job
2015-08-15 20:09 - 2015-08-16 12:07 - 00000994 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-08-15 20:09 - 2015-08-16 11:59 - 00000998 _____ C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-08-15 20:09 - 2015-08-16 11:54 - 00003970 _____ C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-08-15 20:09 - 2015-08-16 11:54 - 00003734 _____ C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-08-15 20:09 - 2015-08-16 01:27 - 00007186 _____ C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3
2015-08-15 20:09 - 2015-08-15 20:11 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV15.08
2015-08-15 20:09 - 2015-08-15 20:09 - 00000000 ____D C:\Users\Kiersten\AppData\Local\globalUpdate
2015-08-15 20:09 - 2015-08-15 20:09 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-15 16:14 - 2015-08-15 16:14 - 00613255 _____ (CMI Limited) C:\Users\Kiersten\AppData\Local\nssF779.tmp
2015-08-15 16:11 - 2015-08-15 16:11 - 00003252 _____ C:\WINDOWS\System32\Tasks\runTask
2015-08-15 16:11 - 2015-08-15 16:11 - 00003156 _____ C:\WINDOWS\System32\Tasks\updateTask
2015-08-15 16:11 - 2015-08-15 16:11 - 00000217 _____ C:\task.vbs
2015-08-15 16:10 - 2015-08-16 12:09 - 00000000 ____D C:\ProgramData\DataFile
2015-08-15 16:10 - 2015-08-15 16:10 - 00002631 _____ C:\Users\Public\Desktop\OnePCOptimizer.lnk
2015-08-15 16:10 - 2015-08-15 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\one pc optimizer
2015-08-15 16:10 - 2015-08-15 16:10 - 00000000 ____D C:\Program Files (x86)\OnePCOptimizer
2015-08-15 16:10 - 2015-08-15 16:10 - 00000000 ____D C:\Program Files (x86)\02c3a71d-57e0-485c-be0e-ad2830231d0f
2015-08-15 16:08 - 2015-08-15 16:09 - 00000000 ____D C:\Program Files (x86)\adlevel
2015-08-15 16:08 - 2015-08-15 16:08 - 00001154 _____ C:\Users\Kiersten\Desktop\TunePRO360.lnk
2015-08-15 16:08 - 2015-08-15 16:08 - 00000000 ____D C:\Program Files (x86)\TechVedic
2015-08-15 16:07 - 2015-08-15 16:07 - 00271872 _____ C:\WINDOWS\SysWOW64\0459cf.exe
2015-08-15 16:06 - 2015-08-15 16:06 - 00000000 ____D C:\Users\Kiersten\AppData\Local\CrashRpt
2015-08-15 14:07 - 2015-08-16 12:07 - 00001040 _____ C:\WINDOWS\Tasks\T4gXCLnUMxzjjehK499.job
2015-08-15 14:07 - 2015-08-16 12:07 - 00001018 _____ C:\WINDOWS\Tasks\teKMkB6K.job
2015-08-15 14:07 - 2015-08-15 14:07 - 00004054 _____ C:\WINDOWS\System32\Tasks\T4gXCLnUMxzjjehK499
2015-08-15 14:07 - 2015-08-15 14:07 - 00004030 _____ C:\WINDOWS\System32\Tasks\teKMkB6K
2015-08-15 12:08 - 2015-08-16 12:08 - 00001054 _____ C:\WINDOWS\Tasks\iLGQeLMFxsk54Y2v9R0Wq0VeYg.job
2015-08-15 12:08 - 2015-08-16 12:08 - 00001034 _____ C:\WINDOWS\Tasks\EdfyOM4fBIDgSFgg.job
2015-08-15 12:08 - 2015-08-15 12:08 - 00004068 _____ C:\WINDOWS\System32\Tasks\iLGQeLMFxsk54Y2v9R0Wq0VeYg
2015-08-15 12:08 - 2015-08-15 12:08 - 00004046 _____ C:\WINDOWS\System32\Tasks\EdfyOM4fBIDgSFgg
2015-08-15 12:07 - 2015-08-16 11:54 - 00000000 ____D C:\Program Files (x86)\094486eb-82bc-4e53-8cf5-92b1bd4d0ed1
2015-08-15 12:06 - 2015-08-16 12:07 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-15 10:39 - 2015-08-15 10:39 - 00613255 _____ (CMI Limited) C:\Users\Kiersten\AppData\Local\nsu7F4A.tmp
2015-08-15 10:25 - 2015-08-15 10:25 - 00004306 _____ C:\WINDOWS\System32\Tasks\7B402D49-5A27-42E7-A7F3-C880DF116F83
2015-08-15 16:10 - 2014-07-26 15:59 - 00000000 ____D C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45
2015-08-02 19:17 - 2014-11-14 21:58 - 00000000 __SHD C:\Users\Kiersten\AppData\Local\EmieBrowserModeList
2015-08-02 19:17 - 2014-10-28 00:13 - 00000000 __SHD C:\Users\Kiersten\AppData\Local\EmieUserList
2015-08-02 19:17 - 2014-10-28 00:13 - 00000000 __SHD C:\Users\Kiersten\AppData\Local\EmieSiteList
2015-05-12 19:22 - 2015-05-12 19:22 - 0099678 _____ () C:\Program Files (x86)\tunepro138x138.ico
2014-03-05 00:25 - 2014-03-05 00:25 - 0000476 _____ () C:\Users\Kiersten\AppData\Roaming\com.zoosk.Desktop_state.xml
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\EdfyOM4fBIDgSFgg
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\EdfyOM4fBIDgSFgg.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\EnKJGdwNBHGGRlmNf8SRE
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\EnKJGdwNBHGGRlmNf8SRE.exe
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\fOBTR2h8vsNdtKZcEfZRk2P
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\fOBTR2h8vsNdtKZcEfZRk2P.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\iLGQeLMFxsk54Y2v9R0Wq0VeYg
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\iLGQeLMFxsk54Y2v9R0Wq0VeYg.exe
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYL
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYL.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYLK2
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYLK2.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\PDCCKeQhID
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\PDCCKeQhID.exe
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\T4gXCLnUMxzjjehK499
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\T4gXCLnUMxzjjehK499.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\teKMkB6K
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\teKMkB6K.exe
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\ve5g6cGfqjZz2
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\ve5g6cGfqjZz2.exe
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Kiersten\AppData\Roaming\WQwv3KpmPsr
2015-04-20 10:05 - 2015-04-20 10:05 - 1246720 _____ () C:\Users\Kiersten\AppData\Roaming\WQwv3KpmPsr.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Kiersten\AppData\Roaming\YCRGisIZoD9Cm6DqeoWc1A
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Kiersten\AppData\Roaming\YCRGisIZoD9Cm6DqeoWc1A.exe
2013-01-30 12:06 - 2014-10-10 23:15 - 0000173 _____ () C:\Users\Kiersten\AppData\Local\msmathematics.qat.Kiersten
2015-08-15 16:14 - 2015-08-15 16:14 - 0613255 _____ (CMI Limited) C:\Users\Kiersten\AppData\Local\nssF779.tmp
2015-08-15 10:39 - 2015-08-15 10:39 - 0613255 _____ (CMI Limited) C:\Users\Kiersten\AppData\Local\nsu7F4A.tmp
Task: {0C84AA99-7CCC-451A-80C6-558FA6B4CDBE} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION
Task: {0CAF5098-9231-44C2-BD9D-9E73CE1937A3} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION
Task: {0CC3D984-17C1-4356-941A-D14A574162FE} - System32\Tasks\ve5g6cGfqjZz2 => C:\Users\Kiersten\AppData\Roaming\ve5g6cGfqjZz2.exe [2015-04-20] () <==== ATTENTION
Task: {0F2EA028-090E-4ECD-9850-35A00EE95AD3} - System32\Tasks\nT6b9z6fHoHYL => C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYL.exe [2015-04-20] () <==== ATTENTION
Task: {16DF8F86-86A7-4051-8D7B-C06E8664273C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {17E20163-0834-4C13-BDBC-A0A5783949B1} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-6 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-6.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {20406E07-045A-4231-9B2E-F26EFDD93FF7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-13] (Microsoft Corporation)
Task: {2BBD2779-6BEF-43A4-85E9-9B22B0872E64} - System32\Tasks\nT6b9z6fHoHYLK2 => C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYLK2.exe [2015-04-20] () <==== ATTENTION
Task: {2E0A50E2-1432-4B5A-84D5-4136A3882D93} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
Task: {326BDB2B-3C16-4A4F-8B3F-ACD8EACA30CC} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-04-09] (IObit)
Task: {32817BC4-66BF-459F-B45C-FDD3AD8616CB} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-5.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {3286B120-D4CE-485C-AEE5-4DFBE40563ED} - System32\Tasks\EdfyOM4fBIDgSFgg => C:\Users\Kiersten\AppData\Roaming\EdfyOM4fBIDgSFgg.exe [2015-04-20] () <==== ATTENTION
Task: {380B84BB-F8F2-4C71-B65B-0393429F1242} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {3C9A647B-D726-47C2-928E-707D242A3676} - System32\Tasks\7B402D49-5A27-42E7-A7F3-C880DF116F83 => C:\Users\Kiersten\AppData\Local\7B402D49-5A27-42E7-A7F3-C880DF116F83\7B402D49-5A27-42E7-A7F3-C880DF116F83.exe <==== ATTENTION
Task: {3D7CEF9F-3D01-4687-A7A4-2D22A9D17A3D} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION
Task: {4169F62E-3ED7-4827-A12C-93F41EC1EB55} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-16] (globalUpdate) <==== ATTENTION
Task: {4E773E9C-4F97-4EFB-8C5E-F07FBD5C96DE} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-4 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-4.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {4F10265A-E6D9-40C3-854E-CC56E4EF6A11} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
Task: {57153552-5504-4A39-B869-361C2C873914} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {5AE75F92-C3B5-4D07-AD60-FCAF3CA63CE3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {5B288AB1-313C-4A59-92BA-E6592E8D3E44} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-5 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-5.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {5CAC4706-2C72-4A3F-A88D-B1B223DB0523} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {5D4E11FF-6143-43E8-B8A8-44A41B05AE8C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {66BD1350-62D0-4011-A248-1F276B18066C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {6D45B620-9BF8-4A9F-907F-5C4E7269193A} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION
Task: {7A357250-BC15-400E-806E-88922511B75A} - System32\Tasks\YCRGisIZoD9Cm6DqeoWc1A => C:\Users\Kiersten\AppData\Roaming\YCRGisIZoD9Cm6DqeoWc1A.exe [2015-04-20] () <==== ATTENTION
Task: {7BD84A73-1020-424B-97CE-9CDE65B8BC9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {7C0AEB60-255E-40A8-B941-BB8460204D64} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {80C5E719-FEEE-48A3-A6EF-94BA01B6A848} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6.exe [2015-08-15] (Cinema PlusV15.08) <==== ATTENTION
Task: {8C0B3E81-F4D7-4D4F-8BC8-1B5AD7F2CC69} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {8E87B4FA-A509-453D-9F36-DEBCB87BD3EC} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {9246DC46-2AA7-4EED-BEC2-47AC01590513} - System32\Tasks\updateTask => c:\task.vbs [2015-08-15] ()
Task: {99CF0B8F-F3CA-4D6A-858A-CA82C9D2E40E} - System32\Tasks\EnKJGdwNBHGGRlmNf8SRE => C:\Users\Kiersten\AppData\Roaming\EnKJGdwNBHGGRlmNf8SRE.exe [2015-04-20] () <==== ATTENTION
Task: {9CD7D940-C229-4207-B8D5-74C688014175} - System32\Tasks\teKMkB6K => C:\Users\Kiersten\AppData\Roaming\teKMkB6K.exe [2015-04-20] () <==== ATTENTION
Task: {A32A336F-28B7-41BA-A3C3-0FC2EBAF278D} - System32\Tasks\runTask => %TEMP%/Updater.exe
Task: {A9A7318B-4F3E-48DB-8D19-AB71D683953F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {B19B4CBE-ABAA-4CD9-890A-E0107E90E234} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {B2FB4EC0-6033-4AFF-920D-54B19AE68537} - System32\Tasks\WQwv3KpmPsr => C:\Users\Kiersten\AppData\Roaming\WQwv3KpmPsr.exe [2015-04-20] () <==== ATTENTION
Task: {BAFD7445-065F-4573-9E4E-E6538D68D9E4} - System32\Tasks\T4gXCLnUMxzjjehK499 => C:\Users\Kiersten\AppData\Roaming\T4gXCLnUMxzjjehK499.exe [2015-04-20] () <==== ATTENTION
Task: {BBFE1D45-4ADE-49B4-87C9-5E334799BB9C} - System32\Tasks\fOBTR2h8vsNdtKZcEfZRk2P => C:\Users\Kiersten\AppData\Roaming\fOBTR2h8vsNdtKZcEfZRk2P.exe [2015-04-20] () <==== ATTENTION
Task: {C1711E75-2B1B-4188-9182-79C0212E5F22} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-1-7.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {C834974A-52E6-4A4F-9BF9-2F3E7C9487B2} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {C87F3C20-B98D-4E71-92B4-6912914C7210} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-10.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {CC7CFE79-CF70-4674-A3E6-6E2A46126790} - System32\Tasks\PDCCKeQhID => C:\Users\Kiersten\AppData\Roaming\PDCCKeQhID.exe [2015-04-20] () <==== ATTENTION
Task: {CF25B38B-3D77-4344-889A-3A13010CE892} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION
Task: {CFAD7F61-F40B-40E5-B9AC-3BDAB601EFD1} - System32\Tasks\iLGQeLMFxsk54Y2v9R0Wq0VeYg => C:\Users\Kiersten\AppData\Roaming\iLGQeLMFxsk54Y2v9R0Wq0VeYg.exe [2015-04-20] () <==== ATTENTION
Task: {D2BAD76E-3A9E-4816-A926-7EDEC2001E9A} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-3 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-3.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {E27805AE-0FAF-4443-8156-E833317E3DD7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {E8E98ED9-C66B-4B46-9B59-0116A861EF5A} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-1-6.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {E979C603-755D-49B2-BC2D-CCCB3662FAEB} - System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-7 => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-7.exe [2015-08-16] (Cinema PlusV16.08) <==== ATTENTION
Task: {EC44560A-1013-4015-8820-528768360B8A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {F39034BB-F7FD-49FA-BD3F-41AC9D2ED566} - System32\Tasks\Uninstaller_SkipUac_Kiersten => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {F65CC83F-2FE4-43ED-A8CB-364874510AF6} - System32\Tasks\ASC8_SkipUac_Kiersten => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-04-09] (IObit)
Task: {FEE1CA23-5E89-4EFD-9669-AB244C3BF701} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-16] (globalUpdate) <==== ATTENTION
Task: {FF1AC3B4-7881-4013-8653-FA5EE995CEC2} - System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7 => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7.exe [2015-08-16] (Cinema PlusV15.08) <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-3.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-4.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.08\753e7b31-8664-4662-a958-e1e075582739-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV15.08\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\EdfyOM4fBIDgSFgg.job => C:\Users\Kiersten\AppData\Roaming\EdfyOM4fBIDgSFgg.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\EnKJGdwNBHGGRlmNf8SRE.job => C:\Users\Kiersten\AppData\Roaming\EnKJGdwNBHGGRlmNf8SRE.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\fOBTR2h8vsNdtKZcEfZRk2P.job => C:\Users\Kiersten\AppData\Roaming\fOBTR2h8vsNdtKZcEfZRk2P.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\iLGQeLMFxsk54Y2v9R0Wq0VeYg.job => C:\Users\Kiersten\AppData\Roaming\iLGQeLMFxsk54Y2v9R0Wq0VeYg.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\nT6b9z6fHoHYL.job => C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYL.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\nT6b9z6fHoHYLK2.job => C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYLK2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PDCCKeQhID.job => C:\Users\Kiersten\AppData\Roaming\PDCCKeQhID.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\T4gXCLnUMxzjjehK499.job => C:\Users\Kiersten\AppData\Roaming\T4gXCLnUMxzjjehK499.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\teKMkB6K.job => C:\Users\Kiersten\AppData\Roaming\teKMkB6K.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ve5g6cGfqjZz2.job => C:\Users\Kiersten\AppData\Roaming\ve5g6cGfqjZz2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\WQwv3KpmPsr.job => C:\Users\Kiersten\AppData\Roaming\WQwv3KpmPsr.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\YCRGisIZoD9Cm6DqeoWc1A.job => C:\Users\Kiersten\AppData\Roaming\YCRGisIZoD9Cm6DqeoWc1A.exe <==== ATTENTION

C:\Program Files (x86)\adlevel
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E
C:\Program Files (x86)\OnePCOptimizer
C:\Program Files (x86)\CinemaPlus-3.2cV16.08
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fCMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:

EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
"C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL" => Value data removed successfully.
"C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" => Value data removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OnePCOptimizer.lnk => moved successfully.
C:\Windows\Installer\{7394AE4B-5F34-4312-BA38-F6DDE78A39FF}\NewShortcut1_7B068A586C574F9D98837D1A8B7DE097.exe => moved successfully.
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E04457F-D6D4-4A7E-8277-5EF1CA591CC7}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{5E04457F-D6D4-4A7E-8277-5EF1CA591CC7}" => key removed successfully
C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\[email protected] => moved successfully.
C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\{ce6c03f1-0fd5-4d72-bbdb-eaa0c0124531}.xpi => moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c} => moved successfully.
globalUpdate => service removed successfully
globalUpdatem => service removed successfully
rexesine => service removed successfully
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-4.job => moved successfully.
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7.job => moved successfully.
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6.job => moved successfully.
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-5_user.job => moved successfully.
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-5.job => moved successfully.
C:\WINDOWS\Tasks\WQwv3KpmPsr.job => moved successfully.
C:\WINDOWS\Tasks\PDCCKeQhID.job => moved successfully.
C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-4 => moved successfully.
C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7 => moved successfully.
C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6 => moved successfully.
C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-5 => moved successfully.
C:\WINDOWS\System32\Tasks\WQwv3KpmPsr => moved successfully.
C:\WINDOWS\System32\Tasks\PDCCKeQhID => moved successfully.
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-7.job => moved successfully.
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-6.job => moved successfully.
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-3.job => moved successfully.
C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-7 => moved successfully.
C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-6 => moved successfully.
C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-3 => moved successfully.
C:\Program Files (x86)\309b873d-18a3-4b8e-bb23-52109d087189 => moved successfully.
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-10_user.job => moved successfully.
C:\Program Files (x86)\CinemaPlus-3.2cV16.08 => moved successfully.
C:\WINDOWS\Tasks\nT6b9z6fHoHYLK2.job => moved successfully.
C:\WINDOWS\Tasks\nT6b9z6fHoHYL.job => moved successfully.
C:\WINDOWS\System32\Tasks\nT6b9z6fHoHYLK2 => moved successfully.
C:\WINDOWS\System32\Tasks\nT6b9z6fHoHYL => moved successfully.
C:\WINDOWS\Tasks\EnKJGdwNBHGGRlmNf8SRE.job => moved successfully.
C:\WINDOWS\Tasks\ve5g6cGfqjZz2.job => moved successfully.
C:\WINDOWS\System32\Tasks\EnKJGdwNBHGGRlmNf8SRE => moved successfully.
C:\WINDOWS\System32\Tasks\ve5g6cGfqjZz2 => moved successfully.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7.job => moved successfully.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6.job => moved successfully.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5_user.job => moved successfully.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.job => moved successfully.
C:\WINDOWS\Tasks\fOBTR2h8vsNdtKZcEfZRk2P.job => moved successfully.
C:\WINDOWS\Tasks\YCRGisIZoD9Cm6DqeoWc1A.job => moved successfully.
C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7 => moved successfully.
C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6 => moved successfully.
C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5 => moved successfully.
C:\WINDOWS\System32\Tasks\fOBTR2h8vsNdtKZcEfZRk2P => moved successfully.
C:\WINDOWS\System32\Tasks\YCRGisIZoD9Cm6DqeoWc1A => moved successfully.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7.job => moved successfully.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6.job => moved successfully.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4.job => moved successfully.
C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4 => moved successfully.
C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7 => moved successfully.
C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6 => moved successfully.
C:\Users\Kiersten\Desktop\aswMBR.txt => moved successfully.
C:\Users\Kiersten\Desktop\MBR.dat => moved successfully.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3.job => moved successfully.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10_user.job => moved successfully.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => moved successfully.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => moved successfully.
C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA => moved successfully.
C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore => moved successfully.
C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3 => moved successfully.
C:\Program Files (x86)\CinemaPlus-3.2cV15.08 => moved successfully.
C:\Users\Kiersten\AppData\Local\globalUpdate => moved successfully.
C:\Program Files (x86)\globalUpdate => moved successfully.
C:\Users\Kiersten\AppData\Local\nssF779.tmp => moved successfully.
C:\WINDOWS\System32\Tasks\runTask => moved successfully.
C:\WINDOWS\System32\Tasks\updateTask => moved successfully.
C:\task.vbs => moved successfully.
C:\ProgramData\DataFile => moved successfully.
C:\Users\Public\Desktop\OnePCOptimizer.lnk => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\one pc optimizer => moved successfully.

"C:\Program Files (x86)\OnePCOptimizer" folder move:

Could not move "C:\Program Files (x86)\OnePCOptimizer" => Scheduled to move on reboot.

C:\Program Files (x86)\02c3a71d-57e0-485c-be0e-ad2830231d0f => moved successfully.
C:\Program Files (x86)\adlevel => moved successfully.
C:\Users\Kiersten\Desktop\TunePRO360.lnk => moved successfully.
C:\Program Files (x86)\TechVedic => moved successfully.
C:\WINDOWS\SysWOW64\0459cf.exe => moved successfully.
C:\Users\Kiersten\AppData\Local\CrashRpt => moved successfully.
C:\WINDOWS\Tasks\T4gXCLnUMxzjjehK499.job => moved successfully.
C:\WINDOWS\Tasks\teKMkB6K.job => moved successfully.
C:\WINDOWS\System32\Tasks\T4gXCLnUMxzjjehK499 => moved successfully.
C:\WINDOWS\System32\Tasks\teKMkB6K => moved successfully.
C:\WINDOWS\Tasks\iLGQeLMFxsk54Y2v9R0Wq0VeYg.job => moved successfully.
C:\WINDOWS\Tasks\EdfyOM4fBIDgSFgg.job => moved successfully.
C:\WINDOWS\System32\Tasks\iLGQeLMFxsk54Y2v9R0Wq0VeYg => moved successfully.
C:\WINDOWS\System32\Tasks\EdfyOM4fBIDgSFgg => moved successfully.
C:\Program Files (x86)\094486eb-82bc-4e53-8cf5-92b1bd4d0ed1 => moved successfully.
C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully.
C:\Users\Kiersten\AppData\Local\nsu7F4A.tmp => moved successfully.
C:\WINDOWS\System32\Tasks\7B402D49-5A27-42E7-A7F3-C880DF116F83 => moved successfully.
C:\Program Files (x86)\48A0C3FC-2898-45E4-B2B9-147D27D29D45 => moved successfully.
C:\Users\Kiersten\AppData\Local\EmieBrowserModeList => moved successfully.
C:\Users\Kiersten\AppData\Local\EmieUserList => moved successfully.
C:\Users\Kiersten\AppData\Local\EmieSiteList => moved successfully.
C:\Program Files (x86)\tunepro138x138.ico => moved successfully.
C:\Users\Kiersten\AppData\Roaming\com.zoosk.Desktop_state.xml => moved successfully.
C:\Users\Kiersten\AppData\Roaming\EdfyOM4fBIDgSFgg => moved successfully.
C:\Users\Kiersten\AppData\Roaming\EdfyOM4fBIDgSFgg.exe => moved successfully.
C:\Users\Kiersten\AppData\Roaming\EnKJGdwNBHGGRlmNf8SRE => moved successfully.
C:\Users\Kiersten\AppData\Roaming\EnKJGdwNBHGGRlmNf8SRE.exe => moved successfully.
C:\Users\Kiersten\AppData\Roaming\fOBTR2h8vsNdtKZcEfZRk2P => moved successfully.
C:\Users\Kiersten\AppData\Roaming\fOBTR2h8vsNdtKZcEfZRk2P.exe => moved successfully.
C:\Users\Kiersten\AppData\Roaming\iLGQeLMFxsk54Y2v9R0Wq0VeYg => moved successfully.
C:\Users\Kiersten\AppData\Roaming\iLGQeLMFxsk54Y2v9R0Wq0VeYg.exe => moved successfully.
C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYL => moved successfully.
C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYL.exe => moved successfully.
C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYLK2 => moved successfully.
C:\Users\Kiersten\AppData\Roaming\nT6b9z6fHoHYLK2.exe => moved successfully.
C:\Users\Kiersten\AppData\Roaming\PDCCKeQhID => moved successfully.
C:\Users\Kiersten\AppData\Roaming\PDCCKeQhID.exe => moved successfully.
C:\Users\Kiersten\AppData\Roaming\T4gXCLnUMxzjjehK499 => moved successfully.
C:\Users\Kiersten\AppData\Roaming\T4gXCLnUMxzjjehK499.exe => moved successfully.
C:\Users\Kiersten\AppData\Roaming\teKMkB6K => moved successfully.
C:\Users\Kiersten\AppData\Roaming\teKMkB6K.exe => moved successfully.
C:\Users\Kiersten\AppData\Roaming\ve5g6cGfqjZz2 => moved successfully.
C:\Users\Kiersten\AppData\Roaming\ve5g6cGfqjZz2.exe => moved successfully.
C:\Users\Kiersten\AppData\Roaming\WQwv3KpmPsr => moved successfully.
C:\Users\Kiersten\AppData\Roaming\WQwv3KpmPsr.exe => moved successfully.
C:\Users\Kiersten\AppData\Roaming\YCRGisIZoD9Cm6DqeoWc1A => moved successfully.
C:\Users\Kiersten\AppData\Roaming\YCRGisIZoD9Cm6DqeoWc1A.exe => moved successfully.
C:\Users\Kiersten\AppData\Local\msmathematics.qat.Kiersten => moved successfully.
"C:\Users\Kiersten\AppData\Local\nssF779.tmp" => File/Folder not found.
"C:\Users\Kiersten\AppData\Local\nsu7F4A.tmp" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C84AA99-7CCC-451A-80C6-558FA6B4CDBE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C84AA99-7CCC-451A-80C6-558FA6B4CDBE}" => key removed successfully
C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0CAF5098-9231-44C2-BD9D-9E73CE1937A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CAF5098-9231-44C2-BD9D-9E73CE1937A3}" => key removed successfully
C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5_user => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5_user" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0CC3D984-17C1-4356-941A-D14A574162FE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CC3D984-17C1-4356-941A-D14A574162FE}" => key removed successfully
C:\WINDOWS\System32\Tasks\ve5g6cGfqjZz2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ve5g6cGfqjZz2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0F2EA028-090E-4ECD-9850-35A00EE95AD3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F2EA028-090E-4ECD-9850-35A00EE95AD3}" => key removed successfully
C:\WINDOWS\System32\Tasks\nT6b9z6fHoHYL not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nT6b9z6fHoHYL" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{16DF8F86-86A7-4051-8D7B-C06E8664273C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16DF8F86-86A7-4051-8D7B-C06E8664273C}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{17E20163-0834-4C13-BDBC-A0A5783949B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17E20163-0834-4C13-BDBC-A0A5783949B1}" => key removed successfully
C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-6 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\753e7b31-8664-4662-a958-e1e075582739-6" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20406E07-045A-4231-9B2E-F26EFDD93FF7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20406E07-045A-4231-9B2E-F26EFDD93FF7}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemovalTools\MRT_HB" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2BBD2779-6BEF-43A4-85E9-9B22B0872E64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BBD2779-6BEF-43A4-85E9-9B22B0872E64}" => key removed successfully
C:\WINDOWS\System32\Tasks\nT6b9z6fHoHYLK2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nT6b9z6fHoHYLK2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E0A50E2-1432-4B5A-84D5-4136A3882D93}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E0A50E2-1432-4B5A-84D5-4136A3882D93}" => key removed successfully
C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10_user => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10_user" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{326BDB2B-3C16-4A4F-8B3F-ACD8EACA30CC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{326BDB2B-3C16-4A4F-8B3F-ACD8EACA30CC}" => key removed successfully
C:\WINDOWS\System32\Tasks\ASC8_PerformanceMonitor => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC8_PerformanceMonitor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{32817BC4-66BF-459F-B45C-FDD3AD8616CB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32817BC4-66BF-459F-B45C-FDD3AD8616CB}" => key removed successfully
C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-5_user => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\753e7b31-8664-4662-a958-e1e075582739-5_user" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3286B120-D4CE-485C-AEE5-4DFBE40563ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3286B120-D4CE-485C-AEE5-4DFBE40563ED}" => key removed successfully
C:\WINDOWS\System32\Tasks\EdfyOM4fBIDgSFgg not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EdfyOM4fBIDgSFgg" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{380B84BB-F8F2-4C71-B65B-0393429F1242}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{380B84BB-F8F2-4C71-B65B-0393429F1242}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\ProgramDataUpdater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C9A647B-D726-47C2-928E-707D242A3676}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C9A647B-D726-47C2-928E-707D242A3676}" => key removed successfully
C:\WINDOWS\System32\Tasks\7B402D49-5A27-42E7-A7F3-C880DF116F83 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7B402D49-5A27-42E7-A7F3-C880DF116F83" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3D7CEF9F-3D01-4687-A7A4-2D22A9D17A3D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D7CEF9F-3D01-4687-A7A4-2D22A9D17A3D}" => key removed successfully
C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4169F62E-3ED7-4827-A12C-93F41EC1EB55}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4169F62E-3ED7-4827-A12C-93F41EC1EB55}" => key removed successfully
C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineCore not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4E773E9C-4F97-4EFB-8C5E-F07FBD5C96DE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E773E9C-4F97-4EFB-8C5E-F07FBD5C96DE}" => key removed successfully
C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-4 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\753e7b31-8664-4662-a958-e1e075582739-4" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4F10265A-E6D9-40C3-854E-CC56E4EF6A11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F10265A-E6D9-40C3-854E-CC56E4EF6A11}" => key removed successfully
C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{57153552-5504-4A39-B869-361C2C873914}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57153552-5504-4A39-B869-361C2C873914}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_MKC_Logon_Task_itype.exe" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5AE75F92-C3B5-4D07-AD60-FCAF3CA63CE3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AE75F92-C3B5-4D07-AD60-FCAF3CA63CE3}" => key removed successfully
C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B288AB1-313C-4A59-92BA-E6592E8D3E44}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B288AB1-313C-4A59-92BA-E6592E8D3E44}" => key removed successfully
C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-5 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\753e7b31-8664-4662-a958-e1e075582739-5" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5CAC4706-2C72-4A3F-A88D-B1B223DB0523}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CAC4706-2C72-4A3F-A88D-B1B223DB0523}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D4E11FF-6143-43E8-B8A8-44A41B05AE8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D4E11FF-6143-43E8-B8A8-44A41B05AE8C}" => key removed successfully
C:\WINDOWS\System32\Tasks\MirageAgent => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MirageAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66BD1350-62D0-4011-A248-1F276B18066C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66BD1350-62D0-4011-A248-1F276B18066C}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_mousekeyboardcenter_exe" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6D45B620-9BF8-4A9F-907F-5C4E7269193A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D45B620-9BF8-4A9F-907F-5C4E7269193A}" => key removed successfully
C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A357250-BC15-400E-806E-88922511B75A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A357250-BC15-400E-806E-88922511B75A}" => key removed successfully
C:\WINDOWS\System32\Tasks\YCRGisIZoD9Cm6DqeoWc1A not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YCRGisIZoD9Cm6DqeoWc1A" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BD84A73-1020-424B-97CE-9CDE65B8BC9D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BD84A73-1020-424B-97CE-9CDE65B8BC9D}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C0AEB60-255E-40A8-B941-BB8460204D64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C0AEB60-255E-40A8-B941-BB8460204D64}" => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80C5E719-FEEE-48A3-A6EF-94BA01B6A848}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80C5E719-FEEE-48A3-A6EF-94BA01B6A848}" => key removed successfully
C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8C0B3E81-F4D7-4D4F-8BC8-1B5AD7F2CC69}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C0B3E81-F4D7-4D4F-8BC8-1B5AD7F2CC69}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_MKC_Logon_Task_ipoint.exe" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E87B4FA-A509-453D-9F36-DEBCB87BD3EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E87B4FA-A509-453D-9F36-DEBCB87BD3EC}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_ipoint_exe" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9246DC46-2AA7-4EED-BEC2-47AC01590513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9246DC46-2AA7-4EED-BEC2-47AC01590513}" => key removed successfully
C:\WINDOWS\System32\Tasks\updateTask not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\updateTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99CF0B8F-F3CA-4D6A-858A-CA82C9D2E40E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99CF0B8F-F3CA-4D6A-858A-CA82C9D2E40E}" => key removed successfully
C:\WINDOWS\System32\Tasks\EnKJGdwNBHGGRlmNf8SRE not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EnKJGdwNBHGGRlmNf8SRE" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9CD7D940-C229-4207-B8D5-74C688014175}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CD7D940-C229-4207-B8D5-74C688014175}" => key removed successfully
C:\WINDOWS\System32\Tasks\teKMkB6K not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\teKMkB6K" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A32A336F-28B7-41BA-A3C3-0FC2EBAF278D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A32A336F-28B7-41BA-A3C3-0FC2EBAF278D}" => key removed successfully
C:\WINDOWS\System32\Tasks\runTask not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\runTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9A7318B-4F3E-48DB-8D19-AB71D683953F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9A7318B-4F3E-48DB-8D19-AB71D683953F}" => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_itype_exe" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B19B4CBE-ABAA-4CD9-890A-E0107E90E234}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B19B4CBE-ABAA-4CD9-890A-E0107E90E234}" => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B2FB4EC0-6033-4AFF-920D-54B19AE68537}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2FB4EC0-6033-4AFF-920D-54B19AE68537}" => key removed successfully
C:\WINDOWS\System32\Tasks\WQwv3KpmPsr not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WQwv3KpmPsr" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BAFD7445-065F-4573-9E4E-E6538D68D9E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAFD7445-065F-4573-9E4E-E6538D68D9E4}" => key removed successfully
C:\WINDOWS\System32\Tasks\T4gXCLnUMxzjjehK499 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\T4gXCLnUMxzjjehK499" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BBFE1D45-4ADE-49B4-87C9-5E334799BB9C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBFE1D45-4ADE-49B4-87C9-5E334799BB9C}" => key removed successfully
C:\WINDOWS\System32\Tasks\fOBTR2h8vsNdtKZcEfZRk2P not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fOBTR2h8vsNdtKZcEfZRk2P" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C1711E75-2B1B-4188-9182-79C0212E5F22}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1711E75-2B1B-4188-9182-79C0212E5F22}" => key removed successfully
C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\753e7b31-8664-4662-a958-e1e075582739-1-7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C834974A-52E6-4A4F-9BF9-2F3E7C9487B2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C834974A-52E6-4A4F-9BF9-2F3E7C9487B2}" => key removed successfully
C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Synaptics TouchPad Enhancements" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C87F3C20-B98D-4E71-92B4-6912914C7210}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C87F3C20-B98D-4E71-92B4-6912914C7210}" => key removed successfully
C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-10_user => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\753e7b31-8664-4662-a958-e1e075582739-10_user" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC7CFE79-CF70-4674-A3E6-6E2A46126790}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC7CFE79-CF70-4674-A3E6-6E2A46126790}" => key removed successfully
C:\WINDOWS\System32\Tasks\PDCCKeQhID not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PDCCKeQhID" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CF25B38B-3D77-4344-889A-3A13010CE892}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF25B38B-3D77-4344-889A-3A13010CE892}" => key removed successfully
C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CFAD7F61-F40B-40E5-B9AC-3BDAB601EFD1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFAD7F61-F40B-40E5-B9AC-3BDAB601EFD1}" => key removed successfully
C:\WINDOWS\System32\Tasks\iLGQeLMFxsk54Y2v9R0Wq0VeYg not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iLGQeLMFxsk54Y2v9R0Wq0VeYg" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2BAD76E-3A9E-4816-A926-7EDEC2001E9A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2BAD76E-3A9E-4816-A926-7EDEC2001E9A}" => key removed successfully
C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\753e7b31-8664-4662-a958-e1e075582739-3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E27805AE-0FAF-4443-8156-E833317E3DD7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E27805AE-0FAF-4443-8156-E833317E3DD7}" => key removed successfully
C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E8E98ED9-C66B-4B46-9B59-0116A861EF5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8E98ED9-C66B-4B46-9B59-0116A861EF5A}" => key removed successfully
C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\753e7b31-8664-4662-a958-e1e075582739-1-6" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E979C603-755D-49B2-BC2D-CCCB3662FAEB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E979C603-755D-49B2-BC2D-CCCB3662FAEB}" => key removed successfully
C:\WINDOWS\System32\Tasks\753e7b31-8664-4662-a958-e1e075582739-7 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\753e7b31-8664-4662-a958-e1e075582739-7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC44560A-1013-4015-8820-528768360B8A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC44560A-1013-4015-8820-528768360B8A}" => key removed successfully
C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F39034BB-F7FD-49FA-BD3F-41AC9D2ED566}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F39034BB-F7FD-49FA-BD3F-41AC9D2ED566}" => key removed successfully
C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Kiersten => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Kiersten" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F65CC83F-2FE4-43ED-A8CB-364874510AF6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F65CC83F-2FE4-43ED-A8CB-364874510AF6}" => key removed successfully
C:\WINDOWS\System32\Tasks\ASC8_SkipUac_Kiersten => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC8_SkipUac_Kiersten" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEE1CA23-5E89-4EFD-9669-AB244C3BF701}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEE1CA23-5E89-4EFD-9669-AB244C3BF701}" => key removed successfully
C:\WINDOWS\System32\Tasks\globalUpdateUpdateTaskMachineUA not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FF1AC3B4-7881-4013-8653-FA5EE995CEC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF1AC3B4-7881-4013-8653-FA5EE995CEC2}" => key removed successfully
C:\WINDOWS\System32\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7" => key removed successfully
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-6.job not found.
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-1-7.job not found.
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-10_user.job not found.
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-3.job not found.
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-4.job not found.
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-5.job not found.
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-5_user.job not found.
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-6.job not found.
C:\WINDOWS\Tasks\753e7b31-8664-4662-a958-e1e075582739-7.job not found.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-6.job not found.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-1-7.job not found.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-10_user.job not found.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-3.job not found.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-4.job not found.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5.job not found.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-5_user.job not found.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-6.job not found.
C:\WINDOWS\Tasks\ea9c44e5-d3b5-4c30-a77d-112a39e92e5b-7.job not found.
C:\WINDOWS\Tasks\EdfyOM4fBIDgSFgg.job not found.
C:\WINDOWS\Tasks\EnKJGdwNBHGGRlmNf8SRE.job not found.
C:\WINDOWS\Tasks\fOBTR2h8vsNdtKZcEfZRk2P.job not found.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully.
C:\WINDOWS\Tasks\iLGQeLMFxsk54Y2v9R0Wq0VeYg.job not found.
C:\WINDOWS\Tasks\nT6b9z6fHoHYL.job not found.
C:\WINDOWS\Tasks\nT6b9z6fHoHYLK2.job not found.
C:\WINDOWS\Tasks\PDCCKeQhID.job not found.
C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => moved successfully.
C:\WINDOWS\Tasks\T4gXCLnUMxzjjehK499.job not found.
C:\WINDOWS\Tasks\teKMkB6K.job not found.
C:\WINDOWS\Tasks\ve5g6cGfqjZz2.job not found.
C:\WINDOWS\Tasks\WQwv3KpmPsr.job not found.
C:\WINDOWS\Tasks\YCRGisIZoD9Cm6DqeoWc1A.job not found.
"C:\Program Files (x86)\adlevel" => File/Folder not found.
"C:\Program Files (x86)\globalUpdate" => File/Folder not found.
"C:\Program Files (x86)\7D36FE88-1439049915-9688-D74E-089E01313F5E" => File/Folder not found.

"C:\Program Files (x86)\OnePCOptimizer" folder move:

Could not move "C:\Program Files (x86)\OnePCOptimizer" => Scheduled to move on reboot.

"C:\Program Files (x86)\CinemaPlus-3.2cV16.08" => File/Folder not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /fCMD: netsh advfirewall reset =========

ERROR: Invalid syntax.
Type "REG DELETE /?" for usage.

========= End of Reg: =========

=========  netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ip reset c:\resetlog.txt =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  ipconfig /release =========

Windows IP Configuration

No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::cd56:c92f:ef98:9f0e%4
   Default Gateway . . . . . . . . . :

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========

=========  ipconfig /renew =========

Windows IP Configuration

No operation can be performed on Local Area Connection* 12 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Ethernet while it has its media disconnected.

Wireless LAN adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : PK5001Z
   Link-local IPv6 Address . . . . . : fe80::cd56:c92f:ef98:9f0e%4
   IPv4 Address. . . . . . . . . . . : 192.168.0.108
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting , failed.
Access is denied.

Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

 

========= End of Reg: =========

========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.

 

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {D95EAD3F-7575-4F45-9D62-A3A49EAA4244}.
Unable to cancel {1D7AA9AE-D93B-4249-91F3-333C08E80ADC}.
Unable to cancel {5C7917BE-59E2-4BA6-963E-74548B501639}.
0 out of 3 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 395.1 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-08-16 13:00:22)<=

C:\Program Files (x86)\OnePCOptimizer => Is moved successfully
C:\Program Files (x86)\OnePCOptimizer => Is moved successfully

==== End of Fixlog 13:00:22 ====


  • 0

#18
Essexboy
Posted 16 August 2015 - 12:18 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That would suggest that a downloader is still hiding then

Could I have a fresh FRST scan please

THEN

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here
  • 0

#19
Kiersten
Posted 16 August 2015 - 12:36 PM

Kiersten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
Ran by Kiersten (administrator) on KIERSTEN (16-08-2015 14:32:39)
Running from C:\Users\Kiersten\Desktop
Loaded Profiles: Kiersten (Available Profiles:  & Kiersten & CareBear17)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
() C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\35832e431aaed2f5400e0c644d9e4252\WindowsUpdateBox.exe
(Microsoft Corporation) C:\$Windows.~BT\Sources\SetupHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-16] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-10-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-10-07] (Lenovo(beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [Lenovo EasyCamera_Monitor] => C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe [257224 2010-08-24] ()
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-03] (Lenovo)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1272704 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [GoogleChromeAutoLaunch_25A8A4F1613307037910DB1CD61EA586] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-04-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-10-07]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-01-24]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\CareBear17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2013-05-11]
ShortcutTarget: IMVU.lnk -> C:\Users\Kiersten\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
Startup: C:\Users\CareBear17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-03-17]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D032015-AC44713A88D0B45FFA7F&form=CONMHP&conlogo=CT3331981
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D032015-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D032015-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> {6E1F3657-4FA0-428B-ACC9-0670D408AD84} URL =
SearchScopes: HKU\S-1-5-21-1505448478-352576845-3373465650-1001 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D032015-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-19] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-19] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-19] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-19] (Google Inc.)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{6E81E6E8-CCD9-4B50-9CC0-E32B757BD967}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{6E81E6E8-CCD9-4B50-9CC0-E32B757BD967}: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{6FA0805A-085C-4D4B-A02B-91B22C21879E}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{9F03B164-EA0D-44DB-B5C9-F56786DAD5B8}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{d56524bb-5e4e-11e4-8250-806e6f6e6963}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{E236AC00-1294-4A29-AC64-CCEDC682C7FD}: [NameServer] 199.115.114.39,8.8.8.8
Tcpip\..\Interfaces\{E236AC00-1294-4A29-AC64-CCEDC682C7FD}: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D032015-AC44713A88D0B45FFA7F&form=CONMHP&conlogo=CT3331981
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-07-16] ( )
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-19] (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.0.3942197\npmathplugin.dll [2012-12-19] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1505448478-352576845-3373465650-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Kiersten\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-02] (Unity Technologies ApS)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\Extensions\[email protected] [2015-04-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-10-07]
FF HKLM-x32\...\Firefox\Extensions: [{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c}] - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c}
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-19]
CHR Extension: (Google Wallet) - C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (CinemaPlus-3.2cV15.08) - C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-08-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-20] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953720 2012-08-17] (Broadcom Corporation.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-06] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-03-20] (Broadcom Corporation.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-07-31] (GFI Software)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-20] (REALiX™)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-03-20] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2015-03-20] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1059064 2012-08-24] (Sunplus)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 14:30 - 2015-08-16 14:30 - 02173440 _____ (Farbar) C:\Users\Kiersten\Desktop\FRST64.exe
2015-08-16 14:30 - 2015-08-16 14:30 - 00000000 ____D C:\Users\Kiersten\Desktop\FRST-OlderVersion
2015-08-15 20:53 - 2015-08-15 20:53 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-08-15 16:18 - 2015-08-15 16:19 - 00055099 _____ C:\AdwCleaner[C1].txt
2015-08-15 16:16 - 2015-08-15 16:18 - 00000000 ____D C:\AdwCleaner
2015-08-15 16:16 - 2015-08-15 16:16 - 00051724 _____ C:\AdwCleaner[S1].txt
2015-08-15 16:14 - 2015-08-15 16:14 - 01563648 _____ C:\Users\Kiersten\Downloads\AdwCleaner(1).exe
2015-08-15 16:12 - 2015-08-15 16:12 - 01563648 _____ C:\Users\Kiersten\Downloads\AdwCleaner.exe
2015-08-15 10:16 - 2015-08-16 12:17 - 00050657 _____ C:\Users\Kiersten\Desktop\Addition.txt
2015-08-15 10:14 - 2015-08-16 14:32 - 00024621 _____ C:\Users\Kiersten\Desktop\FRST.txt
2015-08-15 10:07 - 2015-08-16 14:32 - 00000000 ____D C:\FRST
2015-08-15 10:05 - 2015-08-15 10:06 - 02173952 _____ (Farbar) C:\Users\Kiersten\Downloads\FRST64.exe
2015-08-14 19:24 - 2015-08-14 19:24 - 00291000 _____ C:\WINDOWS\Minidump\081415-34265-01.dmp
2015-08-14 18:50 - 2015-08-14 18:50 - 00288360 _____ C:\WINDOWS\Minidump\081415-38546-01.dmp
2015-08-14 18:28 - 2015-08-14 18:29 - 00289936 _____ C:\WINDOWS\Minidump\081415-29500-01.dmp
2015-08-13 03:22 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:22 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 02:56 - 2015-08-16 12:59 - 00044312 _____ C:\WINDOWS\PFRO.log
2015-08-13 02:56 - 2015-08-16 12:59 - 00003268 _____ C:\WINDOWS\setupact.log
2015-08-13 02:56 - 2015-08-13 02:57 - 00291000 _____ C:\WINDOWS\Minidump\081315-24968-01.dmp
2015-08-13 02:56 - 2015-08-13 02:56 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-12 21:01 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-12 21:01 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 20:55 - 2015-07-16 17:14 - 25192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-12 20:55 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-12 20:55 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-12 20:55 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-12 20:55 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-12 20:55 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-12 20:55 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-12 20:55 - 2015-07-16 16:20 - 19870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-12 20:55 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-12 20:55 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-12 20:55 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-12 20:55 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-12 20:55 - 2015-07-16 15:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-12 20:55 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-12 20:55 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-12 20:55 - 2015-07-16 15:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-12 20:55 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-12 20:55 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 20:55 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-12 20:55 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-12 20:55 - 2015-07-16 15:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-12 20:55 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-12 20:55 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-12 20:55 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 20:55 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-12 20:55 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-12 20:55 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-12 20:55 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-12 20:55 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-12 20:55 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-12 20:55 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-12 20:48 - 2015-07-13 23:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-12 20:48 - 2015-07-13 23:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-12 20:48 - 2015-07-10 13:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-12 20:48 - 2015-07-10 12:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-12 20:47 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-12 20:47 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-12 20:47 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-12 20:47 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-12 20:47 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-12 20:47 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-12 20:47 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-12 20:46 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-12 20:46 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-12 20:46 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-12 20:42 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-12 20:42 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-12 20:42 - 2015-06-09 14:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-12 20:39 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-12 20:39 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-12 20:39 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-12 20:37 - 2015-07-18 21:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-12 20:37 - 2015-07-18 14:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-12 20:37 - 2015-07-18 14:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-12 20:37 - 2015-07-18 14:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-12 20:37 - 2015-07-18 14:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-12 20:37 - 2015-07-18 14:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-12 20:37 - 2015-07-18 14:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-12 20:37 - 2015-07-18 14:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-12 20:37 - 2015-07-18 14:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-12 20:37 - 2015-07-18 14:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-12 20:37 - 2015-07-18 14:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-12 20:37 - 2015-07-18 14:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-12 20:33 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 20:33 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 20:33 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 20:33 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 20:33 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 20:33 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-12 20:33 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-12 20:33 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-12 20:33 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-12 20:29 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-12 20:29 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-12 20:28 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 20:28 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 20:28 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 20:28 - 2015-05-11 20:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-08-12 20:18 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-12 20:18 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-12 20:18 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-12 20:18 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-12 20:08 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 20:08 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 20:08 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 20:08 - 2015-07-24 14:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-12 20:08 - 2015-07-24 14:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 20:08 - 2015-07-24 14:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-12 20:08 - 2015-07-24 13:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 20:08 - 2015-07-24 13:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-08 12:05 - 2015-08-05 21:14 - 00000854 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-08 12:03 - 2015-08-08 12:23 - 00000000 ____D C:\Program Files (x86)\OSDownloader
2015-08-08 12:03 - 2015-08-08 12:03 - 00000003 _____ C:\Users\CareBear17\Desktop\2.txt
2015-08-08 12:03 - 2015-08-08 12:03 - 00000003 _____ C:\Users\CareBear17\Desktop\1.txt
2015-08-08 10:36 - 2015-08-08 12:10 - 02125197 _____ C:\Users\CareBear17\Downloads\BattleTowers-1.7.10.zip
2015-08-08 10:31 - 2015-08-08 12:06 - 01164029 _____ C:\Users\CareBear17\Downloads\GraveStone-2.11.3.jar
2015-08-08 10:30 - 2015-08-08 10:30 - 00625453 _____ C:\Users\CareBear17\Downloads\DoomlikeDungeons-1.7.5-MC1.7.10.jar
2015-08-08 10:26 - 2015-08-08 10:26 - 00117768 _____ C:\Users\CareBear17\Downloads\EasyCrafting-1.7.10-2.0.1.16.jar
2015-08-08 10:23 - 2015-08-08 10:23 - 00063764 _____ C:\Users\CareBear17\Downloads\FinderCompass-1.7.10.jar
2015-08-08 10:20 - 2015-08-08 10:20 - 00133784 _____ C:\Users\CareBear17\Downloads\xaeros_minimap_v1.4.9.2_1.7.10_Forge.jar
2015-08-07 19:27 - 2015-08-08 09:55 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-07 19:27 - 2015-08-08 09:55 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-06 16:13 - 2015-08-06 16:14 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-08-06 16:13 - 2015-08-06 16:13 - 00000984 _____ C:\Users\Public\Desktop\Minecraft.lnk
2015-08-06 16:13 - 2015-08-06 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-08-06 06:35 - 2015-08-06 06:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-08-06 06:34 - 2015-08-06 06:34 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2015-08-05 21:52 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-08-05 21:52 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-08-05 21:52 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-08-05 21:52 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-05 21:52 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-08-05 21:52 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-05 21:52 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-08-05 21:52 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-08-05 21:52 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-08-05 21:52 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-08-05 21:52 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-08-05 21:52 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-08-05 21:52 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-08-05 21:52 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-08-05 21:52 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-08-05 21:52 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-08-05 21:52 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-08-05 21:52 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-08-05 21:52 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-08-05 21:52 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-08-05 21:52 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-08-05 21:52 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-08-05 21:52 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-08-05 21:52 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-08-05 21:52 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-05 21:52 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-08-05 21:52 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-05 21:52 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-05 21:52 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-08-05 21:52 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-08-05 21:52 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-08-05 21:52 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-08-05 21:51 - 2015-05-11 14:17 - 01201664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-08-05 21:51 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-08-05 21:51 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-08-05 21:51 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-08-05 21:50 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-05 21:50 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-05 21:50 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-08-05 21:50 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-08-05 21:49 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-08-05 21:49 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-08-05 21:49 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-08-05 21:49 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-08-05 21:49 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-08-05 21:49 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-08-05 21:49 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-08-05 21:49 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-08-05 21:49 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-08-05 21:49 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-08-05 21:49 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-08-05 21:49 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-08-05 21:49 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-08-05 21:49 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-08-05 21:48 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-08-05 21:48 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-08-05 21:48 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-08-05 21:48 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-05 21:48 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-05 21:48 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-08-05 21:48 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-08-05 21:48 - 2015-04-28 09:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-08-05 21:48 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-08-05 21:48 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-08-05 21:47 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-08-05 21:47 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-08-05 21:47 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-08-05 21:47 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-08-05 21:14 - 2015-08-05 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-08-05 21:14 - 2015-08-05 21:14 - 00000000 ____D C:\Program Files\McAfee Security Scan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 14:30 - 2014-10-27 23:52 - 01370551 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-16 14:25 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-16 14:24 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-16 14:23 - 2014-10-28 03:01 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-16 14:22 - 2014-09-08 22:55 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-16 14:05 - 2013-01-26 01:11 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1505448478-352576845-3373465650-1001
2015-08-16 14:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-16 13:17 - 2014-10-28 00:05 - 00000000 ___RD C:\Users\Kiersten\OneDrive
2015-08-16 12:59 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-16 12:08 - 2015-03-20 19:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-16 12:06 - 2014-09-14 21:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-16 12:04 - 2015-04-26 14:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-16 11:45 - 2014-10-28 00:14 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{631CFC46-6FD0-4139-B4FF-7409B198DDA2}
2015-08-15 20:12 - 2015-04-05 13:07 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-08-15 17:46 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-15 17:18 - 2015-03-20 20:17 - 00000000 ____D C:\ProgramData\ProductData
2015-08-15 16:21 - 2014-11-02 08:35 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-08-15 16:20 - 2014-10-27 23:18 - 00000000 ____D C:\Users\Kiersten
2015-08-15 16:19 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-15 15:54 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-08-15 15:54 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-15 15:32 - 2015-07-09 22:27 - 923325890 _____ C:\WINDOWS\MEMORY.DMP
2015-08-15 15:32 - 2014-12-26 11:29 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-15 09:55 - 2015-03-20 20:16 - 00002208 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-08-14 18:40 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-14 18:35 - 2014-10-27 23:18 - 00000000 ____D C:\Users\CareBear17
2015-08-14 07:17 - 2014-09-07 21:55 - 00106469 _____ C:\WINDOWS\wininit.ini
2015-08-14 06:46 - 2014-09-24 03:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-13 21:18 - 2013-01-26 01:03 - 00000000 ____D C:\Users\Kiersten\AppData\Local\Packages
2015-08-13 03:37 - 2013-08-22 10:44 - 00509824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-13 03:34 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 03:34 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-13 03:34 - 2013-08-22 09:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-08-13 03:33 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-13 03:33 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-13 03:23 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-13 03:22 - 2013-08-04 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 03:22 - 2013-08-04 22:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 03:22 - 2013-08-04 22:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 03:21 - 2013-07-21 01:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-13 03:17 - 2013-01-27 16:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 03:17 - 2013-01-26 10:46 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-13 03:15 - 2014-12-14 20:30 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-13 03:15 - 2014-09-24 05:50 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-13 03:14 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 03:14 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 03:14 - 2012-07-26 01:26 - 00000167 _____ C:\WINDOWS\win.ini
2015-08-13 02:39 - 2014-11-01 08:56 - 00003946 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D957F1F4-BC28-4951-902D-C2055D430341}
2015-08-12 21:47 - 2013-01-26 14:57 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1505448478-352576845-3373465650-1004
2015-08-09 15:40 - 2013-11-01 22:47 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\.minecraft
2015-08-09 14:12 - 2015-02-13 11:19 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\IMVU
2015-08-08 12:04 - 2014-09-14 21:36 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-07 19:20 - 2015-04-05 13:07 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-08-07 19:20 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-08-07 19:20 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-08-07 17:41 - 2014-07-02 12:27 - 00000000 ____D C:\Users\CareBear17\AppData\Local\Screencast-O-Matic
2015-08-06 09:46 - 2014-12-26 09:36 - 00001419 _____ C:\Users\CareBear17\Desktop\ROBLOX Player.lnk
2015-08-06 09:46 - 2014-12-26 09:34 - 00001234 _____ C:\Users\CareBear17\Desktop\ROBLOX Studio.lnk
2015-08-06 09:46 - 2014-12-26 09:34 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-08-06 09:46 - 2013-01-26 15:03 - 00000000 ____D C:\Users\CareBear17\AppData\Local\Google
2015-08-05 21:14 - 2015-03-18 19:50 - 00001961 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-08-05 21:14 - 2015-03-18 19:50 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-08-05 20:18 - 2013-08-22 11:36 - 00000000 __RSD C:\WINDOWS\Media
2015-08-05 20:18 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2015-08-05 20:18 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2015-08-05 20:18 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-08-05 20:17 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-05 20:17 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\servicing
2015-08-05 20:16 - 2015-04-03 07:45 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\ProductData
2015-08-05 20:16 - 2015-03-20 20:18 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\ProductData
2015-08-05 20:16 - 2015-03-20 20:16 - 00000000 ____D C:\Users\Kiersten\AppData\Roaming\IObit
2015-08-05 20:16 - 2014-07-02 14:16 - 00000000 ____D C:\Users\CareBear17\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screencast-O-Matic
2015-08-05 20:16 - 2013-11-08 23:11 - 00000000 ____D C:\Users\Public\StarStableOnline
2015-08-05 20:14 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-05 19:25 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\registration

==================== Files in the root of some directories =======

2012-10-07 04:39 - 2012-10-07 04:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-10-08 20:46 - 2015-03-21 09:40 - 0003173 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-16 13:17

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Kiersten (2015-08-16 14:33:14)
Running from C:\Users\Kiersten\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1505448478-352576845-3373465650-500 - Administrator - Disabled)
CareBear17 (S-1-5-21-1505448478-352576845-3373465650-1004 - Limited - Enabled) => C:\Users\CareBear17
Guest (S-1-5-21-1505448478-352576845-3373465650-501 - Limited - Disabled)
Kiersten (S-1-5-21-1505448478-352576845-3373465650-1001 - Administrator - Enabled) => C:\Users\Kiersten

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510nz_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.8 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.2.0 - IObit)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CinemaPlus-3.2cV15.08 (HKLM-x32\...\CinemaPlus-3.2cV15.08) (Version: 1.36.01.22 - Cinema PlusV15.08) <==== ATTENTION
CinemaPlus-3.2cV16.08 (HKLM-x32\...\CinemaPlus-3.2cV16.08) (Version: 1.36.01.22 - Cinema PlusV16.08) <==== ATTENTION
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12212.0 - Cisco Consumer Products LLC)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
EasyTether (HKLM-x32\...\{8d3ac0f3-14ee-49ab-9193-a8dbdc6fec0c}) (Version: 1.1.17 - Mobile Stream)
EasyTether (Version: 1.1.17 - Mobile Stream) Hidden
EasyTether ADB USB driver (HKLM\...\{7DD41AE3-10F5-4C46-961C-FAE786519FFF}) (Version: 1.0.0 - Mobile Stream)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
Enterprise (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version:  - SEIKO EPSON Corporation)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FindingDiscount (HKLM-x32\...\FindingDiscount) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 4500 G510n-z 14.0 Rel. 6 (HKLM\...\{6B9B2E57-D988-4258-8A2C-6F3657A600BD}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{DD7D6D84-93AB-48CA-A759-94324E341CBA}) (Version: 2.00.0012.0723 - Lenovo)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1900 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.5.7 - Lenovo EasyCamera)
Lenovo MuteSync (HKLM-x32\...\{16D5D9E9-C8DE-4014-A09C-B9B5ABA0F7FA}) (Version: 1.0.10 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version:  - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.8.1 - LG Electronics)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mathematica Extras 9.0 (3942197) (HKLM\...\A-WIN-Extras 9.0.0 3942197_is1) (Version: 9.0.0 - Wolfram Research, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 en-US)) (Version: 24.5.0 - Mozilla)
Nitro Pro 7 (HKLM\...\{72D264E5-0C44-42DF-820B-621303E5C183}) (Version: 7.4.1.21 - Nitro PDF Software)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.0.9 - Lenovo)
OnePCOptimizer (HKLM-x32\...\{7394AE4B-5F34-4312-BA38-F6DDE78A39FF}) (Version: 1.0.0.0 - One PC Optimizer)
OpenSoftwareUpdater (HKLM-x32\...\OpenSoftwareUpdater) (Version:  - )
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ServiceUpdater (HKLM-x32\...\ServiceUpdater) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SpaceSoundPro Service (HKLM-x32\...\zz.1434.ssp) (Version: 1.0.0 - CSDI)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
TI-83 Plus Flash Debugger (HKLM-x32\...\TI-83 Plus Flash Debugger) (Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
TunePro360 (HKLM-x32\...\TunePRO360) (Version: 0.01 - )
Unity Web Player (HKU\S-1-5-21-1505448478-352576845-3373465650-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Wolfram CDF Player (M-WIN-D 9.0.0 3942419) (HKLM-x32\...\M-WIN-D 9.0.0 3942419_is1) (Version: 9.0.0 - Wolfram Research, Inc.)
WordSurfer 1.10.0.19 (HKLM-x32\...\WordSurfer_1.10.0.19) (Version: 1.10.0.19 - WordSurfer)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

13-08-2015 03:11:31 Windows Update
15-08-2015 15:54:18 Restore Point Created by FRST
15-08-2015 17:07:09 Restore Point Created by FRST
16-08-2015 11:53:18 Restore Point Created by FRST
16-08-2015 12:56:46 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-08-05 21:14 - 00000854 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (Whitelisted) ==============

2012-08-17 13:23 - 2012-08-17 13:23 - 00044408 _____ () C:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-07-16 03:49 - 2012-07-16 03:49 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2010-08-24 10:44 - 2010-08-24 10:44 - 00257224 _____ () C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe
2015-03-20 20:16 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2015-03-20 20:17 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2014-09-07 21:01 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-07 21:01 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-07 21:01 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-07 21:01 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-07 21:01 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-03-20 20:16 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2015-03-20 20:17 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-03-20 20:17 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-03-20 20:17 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-08-12 20:44 - 2015-08-07 20:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll
2015-08-12 20:44 - 2015-08-07 20:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2012-10-07 04:58 - 2012-07-12 08:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2012-10-07 04:20 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-12-15 21:02 - 2014-12-15 21:02 - 02107464 _____ () C:\Users\Kiersten\AppData\LocalLow\Unity\WebPlayer\mono\Stable3.x.x\mono-1-vc.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Kiersten\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1505448478-352576845-3373465650-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kiersten\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img6.jpg
DNS Servers: 199.115.114.39 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8C927F82-77F8-402B-8CF9-AC105F20D017}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{F9249D40-6372-4CF6-BEDF-C13443ABE034}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{306CF4D6-33CB-46C5-BBDE-8C1982EE0FA2}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{BE268FBD-6C6D-4237-B038-E4EF14598C7C}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [{8B9E7302-FCF3-4B51-99D0-C4490B34F8BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{939EF656-3005-43E7-AB3B-C47A2BD1924A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2015 02:30:32 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (08/16/2015 02:30:32 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/16/2015 02:30:32 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (08/16/2015 02:30:32 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/16/2015 01:01:13 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (08/16/2015 01:01:13 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/16/2015 01:00:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (08/16/2015 01:00:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/16/2015 01:00:09 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.

Error: (08/16/2015 01:00:09 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

System errors:
=============
Error: (08/16/2015 02:26:09 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 02:25:57 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 02:25:57 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 02:25:57 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 02:25:57 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 02:25:56 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 02:25:56 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 02:25:45 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 02:25:37 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Error: (08/16/2015 02:25:37 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}

Microsoft Office:
=========================
Error: (08/16/2015 02:30:32 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (08/16/2015 02:30:32 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/16/2015 02:30:32 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (08/16/2015 02:30:32 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/16/2015 01:01:13 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (08/16/2015 01:01:13 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/16/2015 01:00:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (08/16/2015 01:00:15 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/16/2015 01:00:09 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.

Error: (08/16/2015 01:00:09 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Kiersten\AppData\Local\Microsoft\Windows\\UsrClass.dat

CodeIntegrity:
===================================
  Date: 2015-08-16 13:22:56.819
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 23:27:06.242
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 23:27:05.945
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 21:25:02.346
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 21:25:02.112
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 21:25:01.783
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 21:25:01.549
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 21:24:58.424
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 21:24:58.158
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-08-15 21:24:57.924
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 36%
Total physical RAM: 8052.91 MB
Available physical RAM: 5099.65 MB
Total Virtual: 16244.91 MB
Available Virtual: 12729.24 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:650.86 GB) (Free:566.55 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1EE3F689)

Partition: GPT.

==================== End of log ============================


  • 0

#20
Essexboy
Posted 16 August 2015 - 01:13 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nothing evident there of a downloader, lets see what MBAM can find.... I assume the redirects are now history
  • 0

#21
Kiersten
Posted 16 August 2015 - 01:32 PM

Kiersten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

What is MBAM?


  • 0

#22
Essexboy
Posted 16 August 2015 - 01:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Malwarebytes you have it installed :)

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here
  • 0

#23
Kiersten
Posted 16 August 2015 - 03:47 PM

Kiersten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/16/2015
Scan Time: 4:06 PM
Logfile: malwarebytesscan.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.16.03
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Kiersten

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 488486
Time Elapsed: 1 hr, 32 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 161
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\APPID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}, Quarantined, [b2d1d633f49755e13c16bcd6d62c9e62],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [b2d1d633f49755e13c16bcd6d62c9e62],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [b2d1d633f49755e13c16bcd6d62c9e62],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [b2d1d633f49755e13c16bcd6d62c9e62],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [b2d1d633f49755e13c16bcd6d62c9e62],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [b2d1d633f49755e13c16bcd6d62c9e62],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [b2d1d633f49755e13c16bcd6d62c9e62],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}, Quarantined, [b2d1d633f49755e13c16bcd6d62c9e62],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}, Quarantined, [b2d1d633f49755e13c16bcd6d62c9e62],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}, Quarantined, [b2d1d633f49755e13c16bcd6d62c9e62],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D2A19E15-4D23-41F5-8035-E2D730DA691C}, Quarantined, [b2d1d633f49755e13c16bcd6d62c9e62],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\APPID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}, Quarantined, [7a0971980b802c0a1340484a57abeb15],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [7a0971980b802c0a1340484a57abeb15],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [7a0971980b802c0a1340484a57abeb15],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [7a0971980b802c0a1340484a57abeb15],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [7a0971980b802c0a1340484a57abeb15],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3COMClassService, Quarantined, [7a0971980b802c0a1340484a57abeb15],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [7a0971980b802c0a1340484a57abeb15],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}, Quarantined, [7a0971980b802c0a1340484a57abeb15],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}, Quarantined, [7a0971980b802c0a1340484a57abeb15],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}, Quarantined, [7a0971980b802c0a1340484a57abeb15],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E3EBCC2D-D239-4CA9-BF77-8DC68381D6CA}, Quarantined, [7a0971980b802c0a1340484a57abeb15],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1AB0B6A3-9BC5-419B-B86D-40FA2998A131}, Quarantined, [562ddf2ae6a52b0b88c331618a782ed2],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [562ddf2ae6a52b0b88c331618a782ed2],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [562ddf2ae6a52b0b88c331618a782ed2],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [562ddf2ae6a52b0b88c331618a782ed2],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoreClass, Quarantined, [562ddf2ae6a52b0b88c331618a782ed2],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [562ddf2ae6a52b0b88c331618a782ed2],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.CoreClass.1, Quarantined, [562ddf2ae6a52b0b88c331618a782ed2],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1AB0B6A3-9BC5-419B-B86D-40FA2998A131}, Quarantined, [562ddf2ae6a52b0b88c331618a782ed2],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3DBBAB3C-4077-4EC4-BF2C-E89C7784846A}, Quarantined, [dfa4e821f4974ceae469246e639f3cc4],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [dfa4e821f4974ceae469246e639f3cc4],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [dfa4e821f4974ceae469246e639f3cc4],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [dfa4e821f4974ceae469246e639f3cc4],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebSvc, Quarantined, [dfa4e821f4974ceae469246e639f3cc4],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [dfa4e821f4974ceae469246e639f3cc4],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [dfa4e821f4974ceae469246e639f3cc4],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3DBBAB3C-4077-4EC4-BF2C-E89C7784846A}, Quarantined, [dfa4e821f4974ceae469246e639f3cc4],
PUP.Optional.ConsumerInput.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [503315f4fa910135701b9b007b878878],
PUP.Optional.ConsumerInput.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [503315f4fa910135701b9b007b878878],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F90B8F59-792D-4F5A-97AD-06E83284F9AB}, Quarantined, [a4dfba4f3b50f640391b167c57abc937],
PUP.Optional.HighDefAction.A, HKLM\SOFTWARE\HighDefAction, Quarantined, [097a0900eaa144f2b2ed871fe4209c64],
PUP.Optional.YorkNewCin.A, HKLM\SOFTWARE\YorkNewCin, Quarantined, [80035faa2d5e3bfb4961475f8f75659b],
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD, Quarantined, [bcc73fca0388e551a9f1bde5000444bc],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [95ee00092962ac8aec13fba45da79e62],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickProcessLauncherMachine, Quarantined, [ee95e02993f849ede916f2ade024fa06],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickProcessLauncherMachine.1.0, Quarantined, [820137d2355656e020dfc6d931d30af6],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoCreateAsync, Quarantined, [f98a7f8ad4b761d57e827a2610f435cb],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoCreateAsync.1.0, Quarantined, [c3c0cd3ce8a3c96d7c840b9550b4be42],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreClass, Quarantined, [ccb728e1a1eaa78f2fd1940c6c98b947],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreClass.1, Quarantined, [354e64a5dbb0ad896799217fa064b34d],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreMachineClass, Quarantined, [b6cdc445aedda78f6c94bde39c689070],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CoreMachineClass.1, Quarantined, [582ba267ccbf74c24fb1435d778d9868],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CredentialDialogMachine, Quarantined, [fb8868a1d2b97abc7d8377291be9728e],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.CredentialDialogMachine.1.0, Quarantined, [245f51b89af152e4c43cd1cf16eeb54b],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachine, Quarantined, [443fed1c89020a2c946cfaa6d52faa56],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [f48f17f2e7a461d59c64188807fdd42c],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachineFallback, Quarantined, [89fa2bde414a330310f03c6424e06799],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [b6cd47c2c6c5b383d927ecb422e2f709],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc, Quarantined, [4d3630d9d6b5fa3c16ea6c34828243bd],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [473c44c562294de93ac6f4ac986ca957],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.ProcessLauncher, Quarantined, [a3e090790e7de45205fb1090fa0ad927],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.ProcessLauncher.1.0, Quarantined, [93f047c294f76cca778948586e9632ce],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3COMClassService, Quarantined, [5231ac5d8209122405fb6a363dc79b65],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3COMClassService.1.0, Quarantined, [7013010884073ef8f20e534d0004f808],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebMachine, Quarantined, [295a51b8e5a6191de9174b5549bb718f],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebMachine.1.0, Quarantined, [9ce70bfe622960d619e7623e18ecda26],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebMachineFallback, Quarantined, [d1b2729729623303c040aef2e71d09f7],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebMachineFallback.1.0, Quarantined, [7013a3667912b086b14f7f2158ac49b7],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebSvc, Quarantined, [0b78b059fb9095a1dd23069a63a1e917],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\CLASSES\globalUpdateUpdate.Update3WebSvc.1.0, Quarantined, [3e455aaf4d3e8caa669a7828e61eae52],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\APPID\ConsumerInputUpdate.exe, Quarantined, [b3d0c643a0eb4aec7bc274ae27dca060],
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\CLASSES\APPID\GLOBALUPDATE.EXE, Quarantined, [95ee759491fa72c4868bf3b14bb936ca],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\ConsumerInputUpdate.exe, Quarantined, [295a8683cac10d2973ca0220956e55ab],
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\GLOBALUPDATE.EXE, Quarantined, [c1c231d893f8fd39ad648321689c18e8],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [0e75db2e38537eb85b763c1e17ecbd43],
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32LDR  , Quarantined, [5c279871c1ca50e68559594e56ae2ad6],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [01827a8f7714102698d79afa699b639d],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [daa961a8b3d8ee482648a5eff212d52b],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV15.08, Quarantined, [344f8980d0bb80b62b715cd816eda65a],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV15.08-nv, Quarantined, [a7dc8287711a70c6bfddb1833fc456aa],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV15.08-nv-ie, Quarantined, [265dde2b97f4f145e4b839fb4eb5748c],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV16.08, Quarantined, [255e17f29eedd660d8c45dd7986b30d0],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV16.08-nv, Quarantined, [dda6e227e5a6e452128a2c088b78f10f],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV16.08-nv-ie, Quarantined, [2e554abfd3b8171f6438be769172c838],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\ConsumerInput, Quarantined, [483b6d9cdab1d2646055a6787f84ae52],
PUP.Optional.Crossbrowse.A, HKLM\SOFTWARE\WOW6432NODE\Crossbrowse, Quarantined, [c3c011f84249fb3bd5318899c93a5fa1],
PUP.Optional.HighDefAction.A, HKLM\SOFTWARE\WOW6432NODE\HighDefAction, Quarantined, [186b719857344ee8bbe4cadcec1804fc],
PUP.Optional.ObjectBrowser.A, HKLM\SOFTWARE\WOW6432NODE\Object Browser-nv, Quarantined, [8300b6537e0dff372d9a31f507fc20e0],
PUP.Optional.ObjectBrowser.A, HKLM\SOFTWARE\WOW6432NODE\Object Browser-nv-ie, Quarantined, [275cbb4ecac1d75fc8ff3ee8bc4717e9],
PUP.Optional.WordSurfer.A, HKLM\SOFTWARE\WOW6432NODE\WordSurfer_1.10.0.19, Quarantined, [265d69a076157fb7aae5694537cd7888],
PUP.Optional.YorkNewCin.A, HKLM\SOFTWARE\WOW6432NODE\YorkNewCin, Quarantined, [31528f7af299ab8be2c88323040006fa],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [eb989d6c6f1c211500b760be7c87a060],
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\WOW6432NODE\ARENAHD, Quarantined, [5f2487820f7c4ceafb9fa7fb49bba957],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickCtrl.10, Quarantined, [315232d71279e353dc23336ce321718f],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickProcessLauncherMachine, Quarantined, [98eb0801315a142238c75946ec188b75],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdate.OneClickProcessLauncherMachine.1.0, Quarantined, [f98a6c9ddcaf7eb88c730b9426de31cf],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoCreateAsync, Quarantined, [374c09005b30b284da26b2eebd4728d8],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoCreateAsync.1.0, Quarantined, [bdc67099721971c5ef11ccd4679db44c],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreClass, Quarantined, [bbc8ec1d315a231340c08b15f70d2ed2],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreClass.1, Quarantined, [1f64fc0daedd3cfa827effa151b38878],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreMachineClass, Quarantined, [d6ad0207d6b531056c94326e7e8623dd],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CoreMachineClass.1, Quarantined, [94efb3566e1dd46248b8158bbc48639d],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CredentialDialogMachine, Quarantined, [8102f910cbc056e0f20e3d63956fd52b],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.CredentialDialogMachine.1.0, Quarantined, [0f74eb1e5d2e999dfd03e0c056ae24dc],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachine, Quarantined, [c2c18881d5b63cfa0000cfd1da2a728e],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [bfc4ad5c800b85b1a15f3b65d92b857b],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachineFallback, Quarantined, [dea5de2b701ba88e5da3dec226de02fe],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [770c34d5751690a651af029e0202f808],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc, Quarantined, [ee95e029ddae4fe7847cb5ebff05c13f],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [10739673a1ea3600aa56356b659f2bd5],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.ProcessLauncher, Quarantined, [8ef5de2b6922092dfd03dec2a4609967],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.ProcessLauncher.1.0, Quarantined, [255e2adf5536a49204fc87194db75da3],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3COMClassService, Quarantined, [c2c1c6430487fc3abb45168a30d4bf41],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3COMClassService.1.0, Quarantined, [483b45c4f09b4beb2bd5e1bf04000df3],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebMachine, Quarantined, [e49f82876922ee4810f0039dd72d817f],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebMachine.1.0, Quarantined, [ceb5c445404bc076ff01019f03017c84],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebMachineFallback, Quarantined, [add6c7426c1f7eb8ce32c4dc06fecc34],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebMachineFallback.1.0, Quarantined, [057e40c90a810432619ff1af5ca8fd03],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebSvc, Quarantined, [d3b01eeb593261d52dd3dfc149bb4bb5],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\globalUpdateUpdate.Update3WebSvc.1.0, Quarantined, [7d06bf4ac2c939fdec144e523dc7c53b],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\ConsumerInputUpdate.exe, Quarantined, [dba824e542491b1b3d006eb40df64bb5],
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\GLOBALUPDATE.EXE, Quarantined, [671cec1df19a9f97ea27287c3bc9e719],
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE\Clients, Quarantined, [cdb6fc0d6b20f244e506683df3110cf4],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [fc875eab5a3182b440911e3ce51e3dc3],
PUP.Optional.SushiLeads.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SushiLeadsApplication_RASAPI32, Quarantined, [582b30d978137db99209307f4eb639c7],
PUP.Optional.SushiLeads.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\SushiLeadsApplication_RASMANCS, Quarantined, [1e659e6b7e0da09686151897778da15f],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [285b63a6682378bec3c56c276d97ac54],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [a9da55b4e6a53bfb6f1abed5e2224ab6],
PUP.Optional.SushiLeads.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SushiLeadsUpdaterService, Quarantined, [ef9460a9a2e942f4ffd79e7ea75c56aa],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV15.08-nv, Quarantined, [6d16d534a1ea9d99663762d2b251936d],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV15.08-nv-ie, Quarantined, [aad9e821b4d756e0f7a6af85857e03fd],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV16.08-nv, Quarantined, [0b78e722b7d488aececff143887b20e0],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18\SOFTWARE\CinemaPlus-3.2cV16.08-nv-ie, Quarantined, [6c17da2f117aa393029bbd77887b926e],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [c0c3bb4eacdf61d57627fba712f2639d],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\CinemaPlus-3.2cV15.08, Quarantined, [196a71985e2dc76f019c989c5ba87a86],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\CinemaPlus-3.2cV15.08-nv, Quarantined, [a5de52b7c3c873c37627959f659e58a8],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\CinemaPlus-3.2cV15.08-nv-ie, Quarantined, [50337f8a3f4c5cda9904f044986b16ea],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\CinemaPlus-3.2cV16.08, Quarantined, [7f04030659327eb8b6e7f341ce35d12f],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\CinemaPlus-3.2cV16.08-nv, Quarantined, [1370d13872199e98bbe267cd49ba669a],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\CinemaPlus-3.2cV16.08-nv-ie, Quarantined, [9be8a663573457df0e8f5ada6b98ff01],
PUP.Optional.ConsumerInput.C, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\ConsumerInput, Quarantined, [a6dd66a3c4c73afc3caf9b85b053cb35],
PUP.Optional.Crossbrowse.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Crossbrowse, Quarantined, [780beb1e23689f9728dd7ba632d108f8],
PUP.Optional.Crossbrowse.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\CrossBrowser, Quarantined, [394ac643830850e6cb3a62bf659ebc44],
PUP.Optional.HighDefAction.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\HighDefAction, Quarantined, [cab942c78cff8ea875296f37ed17ff01],
PUP.Optional.ObjectBrowser.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Object Browser-nv, Quarantined, [dca74fbae2a97db9dbed1a0cef146a96],
PUP.Optional.ObjectBrowser.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\Object Browser-nv-ie, Quarantined, [7211e9200388d2641cac4adc55ae8a76],
PUP.Optional.YorkNewCin.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\YorkNewCin, Quarantined, [394a9f6aa2e99a9c5e4bf1b5fb09966a],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [8bf86d9cef9cb284dd49eb9f5ea67d83],
PUP.Optional.CinemaPlus.C, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\ARENAHD, Quarantined, [067d7b8e216af93d3069465cf80ca65a],
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, Quarantined, [641faf5aa8e35adc6272ad73867daa56],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [cfb44fbab8d346f0e44a87b7fd063bc5],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Cinema PlusV15.08, Quarantined, [e99a7693f2994ee80e10b282669d758b],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Cinema PlusV16.08, Quarantined, [146f48c11378cc6a58c6cd67eb1858a8],
PUP.Optional.Conduit.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [dea5f316018a73c33f2e6f40ad57f709],
PUP.Optional.Conduit.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9143E921-7C9A-4D27-AC43-EACCC78CC55A}, Quarantined, [7b0850b9f09b9b9be9845c53b3515ba5],
PUP.Optional.ConsumerInput, HKU\S-1-5-21-1505448478-352576845-3373465650-1004\SOFTWARE\Compete, Quarantined, [b9caf811ed9eee484070a60856aea45c],
PUP.Optional.ConsumerInput.C, HKU\S-1-5-21-1505448478-352576845-3373465650-1004\SOFTWARE\ConsumerInput, Quarantined, [4043dc2d54379e985d8efc245ea5e51b],
PUP.Optional.Rocket.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1004\SOFTWARE\wse rocket, Quarantined, [13703bcebad1a294b8f0ae0020e412ee],
PUP.Optional.ConsumerInput, HKU\S-1-5-21-1505448478-352576845-3373465650-1004\SOFTWARE\APPDATALOW\SOFTWARE\COMPETE, Quarantined, [8ff4719898f3bc7ae9c6c6e88a7aef11],
PUP.Optional.OneSystemCare.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1004\SOFTWARE\ONE SYSTEM CARE, Quarantined, [b9caf6130c7f6ec846ce109f22e2ce32],

Registry Values: 26
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD|value, 1, Quarantined, [bcc73fca0388e551a9f1bde5000444bc]
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\CLASSES\APPID\GLOBALUPDATE.EXE|AppID, {3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [95ee759491fa72c4868bf3b14bb936ca]
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\GLOBALUPDATE.EXE|AppID, {3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [c1c231d893f8fd39ad648321689c18e8]
PUP.Optional.PCTuner.C, HKLM\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [305362a7dbb0a98d0e975c46b94bf709]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130835242010321707, Quarantined, [90f30504bccfe74f409d891e5ca832ce]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130835242010321707, Quarantined, [2261e821e3a81422508d9b0c11f32bd5]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130835242010321707, Quarantined, [1d6618f1642777bf9e3fbbec43c1fa06]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130835242010321707, Quarantined, [6b1813f6305b77bf6c71abfc22e210f0]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130835242010321707, Quarantined, [dea56c9d15767bbb78658f180cf839c7]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130835242010321707, Quarantined, [cfb4d6336a2184b2c5183c6b1fe59f61]
PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr  |{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130835242010321707, Quarantined, [5c279871c1ca50e68559594e56ae2ad6]
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\WOW6432NODE\ARENAHD|value, 1, Quarantined, [5f2487820f7c4ceafb9fa7fb49bba957]
PUP.Optional.GlobalUpdate.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\GLOBALUPDATE.EXE|AppID, {3278F5CF-48F3-4253-A6BB-004CE84AF492}, Quarantined, [671cec1df19a9f97ea27287c3bc9e719]
PUP.Optional.PCTuner.C, HKLM\SOFTWARE\WOW6432NODE\HIGHDEFACTION|value, 1, Quarantined, [582bd039c8c353e32d78a9f924e0d030]
PUP.Optional.TunePro360.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c}, C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{969a43f0-fd3b-4026-aa4b-af70ac7c9d9c}, Quarantined, [93f0a66373183df9acac090eda29867a]
PUP.Optional.CinemaPlus.C, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\ARENAHD|value, 1, Quarantined, [067d7b8e216af93d3069465cf80ca65a]
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, IE, Quarantined, [641faf5aa8e35adc6272ad73867daa56]
PUP.Optional.PCTuner.C, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [0083fe0b8704bb7be6bdb6ecd331d22e]
PUP.Optional.Conduit.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.bing.com/...={searchTerms},Quarantined, [dea5f316018a73c33f2e6f40ad57f709]
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://www.cassiopes...2047286878&ir=,Quarantined, [9ce759b03e4d76c034ed08a36d97659b]
PUP.Optional.Cassiopesa.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\Users\Kiersten\AppData\LocalLow\Microsoft\Internet Explorer\Services\Tny_Cassiopesa.ico, Quarantined, [344f46c38dfe3006af72d4d7659fb24e]
PUP.Optional.Conduit.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9143e921-7c9a-4d27-ac43-eaccc78cc55a}|URL, http://www.bing.com/...={searchTerms},Quarantined, [7b0850b9f09b9b9be9845c53b3515ba5]
PUP.Optional.ConsumerInput, HKU\S-1-5-21-1505448478-352576845-3373465650-1004\SOFTWARE\APPDATALOW\SOFTWARE\COMPETE|Install_Dir, C:\Program Files (x86)\Consumer Input\InternetExplorer, Quarantined, [8ff4719898f3bc7ae9c6c6e88a7aef11]
PUP.Optional.OneSystemCare.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1004\SOFTWARE\ONE SYSTEM CARE|OSID, 6.2, Quarantined, [b9caf6130c7f6ec846ce109f22e2ce32]
PUP.Optional.OneSystemCare.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1004\SOFTWARE\ONE SYSTEM CARE|AdvertsLink1, http://dl.softserver...3/DriverPro.exe, Quarantined, [afd423e6c1ca57dfc3b09e099a6a7987]
PUP.Optional.OneSystemCare.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1004\SOFTWARE\ONE SYSTEM CARE|AdvertsLink2, http://dl.softserver...LiveSupport.exe, Quarantined, [1f64a366810a2d09d59eaff84db78b75]

Registry Data: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-1505448478-352576845-3373465650-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.bing.com/...nlogo=CT3331981, Good: (www.google.com), Bad: (http://www.bing.com/?pc=COSP&ptag=D032015-AC44713A88D0B45FFA7F&form=CONMHP&conlogo=CT3331981),Replaced,[1a697d8c13782214aa5d490bcb3ae21e]

Folders: 12
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar, Quarantined, [582b5cad99f2241239b369b608fb27d9],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\userCode, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\icons, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\icons\actions, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\api, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\popupResource, Quarantined, [3b48b3560f7c55e17643e62e03009a66],

Files: 95
PUP.Optional.WordSurfer.A, C:\Windows\System32\drivers\wsafd_1_10_0_19.sys, Quarantined, [87fcae5bc1ca50e62d03790e44c11ae6],
PUP.Optional.InstallCore.A, C:\Users\Kiersten\Downloads\IDM2-Win-EN.exe, Quarantined, [305335d4b2d93ff7e64959643ac79769],
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar\wb.log, Quarantined, [582b5cad99f2241239b369b608fb27d9],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\background.html, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\chromeCoreFilesIndex.txt, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\manifest.json, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\popup.html, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\Settings.json, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\manifest.xml, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins.json, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\273.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\102.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\119.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\13.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\14.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\17.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\178.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\179.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\180.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\184.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\19.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\195.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\200.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\220.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\223.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\231.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\232.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\234.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\242.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\246.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\252.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\253.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\262.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\263.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\281.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\288.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\289.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\300.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\335.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\339.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\345.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\354.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\356.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\376.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\380.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\385.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\389.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\390.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\391.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\4.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\424.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\437.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\47.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\64.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\7.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\78.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\80.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\9.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\91.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\plugins\97.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\userCode\background.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\extensionData\userCode\extension.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\icons\icon128.png, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\icons\icon16.png, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\icons\icon48.png, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\icons\actions\1.png, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\03eaf6a86d0767e7de1c88a3d96e7db3.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\8b53d562a8f9dfd14e9a9b41907fba0d.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\main.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\api\3a82451ed155dacd79af59a56988ca8a.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\api\6c3bea1e317702165d1dc2818a17ec34.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\api\8491a689ba1a0374e7214a4b3df74025.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\api\bbfbfc9f15332a1f9d7405e64af08920.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\api\ea789da3a818379b45b36fe82bfd972a.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\api\pageAction.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\0ade246cb4ef0bf4b824ca23e599d6e3.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\0c262042d0b245633dd13ff361c52f30.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\1e0b67e6a92b07533112a21cbcd292ba.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\227a447d3fc550e30a3b2e64ed0cc102.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\55f6875053641eb3508ddf43c3ef946f.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\571f0d0ac00e61225530de383c6a7be5.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\5a0ab370627d82217c72d3aa95c0078d.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\8c4db1b65719388b85166e5d1957f1a6.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\90a80cafcd1170069c1b633c897dc519.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\a266b5742319642b9ec1d2a13daddb84.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\app_api.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\bc5dcc0ee32acb46bcfedd658fe34732.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\e4f4e896c496e5795b1c5e31a6e840ea.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\f7644be4d9b17d5a460706563ff8749d.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\fdb8adafc3cc1d2c9d051e98c8e1ca2a.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\installer.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\popupResource\newPopup.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.CinemaPlus.C, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp\1.26.99_0\js\lib\popupResource\popup.js, Quarantined, [3b48b3560f7c55e17643e62e03009a66],
PUP.Optional.SafeFinder, C:\Users\Kiersten\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwareb...ebrowser/"]}}),Bad: ("session":{"restore_on_startup":4,"startup_urls":["http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfoQRlU9C7SLLXcFTGdpi36xgfvdlEAb94qAApcjs1f-3w28HhtoN5Mxuq1gNWyOUft91X23uxXqdmJob6-1kI89qNX-YYyOAyhKqGUq4Ajdt3Vw1nfzNtpPtustLmou4fWqujFkwvaV6FDv9G5JdQ,,","http://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=55&CUI=&UM=8&UP=&D=081215&SSPV=","http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfoQRlU9C7SLLXcFTGdpi36xgfvdlEAb94qAApcjs1f-3w28HhtoN5Mxuq1gNWyOUft91X23uxXqdmJob6-1kI89qNX-YYyOAyhKqGUq4Ajdt3Vw1nfzNtpPtustLmou4fWqujFkwvaV6FDv9G5JdQ,"]},"sync":{"remaining_rollback_tries":0}}), Replaced,[9ae9c7429af1b680b28b701e6e97da26]
PUP.Optional.Conduit.A, C:\Users\Kiersten\AppData\Roaming\Mozilla\Firefox\Profiles\1ixhj4a4.default\prefs.js, Good: (browser.startup.homepage", "https://www.malwareb...storebrowser/),Bad: (browser.startup.homepage", "http://www.bing.com/?pc=COSP&ptag=D032015-AC44713A88D0B45FFA7F&form=CONMHP&conlogo=CT3331981), Replaced,[10737792e1aa72c44769a7e85fa6a65a]

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#24
Essexboy
Posted 17 August 2015 - 07:22 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer now ? MBAM cleared all the Chrome areas that I cannot see along with the registry :)
  • 0

#25
Kiersten
Posted 17 August 2015 - 04:26 PM

Kiersten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

It is way better. I can actually get places and get stuff done


  • 0

Advertisements

#26
Essexboy
Posted 18 August 2015 - 07:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#27
Kiersten
Posted 18 August 2015 - 04:39 PM

Kiersten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts

So I am safe to get rid of the other malware programs I have correct?


  • 0

#28
Essexboy
Posted 19 August 2015 - 07:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes, to be honest all you really need is an antivirus and Malwarebytes (run once a month)
  • 0

#29
Essexboy
Posted 21 August 2015 - 02:41 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP