Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dell Inspiron 17R ... bought on QVC ... want to make sure it's not

Started by moondog830 , Aug 27 2015 11:37 AM

  • This topic is locked This topic is locked

#1
moondog830
Posted 27 August 2015 - 11:37 AM

moondog830

    Member

  • Member
  • PipPipPip
  • 804 posts

I just got done working on a computer for a woman at our church and her husband bought this on QVC ... I took a look at it, and there seems to be a lot of 'cleaner' type programs as well as driver update programs (guessing he might have put them on), but they are nothing like what you peeps use here at geekstogo. Also could use help making sure the startup doesn't open everything on the laptop :)

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by steve (administrator) on STEVESTOY (27-08-2015 12:36:15)
Running from E:\
Loaded Profiles: steve (Available Profiles: steve)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(PC Drivers HeadQuarters LP) C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAOsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(PC Drivers HeadQuarters LP) C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAO.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\DriverSupport.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Boost Shopping) C:\Program Files (x86)\Boost\Boost.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
(Dell) C:\Program Files\Dell\Dell Data Services\DDSSvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft) C:\Program Files\Dell\Dell Foundation Services\DFSSystrayUI.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-08-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-08-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-08-26] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-11] (Intel Corporation)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-07] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3757678590-2456448946-363355813-1001\...\Run: [Boost] => C:\Program Files (x86)\Boost\Boost.exe [445328 2015-06-17] (Boost Shopping)
HKU\S-1-5-21-3757678590-2456448946-363355813-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1381648 2015-07-02] (Lavasoft)
HKU\S-1-5-21-3757678590-2456448946-363355813-1001\...\Run: [GoogleChromeAutoLaunch_A82703E31615C0F8DCB43AC2B79D910D] => C:\Users\steve\AppData\Local\Chromium\Application\chrome.exe [663552 2015-06-25] (The Chromium Authors)
HKU\S-1-5-21-3757678590-2456448946-363355813-1001\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26168088 2015-06-19] (SlimWare Utilities, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-07] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3757678590-2456448946-363355813-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_27&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuzztDtCzytAyEyB0EtByD0BtD0FyC0AtCtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0D0A0AzzyCyCtDtGyDyC0ByDtGyDtBzytBtGyEzz0DtBtG0B0CyC0DyC0C0B0A0AzztBzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyEtA0DyEzyyBtAtG0C0EzytBtGyEyB0DtAtG0B0Czy0FtGyEtAyCzy0DyE0F0Czy0DtD0C2QtN0A0LzuyE%26cr%3D2080586533%26a%3Dwny_secureddownload_15_27%26os%3DWindows 8.1
HKU\S-1-5-21-3757678590-2456448946-363355813-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3757678590-2456448946-363355813-1001 -> DefaultScope {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_15_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztDtCzytAyEyB0EtByD0BtD0FyC0AtCtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzz0DtAtA0CtCyCtGyE0EyCtDtGzytDyD0CtGyDzyyCyBtG0C0E0AtAyD0E0ByB0D0BtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FtDyByDtB0CtAtGtCtDyD0AtGyEtDyEtAtGzzyEyEtDtGzz0Ezy0CtAzyyCyCyC0AtA0D2QtN0A0LzuyE%26cr%3D1128450857%26a%3Dwncy_secureddownload_15_27%26os%3DWindows 8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3757678590-2456448946-363355813-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\S-1-5-21-3757678590-2456448946-363355813-1001 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_15_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztDtCzytAyEyB0EtByD0BtD0FyC0AtCtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzz0DtAtA0CtCyCtGyE0EyCtDtGzytDyD0CtGyDzyyCyBtG0C0E0AtAyD0E0ByB0D0BtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FtDyByDtB0CtAtGtCtDyD0AtGyEtDyEtAtGzzyEyEtDtGzz0Ezy0CtAzyyCyCyC0AtA0D2QtN0A0LzuyE%26cr%3D1128450857%26a%3Dwncy_secureddownload_15_27%26os%3DWindows 8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3757678590-2456448946-363355813-1001 -> {F112EE08-D236-449B-B930-2B81F903A761} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_secureddownload_15_27&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuzztDtCzytAyEyB0EtByD0BtD0FyC0AtCtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtDtFtCtDtFtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0D0A0AzzyCyCtDtGyDyC0ByDtGyDtBzytBtGyEzz0DtBtG0B0CyC0DyC0C0B0A0AzztBzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyEtA0DyEzyyBtAtG0C0EzytBtGyEyB0DtAtG0B0Czy0FtGyEtAyCzy0DyE0F0Czy0DtD0C2QtN0A0LzuyE%26cr%3D2080586533%26a%3Dwny_secureddownload_15_27%26os%3DWindows 8.1&p={searchTerms}
BHO: Boost -> {2299856A-6506-42E3-A34F-CD35A47C1B19} -> C:\Program Files (x86)\Boost\64Boost.dll [2015-06-17] (Boost)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-07] (Avast Software s.r.o.)
BHO-x32: Boost -> {2299856A-6506-42E3-A34F-CD35A47C1B19} -> C:\Program Files (x86)\Boost\Boost.dll [2015-06-17] (Boost)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-07] (Avast Software s.r.o.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-02] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-02] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-02] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-02] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [342016 2015-07-02] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-02] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-02] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-02] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-02] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-02] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{683B0B36-237A-44AE-A8A6-392F5A22E5A9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DB55183E-6CDB-4D58-A2A9-A30B0353E14E}: [DhcpNameServer] 192.168.10.1
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-11] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-18] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-07]
 
Chrome: 
=======
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast SafePrice) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-07-18]
CHR Extension: (My Email XP) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcpjemfpcjonokgbnadafdmdpmplgfej [2015-07-18]
CHR Extension: (Avast Online Security) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-03]
CHR Extension: (Ask Search) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-07-07]
CHR Extension: (iLivid) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-07-07]
CHR Extension: (Google Wallet) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-03]
CHR Extension: (SnapMyScreen) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj [2015-07-10]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-07] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-07] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
R2 Dell Data Services; C:\Program Files\Dell\Dell Data Services\DDSSvc.exe [46792 2015-06-19] (Dell)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [116424 2015-08-18] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-06-09] (Dell Inc.)
R2 DSAO; C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAOsvc.exe [1689040 2015-06-25] (PC Drivers HeadQuarters LP)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-11] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-07-02] (Lavasoft Limited)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-08-26] (Realtek Semiconductor)
S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [13312 2015-07-02] () [File not signed]
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-03] (SoftThinks SAS)
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [244504 2015-06-19] (SlimWare Utilities, Inc.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-07] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-07] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-07] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-07] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-07] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-07] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1448248 2015-08-26] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-26] (REALiX™)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [250608 2015-08-26] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2015-08-26] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3776792 2015-08-26] (Intel Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-08-26] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33448 2015-08-26] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16056 2015-08-27] (SlimWare Utilities, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-07] (Avast Software)
S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-27 12:36 - 2015-08-27 12:36 - 00000000 ____D C:\FRST
2015-08-27 12:35 - 2015-08-19 09:35 - 02173440 _____ (Farbar) C:\Users\steve\Desktop\FRST64.exe
2015-08-26 18:55 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-26 18:55 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-26 17:34 - 2015-08-26 17:34 - 01399536 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2015-08-26 17:34 - 2015-08-26 17:34 - 00881368 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2015-08-26 17:34 - 2015-08-26 17:34 - 00129312 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2015-08-26 17:34 - 2015-08-26 17:34 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-08-26 17:33 - 2015-08-26 17:33 - 00033448 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2015-08-26 17:32 - 2015-08-26 17:32 - 01448248 _____ (Motorola Solutions, Inc.) C:\Windows\system32\Drivers\btmhsf.sys
2015-08-26 17:32 - 2015-08-26 17:32 - 00250608 _____ (Intel Corporation) C:\Windows\system32\Drivers\ibtusb.sys
2015-08-26 17:32 - 2015-08-26 17:32 - 00233712 _____ (Intel Corporation) C:\Windows\system32\ibtproppage.dll
2015-08-26 17:31 - 2015-08-26 17:31 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2015-08-26 17:31 - 2015-08-26 17:31 - 08355960 _____ C:\Windows\system32\Drivers\Netwfw02.dat
2015-08-26 17:31 - 2015-08-26 17:31 - 03776792 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwbw02.sys
2015-08-26 17:31 - 2015-08-26 17:31 - 00402136 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
2015-08-26 17:31 - 2015-08-26 17:31 - 00083160 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX64.dll
2015-08-26 17:31 - 2015-08-26 17:31 - 00000000 ____D C:\Windows\SysWOW64\sda
2015-08-26 17:31 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-08-26 17:31 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-26 17:31 - 2015-05-11 14:17 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-08-26 17:31 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-26 17:31 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-08-26 17:31 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-26 17:31 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-08-26 17:31 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-08-26 17:31 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-08-26 17:31 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-08-26 17:31 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-26 17:31 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-26 17:31 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-08-26 17:31 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-08-26 17:31 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-08-26 17:31 - 2015-01-29 23:01 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-08-26 17:31 - 2015-01-29 23:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-08-26 17:31 - 2014-11-04 15:25 - 00059712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-08-26 17:31 - 2014-11-04 15:25 - 00051008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-08-26 17:31 - 2014-11-04 02:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-08-26 17:31 - 2014-11-04 02:54 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-08-26 17:31 - 2014-11-04 02:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-08-26 17:31 - 2014-11-04 02:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-08-26 17:30 - 2015-08-26 17:30 - 00031095 _____ C:\Windows\system32\Drivers\rtwavesEFX.dat
2015-08-26 17:30 - 2015-08-26 17:30 - 00010945 _____ C:\Windows\system32\Drivers\rtwavesMFX.dat
2015-08-26 17:30 - 2015-08-26 17:30 - 00003146 _____ C:\Windows\System32\Tasks\RtHDVBg_PushButton
2015-08-26 17:30 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-26 17:30 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-26 17:30 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-26 17:30 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-26 17:30 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-26 17:30 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-26 17:30 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-26 17:30 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-08-26 17:30 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-08-26 17:30 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-08-26 17:30 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-26 17:30 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-08-26 17:30 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-26 17:30 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-26 17:30 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-08-26 17:29 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-08-26 17:29 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-08-26 17:29 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-08-26 17:29 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-08-26 17:29 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-08-26 17:29 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-08-26 17:29 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-08-26 17:29 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-08-26 17:29 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-08-26 17:28 - 2015-07-13 23:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-26 17:28 - 2015-07-13 23:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-26 17:28 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-26 17:28 - 2015-07-10 13:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-26 17:28 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-26 17:28 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-26 17:28 - 2015-07-10 12:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-26 17:28 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCORES64.dat
2015-08-26 17:26 - 2015-08-26 17:26 - 35222128 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-08-26 17:26 - 2015-08-26 17:26 - 12996528 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 11899824 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxVoiceAPO30.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 07087448 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2015-08-26 17:26 - 2015-08-26 17:26 - 04514008 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-08-26 17:26 - 2015-08-26 17:26 - 03691608 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioMeters64.exe
2015-08-26 17:26 - 2015-08-26 17:26 - 03234520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 03195416 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 02930904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 02918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 02702552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-08-26 17:26 - 2015-08-26 17:26 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 01949952 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 01749208 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 01718528 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 01374640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 01310936 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 01192368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 01145264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 00980400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 00397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 00184688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-08-26 17:25 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-26 17:25 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-26 17:14 - 2015-08-26 17:14 - 00000000 ____D C:\ProgramData\ProductData
2015-08-26 17:12 - 2015-08-27 12:29 - 00002876 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (steve)
2015-08-26 17:12 - 2015-08-26 17:14 - 00002162 _____ C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-08-26 17:12 - 2015-08-26 17:12 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-08-26 17:12 - 2015-08-26 17:12 - 00003234 _____ C:\Windows\System32\Tasks\Driver Booster Scan
2015-08-26 17:12 - 2015-08-26 17:12 - 00003178 _____ C:\Windows\System32\Tasks\Driver Booster Update
2015-08-26 17:12 - 2015-08-26 17:12 - 00000000 ____D C:\Users\steve\AppData\Roaming\IObit
2015-08-26 17:12 - 2015-08-26 17:12 - 00000000 ____D C:\Users\steve\AppData\Local\GWX
2015-08-26 17:12 - 2015-08-26 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-08-26 17:12 - 2015-08-26 17:12 - 00000000 ____D C:\ProgramData\IObit
2015-08-26 17:12 - 2015-08-26 17:12 - 00000000 ____D C:\Program Files (x86)\IObit
2015-08-26 17:06 - 2015-08-08 09:55 - 00794088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-26 17:06 - 2015-08-08 09:55 - 00179688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-25 14:52 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-25 14:52 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-25 14:38 - 2015-07-18 21:58 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-25 14:38 - 2015-07-18 14:51 - 03704320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-25 14:38 - 2015-07-18 14:31 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-25 14:38 - 2015-07-18 14:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-25 14:38 - 2015-07-18 14:31 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-25 14:38 - 2015-07-18 14:29 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-08-25 14:38 - 2015-07-18 14:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-25 14:38 - 2015-07-18 14:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-25 14:38 - 2015-07-18 14:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-25 14:38 - 2015-07-18 14:12 - 02228736 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-25 14:38 - 2015-07-18 14:10 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-25 14:38 - 2015-07-18 14:09 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-25 14:38 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-25 14:38 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-25 14:38 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-25 14:38 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-25 14:38 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-25 14:38 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-25 14:38 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-25 14:38 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-25 14:38 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-25 14:38 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-25 14:38 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-25 14:38 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-08-25 14:38 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-25 14:38 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-25 14:38 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-25 14:38 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-08-25 14:38 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-25 14:38 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-25 14:38 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-25 14:38 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-25 14:38 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-25 14:38 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-25 14:38 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-25 14:37 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-08-25 14:37 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-08-25 14:37 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-08-24 19:26 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-24 19:26 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-24 19:26 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-24 19:26 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-24 19:26 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-24 19:26 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-24 19:26 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-08-24 19:26 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-24 19:26 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-24 19:26 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-24 19:26 - 2015-07-16 15:45 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-24 19:26 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-24 19:26 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-24 19:26 - 2015-07-16 15:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-08-24 19:26 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-24 19:26 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-24 19:26 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-24 19:26 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-08-24 19:26 - 2015-07-16 15:13 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-24 19:26 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-24 19:26 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-24 19:26 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-24 19:26 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-24 19:26 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-24 19:26 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-08-24 19:26 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-24 19:26 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-24 19:26 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-24 19:26 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-24 19:26 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-24 19:26 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-08-24 19:26 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-24 19:26 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-24 19:26 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-24 19:26 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-24 19:26 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-08-24 19:26 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-24 19:26 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-24 19:26 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-08-24 19:26 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-24 19:26 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-08-24 19:26 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-24 19:26 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-24 19:25 - 2015-08-24 19:25 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-08-24 19:24 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-24 19:24 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-24 19:24 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-24 19:24 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-24 19:24 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-24 19:23 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-24 19:23 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-24 19:23 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-24 19:23 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-24 19:21 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-24 19:21 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-24 19:21 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-24 19:21 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-24 19:21 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-24 19:21 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-24 19:21 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-15 16:27 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-15 16:27 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-15 16:27 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-15 16:27 - 2015-07-24 14:57 - 04177408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-15 16:27 - 2015-07-24 14:57 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-15 16:27 - 2015-07-24 14:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-15 16:27 - 2015-07-24 13:27 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-15 16:27 - 2015-07-24 13:23 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-27 12:35 - 2013-08-22 10:46 - 00025036 _____ C:\Windows\setupact.log
2015-08-27 12:34 - 2015-07-02 22:42 - 00000000 ____D C:\Users\steve\Documents\ProPCCleaner
2015-08-27 12:34 - 2014-12-19 14:57 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3757678590-2456448946-363355813-1001
2015-08-27 12:34 - 2014-11-03 17:22 - 01656223 _____ C:\Windows\WindowsUpdate.log
2015-08-27 12:34 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-27 12:32 - 2015-07-02 23:21 - 00003452 _____ C:\Windows\System32\Tasks\Driver Support
2015-08-27 12:31 - 2014-11-03 17:35 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-08-27 12:30 - 2015-07-07 13:53 - 00000438 _____ C:\Windows\Tasks\DriverUpdate Startup.job
2015-08-27 12:30 - 2014-12-19 14:56 - 00000000 ___RD C:\Users\steve\OneDrive
2015-08-27 12:29 - 2015-07-07 13:53 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2015-08-27 12:28 - 2014-11-03 17:31 - 00000000 ____D C:\ProgramData\McAfee
2015-08-27 12:27 - 2014-03-18 05:44 - 00030666 _____ C:\Windows\PFRO.log
2015-08-27 12:27 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-27 12:26 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-27 12:25 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-08-27 12:24 - 2014-03-18 05:53 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-26 19:01 - 2015-07-07 13:25 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-26 19:01 - 2015-06-27 16:59 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-26 19:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2015-08-26 19:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 19:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 19:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\WinStore
2015-08-26 19:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-26 19:01 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-26 19:01 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-26 19:00 - 2015-02-13 20:01 - 00000000 ____D C:\Windows\system32\MRT
2015-08-26 18:59 - 2014-12-19 14:51 - 00000000 ____D C:\Users\steve
2015-08-26 18:54 - 2015-06-27 16:59 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-08-26 18:54 - 2015-06-27 16:59 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-26 18:46 - 2015-07-02 23:30 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-26 18:46 - 2015-07-02 23:29 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-26 18:44 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-26 17:38 - 2014-11-03 17:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-08-26 17:38 - 2014-11-03 17:21 - 00000000 ____D C:\Program Files\Dell
2015-08-26 17:35 - 2015-07-21 00:20 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2015-08-26 17:34 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-26 17:30 - 2014-11-03 17:13 - 01019725 _____ C:\Windows\system32\Drivers\rtwavesskdy.dat
2015-08-26 17:30 - 2014-11-03 17:13 - 00188490 _____ C:\Windows\system32\Drivers\rtwaves40.dat
2015-08-26 17:30 - 2014-11-03 17:13 - 00017979 _____ C:\Windows\system32\Drivers\rtwavesvpcap.dat
2015-08-26 17:28 - 2014-11-03 17:12 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-08-26 17:15 - 2015-07-02 23:13 - 00002202 _____ C:\Users\steve\Desktop\Chromium.lnk
2015-08-26 17:14 - 2015-07-07 14:10 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-26 17:13 - 2014-12-19 14:57 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{47B899A6-5A3B-4C8B-9709-CAD4B2C22534}
2015-08-25 14:54 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-25 14:54 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-25 14:25 - 2015-07-10 08:52 - 00000366 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - steve).job
2015-08-25 14:24 - 2013-08-22 10:44 - 00346744 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-28 10:59 - 2015-02-13 20:01 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-07-03 00:13 - 2015-07-06 20:13 - 0000094 _____ () C:\Users\steve\AppData\Roaming\WB.CFG
2014-11-03 17:13 - 2014-11-03 17:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-03 17:30 - 2014-11-03 17:30 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-11-03 17:26 - 2014-11-03 17:27 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-11-03 17:27 - 2014-11-03 17:28 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-11-03 17:29 - 2014-11-03 17:30 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-11-03 17:26 - 2014-11-03 17:26 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
C:\Users\steve\AppData\Local\Temp\0304111440692646mcinst.exe
C:\Users\steve\AppData\Local\Temp\adobe-flash-player-plugin-1437450167860.exe
C:\Users\steve\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\steve\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\steve\AppData\Local\Temp\DriverSupport.exe
C:\Users\steve\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\steve\AppData\Local\Temp\scp7BE3.tmp.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-26 18:53
 
==================== End of log ============================
 
Addition
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by steve (2015-08-27 12:37:13)
Running from E:\
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3757678590-2456448946-363355813-500 - Administrator - Disabled)
Guest (S-1-5-21-3757678590-2456448946-363355813-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3757678590-2456448946-363355813-1003 - Limited - Enabled)
steve (S-1-5-21-3757678590-2456448946-363355813-1001 - Administrator - Enabled) => C:\Users\steve
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Boost (HKLM-x32\...\Boost) (Version: 3.0.1.6 - Boost Shopping)
Chromium (HKU\S-1-5-21-3757678590-2456448946-363355813-1001\...\Chromium) (Version: 45.0.2442.0 - Chromium)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Data Services (HKLM\...\{815D96BA-2FC6-4F61-9BE3-2CFE446E8ECF}) (Version: 1.2.7.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{D605CD24-103D-4DB6-B572-653851213C46}) (Version: 2.2.65.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Driver Booster 2.4 (HKLM-x32\...\Driver Booster_is1) (Version: 2.4 - IObit)
Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.1.4 - PC Drivers HeadQuarters LP)
DriverRestore (HKLM\...\DriverRestore) (Version: 1.0 - 383 Media, Inc.)
DriverUpdate (HKLM-x32\...\{602FF4FE-5221-4D7E-B42F-507DD5721C24}) (Version: 2.4.0 - SlimWare Utilities, Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.0.1427.2) (HKLM\...\{302600C1-6BDF-4FD1-1406-148929CC1385}) (Version: 17.1.1406.0472 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a427cd1c-b97d-4142-87c1-15b3ea68a34c}) (Version: 17.0.6 - Intel Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Pro PC Cleaner 2.9.6 (HKLM-x32\...\Pro PC Cleaner) (Version: 2.9.6 - Pro PC Cleaner) <==== ATTENTION
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.021 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
SlimCleaner Plus (HKLM\...\{FC7386E4-B71D-42AA-B6B3-0925D0361069}) (Version: 2.0.0 - SlimWare Utilities, Inc.)
Web Companion (HKLM-x32\...\{d4b699eb-85b6-4284-922c-269bfc7db3f7}) (Version: 2.0.1025.2130 - Lavasoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
02-01-2015 16:19:00 Windows Update
13-02-2015 20:01:00 Windows Update
13-06-2015 16:55:16 Dell Update: Dell Customer Connect
18-06-2015 07:15:33 Windows Update
27-06-2015 12:18:16 Windows Update
03-07-2015 00:00:56 Windows Update
07-07-2015 14:07:44 avast! antivirus system restore point
24-08-2015 19:21:23 Windows Update
26-08-2015 17:25:36 Driver Booster : Intel® 8 Series Chipset Family SATA AHCI Controller
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DB60E0F-353B-4544-86A8-DC9466877BEA} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-06-30] (PC Drivers Headquarters)
Task: {0E60CEE5-F577-448A-8B96-643647649876} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-28] (Microsoft Corporation)
Task: {165E0AEB-5476-44F6-BB4C-E9BF8F06AD20} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-06-30] (PC Drivers Headquarters)
Task: {187213B3-4DC9-454B-8268-F617C897DB81} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {2063E205-534B-4FC9-AF8C-B2A4285D709E} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-07-06] (IObit)
Task: {2445DA52-850E-49F0-A804-F9DAB2FE8F19} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {27BE0138-8483-49A2-A526-E45861C40CD4} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2015-06-30] (Pro PC Cleaner) <==== ATTENTION
Task: {4AEB3778-AA88-4598-8E42-436EAF6D1D9D} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {5948CD3E-AB8B-4506-B284-CC218A2E5760} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-07] (Avast Software s.r.o.)
Task: {5970F7E6-DEC4-42FC-8419-474891B84FC2} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {5AE195E9-BB00-430E-9109-00E90466238A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {5D39EA54-ABCD-4D5D-BAC1-700B53EE3725} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {5EF93FBB-5677-478E-B1D6-7FAA3934E266} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-07-06] (IObit)
Task: {5F737F28-AEBD-467C-82B0-9232CAE0C307} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-02] (Google Inc.)
Task: {6DEDC4D1-EA13-4FC7-8535-71AF60C68C8F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-02] (Google Inc.)
Task: {739C467F-570D-420F-8033-511AEEB4EE32} - System32\Tasks\DriverRestore_ScheduledScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-07-06] ()
Task: {747217AF-49D1-4843-9F8B-D26D1DAF0479} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {92A7C86D-CEF6-4286-9B03-76C3BC6F1D6D} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - steve) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2015-06-19] (SlimWare Utilities, Inc.)
Task: {970044DE-3205-46A4-8777-C76C895C89DD} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-06-30] (PC Drivers Headquarters)
Task: {991E0C95-F0C4-45D1-B317-3ECE19A5F6AF} - System32\Tasks\Driver Booster SkipUAC (steve) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-07-06] (IObit)
Task: {9A93D38D-5E24-4456-AEC9-89E17097C1AA} - System32\Tasks\DriverRestore_DailyScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-07-06] ()
Task: {A2098041-FF5C-45A8-AFB9-EFBD658A5A52} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {A64FDD1A-4DEC-4D69-B531-ED4FBE377F69} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {A6991030-51A8-4795-A8B2-4FB8ACD702AE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-06] (Synaptics Incorporated)
Task: {B27A7B5C-6505-46A2-8A9A-4555B17D966F} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-06-30] (PC Drivers Headquarters)
Task: {B5F2ECA2-4A4F-4E58-8F22-B87908F4B515} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {C36B46F0-E995-445E-A996-D1BB4C6FC9B1} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2015-06-23] (SlimWare Utilities, Inc.)
Task: {C82BC20A-2403-46AC-92F0-CBE47148D754} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2015-06-23] (SlimWare Utilities, Inc.)
Task: {CFE015EB-08D1-4C6C-B028-3E92FD361AD7} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-26] (Realtek Semiconductor)
Task: {E3B2E526-E55F-4963-B2FA-B772A3BBA617} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {F2B9E74A-30A1-404D-A7A2-CAC9903E7320} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - steve).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-08-22 15:40 - 2013-08-22 15:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 15:40 - 2013-08-22 15:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 15:40 - 2013-08-22 15:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2014-11-03 17:36 - 2014-06-04 19:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-11-03 17:36 - 2014-06-04 19:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-11-03 17:36 - 2014-06-04 19:03 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2015-06-30 14:41 - 2015-06-30 14:41 - 00354592 _____ () C:\Program Files (x86)\Driver Support\Agent.Common.XmlSerializers.dll
2015-06-30 14:41 - 2015-06-30 14:41 - 00481568 _____ () C:\Program Files (x86)\Driver Support\Agent.Communication.XmlSerializers.dll
2014-01-10 18:53 - 2014-01-10 18:53 - 00016384 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Interfaces.dll
2014-01-10 18:53 - 2014-01-10 18:53 - 00081408 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Objects.dll
2014-01-10 18:53 - 2014-01-10 18:53 - 00815616 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Resources.dll
2014-01-10 19:24 - 2014-01-10 19:24 - 00052736 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Plugins.SelfUpdate.dll
2014-01-10 19:24 - 2014-01-10 19:24 - 00019968 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Common.dll
2015-06-19 12:28 - 2015-06-19 12:28 - 00755992 _____ () C:\Program Files\SlimService\MyDefragDll.dll
2015-07-21 00:06 - 2015-07-21 00:06 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2015-07-07 14:09 - 2015-07-07 14:09 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-07 14:09 - 2015-07-07 14:09 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-26 17:15 - 2015-08-26 17:15 - 02961408 _____ () C:\Program Files\AVAST Software\Avast\defs\15082604\algo.dll
2014-11-03 17:27 - 2013-03-04 23:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 15:41 - 2013-03-05 15:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-07-02 22:36 - 2015-07-02 22:36 - 00072192 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-07-02 22:36 - 2015-07-02 22:36 - 00178176 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-07-02 22:36 - 2015-07-02 22:36 - 00040448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-07-02 22:36 - 2015-07-02 22:36 - 00026624 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2015-07-02 22:36 - 2015-07-02 22:36 - 00009216 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-07-02 22:36 - 2015-07-02 22:36 - 00117248 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-07-07 14:09 - 2015-07-07 14:09 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-03 17:21 - 2013-12-11 03:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-11-03 17:36 - 2014-07-30 21:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-11-03 17:36 - 2012-11-26 03:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-11-03 17:35 - 2012-11-26 03:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\steve\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3757678590-2456448946-363355813-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3757678590-2456448946-363355813-1001\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3757678590-2456448946-363355813-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3757678590-2456448946-363355813-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3757678590-2456448946-363355813-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{64280D54-C731-496D-B913-E363DF86D9BD}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F055DAC2-897F-45F8-AABD-84A105E92B5D}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{5C628BE1-04D6-4105-9F33-8FE665C1DC11}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{1D360C16-D030-48E0-951C-3A29893655E0}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{BD6E049A-A0F8-45FE-B7C8-3DB87BD31B17}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{FFDEA301-19B5-436D-A8FB-450E3527D5CB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{7830B2B8-DEB5-4AA9-867A-F42E388CCD58}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{4F44B508-1DB0-409C-B1AE-A6AB07F80181}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{60475CE5-CB60-48E4-BE2D-FA444CC07DD0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{34B07B32-0493-4B2D-AF62-956BBA93B73B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1E09D881-B050-4D49-9710-401D2A997F55}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{0799858D-D83B-4355-95B6-2D7F304D4147}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{13519635-D070-403C-8E28-3FC8B4E684A5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/27/2015 12:26:34 PM) (Source: Driver Support) (EventID: 100) (User: )
Description: Timestamp: 8/27/2015 4:26:34 PM
Message: An exception occured and was caught: InvalidOperationException
---------Exception Information----------
Local Time: 8/27/2015 12:26:34 PM
Type: ExceptionLogging, Version=4.0.0.78, Culture=neutral, PublicKeyToken=null
Message: Veloxum communication has not been established.
Source: Agent
Target Site: DriversHQ.DriverDetective.Common.Veloxum.VeloxumClientResponseMessageBase SendVeloxumClientMessage(DriversHQ.DriverDetective.Common.Veloxum.VeloxumClientRequestMessageBase, Boolean, Boolean, Int32)
Stack Trace:    at DriversHQ.DriverDetective.Client.Veloxum.VeloxumManager.SendVeloxumClientMessage(VeloxumClientRequestMessageBase request, Boolean async, Boolean isHandshakeMessage, Int32 retryCount)
--------------------------------------
Additional Information
Machine Name: STEVESTOY
Assembly: ExceptionLogging, Version=4.0.0.78, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: STEVESTOY\steve
Thread Name: 
Windows Identity: STEVESTOY\steve
Process Name:
 
Error: (08/27/2015 12:26:33 PM) (Source: Driver Support) (EventID: 100) (User: )
Description: Timestamp: 8/27/2015 4:26:33 PM
Message: An exception occured and was caught: InvalidOperationException
---------Exception Information----------
Local Time: 8/27/2015 12:26:33 PM
Type: ExceptionLogging, Version=4.0.0.78, Culture=neutral, PublicKeyToken=null
Message: Veloxum communication has not been established.
Source: Agent
Target Site: DriversHQ.DriverDetective.Common.Veloxum.VeloxumClientResponseMessageBase SendVeloxumClientMessage(DriversHQ.DriverDetective.Common.Veloxum.VeloxumClientRequestMessageBase, Boolean, Boolean, Int32)
Stack Trace:    at DriversHQ.DriverDetective.Client.Veloxum.VeloxumManager.SendVeloxumClientMessage(VeloxumClientRequestMessageBase request, Boolean async, Boolean isHandshakeMessage, Int32 retryCount)
--------------------------------------
Additional Information
Machine Name: STEVESTOY
Assembly: ExceptionLogging, Version=4.0.0.78, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: STEVESTOY\steve
Thread Name: 
Windows Identity: STEVESTOY\steve
Process Name:
 
Error: (08/26/2015 05:05:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (07/20/2015 10:54:48 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (07/10/2015 09:09:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WWAHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 99c
 
Start Time: 01d0bb117a97ebed
 
Termination Time: 4294967295
 
Application Path: C:\Windows\System32\WWAHost.exe
 
Report Id: cae125e6-2704-11e5-8266-8019347e25b0
 
Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: Windows.Store
 
Error: (07/10/2015 09:08:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: STEVESTOY)
Description: Package winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store was terminated because it took too long to suspend.
 
Error: (07/10/2015 08:50:37 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (07/07/2015 01:29:36 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider ProtectionManagement attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.
 
Error: (07/07/2015 01:29:36 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from MSFT_MpEvent" whose target class "MSFT_MpEvent" in //./root/microsoft/protectionManagement namespace does not exist. The query will be ignored.
 
Error: (07/07/2015 01:29:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
 
System errors:
=============
Error: (08/27/2015 12:37:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/27/2015 12:36:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/27/2015 12:35:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/27/2015 12:34:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/27/2015 12:33:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/27/2015 12:32:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/27/2015 12:31:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/27/2015 12:30:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/27/2015 12:29:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IE Search Set service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/27/2015 12:26:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
%%1062
 
 
Microsoft Office:
=========================
Error: (08/27/2015 12:26:34 PM) (Source: Driver Support) (EventID: 100) (User: )
Description: Timestamp: 8/27/2015 4:26:34 PM
Message: An exception occured and was caught: InvalidOperationException
---------Exception Information----------
Local Time: 8/27/2015 12:26:34 PM
Type: ExceptionLogging, Version=4.0.0.78, Culture=neutral, PublicKeyToken=null
Message: Veloxum communication has not been established.
Source: Agent
Target Site: DriversHQ.DriverDetective.Common.Veloxum.VeloxumClientResponseMessageBase SendVeloxumClientMessage(DriversHQ.DriverDetective.Common.Veloxum.VeloxumClientRequestMessageBase, Boolean, Boolean, Int32)
Stack Trace:    at DriversHQ.DriverDetective.Client.Veloxum.VeloxumManager.SendVeloxumClientMessage(VeloxumClientRequestMessageBase request, Boolean async, Boolean isHandshakeMessage, Int32 retryCount)
--------------------------------------
Additional Information
Machine Name: STEVESTOY
Assembly: ExceptionLogging, Version=4.0.0.78, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: STEVESTOY\steve
Thread Name: 
Windows Identity: STEVESTOY\steve
Process Name:
 
Error: (08/27/2015 12:26:33 PM) (Source: Driver Support) (EventID: 100) (User: )
Description: Timestamp: 8/27/2015 4:26:33 PM
Message: An exception occured and was caught: InvalidOperationException
---------Exception Information----------
Local Time: 8/27/2015 12:26:33 PM
Type: ExceptionLogging, Version=4.0.0.78, Culture=neutral, PublicKeyToken=null
Message: Veloxum communication has not been established.
Source: Agent
Target Site: DriversHQ.DriverDetective.Common.Veloxum.VeloxumClientResponseMessageBase SendVeloxumClientMessage(DriversHQ.DriverDetective.Common.Veloxum.VeloxumClientRequestMessageBase, Boolean, Boolean, Int32)
Stack Trace:    at DriversHQ.DriverDetective.Client.Veloxum.VeloxumManager.SendVeloxumClientMessage(VeloxumClientRequestMessageBase request, Boolean async, Boolean isHandshakeMessage, Int32 retryCount)
--------------------------------------
Additional Information
Machine Name: STEVESTOY
Assembly: ExceptionLogging, Version=4.0.0.78, Culture=neutral, PublicKeyToken=null
Application Domain: DriverSupport.exe
Thread Identity: STEVESTOY\steve
Thread Name: 
Windows Identity: STEVESTOY\steve
Process Name:
 
Error: (08/26/2015 05:05:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (07/20/2015 10:54:48 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
 
Error: (07/10/2015 09:09:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WWAHost.exe6.3.9600.1741599c01d0bb117a97ebed4294967295C:\Windows\System32\WWAHost.execae125e6-2704-11e5-8266-8019347e25b0winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store
 
Error: (07/10/2015 09:08:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: STEVESTOY)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store
 
Error: (07/10/2015 08:50:37 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (07/07/2015 01:29:36 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement
 
Error: (07/07/2015 01:29:36 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement
 
Error: (07/07/2015 01:29:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
 
CodeIntegrity:
===================================
  Date: 2015-07-02 23:13:19.344
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-07-02 23:13:19.187
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 26%
Total physical RAM: 8072.96 MB
Available physical RAM: 5927.75 MB
Total Virtual: 9352.96 MB
Available Virtual: 6885.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:922.17 GB) (Free:862.68 GB) NTFS
Drive e: (STORE N GO) (Removable) (Total:7.46 GB) (Free:7.38 GB) FAT32
Drive f: (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.46 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:7.95 GB) (Free:0.72 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FF966E1F)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: 1342406A)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0C)
 
==================== End of log ============================

 


  • 0

Advertisements

#2
pystryker
Posted 29 August 2015 - 02:19 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:

 

I just got done working on a computer for a woman at our church and her husband bought this on QVC ... I took a look at it, and there seems to be a lot of 'cleaner' type programs as well as driver update programs (guessing he might have put them on), but they are nothing like what you peeps use here at geekstogo. Also could use help making sure the startup doesn't open everything on the laptop :)


Hello :)

Yes, he's got several of these booster type, driver update, cleaners on his machine that do a better job of damaging the registry and slowing the machine down rather than helping the machine. They all will need to go, so let's start showing them the door.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls and Chrome Extension Removal

Please uninstall the following programs from your machine as they are adware/malware related. If one of the programs fails to uninstall, please move on to the next one in the list.
  • Boost
  • Driver Booster 2.4
  • Driver Support
  • DriverUpdate
  • PC Drivers HeadQuarters LP
  • Pro PC Cleaner 2.9.6
  • SlimCleaner Plus
Remove Chrome Extension

There is an extension in Chrome that need to be removed, please follow the instructions below to remove it.
Start Chrome and type this into the address bar: chrome:extensions
This will display a page of all the installed extensions. Please remove the extension below by clicking the trash can icon.
  • iLivid
Step 2: Fix with FRST

Note: Before executing this step, please move FRST64.exe from E:\ to your Desktop or the fix will not work.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
(PC Drivers HeadQuarters LP) C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAOsvc.exe
(PC Drivers HeadQuarters LP) C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAO.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\DriverSupport.exe
(Boost Shopping) C:\Program Files (x86)\Boost\Boost.exe
C:\Program Files (x86)\Boost
(SlimWare Utilities, Inc.)C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\Program Files (x86)\Veloxum
(SlimWare Utilities, Inc.) C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimService.exe
HKU\S-1-5-21-3757678590-2456448946-363355813-1001\...\Run: [Boost] => C:\Program Files (x86)\Boost\Boost.exe [445328 2015-06-17] (Boost Shopping)
HKU\S-1-5-21-3757678590-2456448946-363355813-1001\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26168088 2015-06-19] (SlimWare Utilities, Inc.)
C:\Program Files\SlimCleaner Plus
BHO: Boost -> {2299856A-6506-42E3-A34F-CD35A47C1B19} -> C:\Program Files (x86)\Boost\64Boost.dll [2015-06-17] (Boost)
BHO-x32: Boost -> {2299856A-6506-42E3-A34F-CD35A47C1B19} -> C:\Program Files (x86)\Boost\Boost.dll [2015-06-17] (Boost)
C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf
R2 DSAO; C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAOsvc.exe [1689040 2015-06-25] (PC Drivers HeadQuarters LP)
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [244504 2015-06-19] (SlimWare Utilities, Inc.)
S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X]
2015-08-26 17:12 - 2015-08-27 12:29 - 00002876 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (steve)
2015-08-26 17:12 - 2015-08-26 17:14 - 00002162 _____ C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-08-26 17:12 - 2015-08-26 17:12 - 00003234 _____ C:\Windows\System32\Tasks\Driver Booster Scan
2015-08-26 17:12 - 2015-08-26 17:12 - 00003178 _____ C:\Windows\System32\Tasks\Driver Booster Update
2015-08-26 17:12 - 2015-08-26 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-08-25 14:25 - 2015-07-10 08:52 - 00000366 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - steve).job
Task: {27BE0138-8483-49A2-A526-E45861C40CD4} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2015-06-30] (Pro PC Cleaner) <==== ATTENTION
Task: {2063E205-534B-4FC9-AF8C-B2A4285D709E} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-07-06] (IObit)
Task: {5EF93FBB-5677-478E-B1D6-7FAA3934E266} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-07-06] (IObit)
Task: {92A7C86D-CEF6-4286-9B03-76C3BC6F1D6D} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - steve) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2015-06-19] (SlimWare Utilities, Inc.)
Task: {970044DE-3205-46A4-8777-C76C895C89DD} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-06-30] (PC Drivers Headquarters)
Task: {991E0C95-F0C4-45D1-B317-3ECE19A5F6AF} - System32\Tasks\Driver Booster SkipUAC (steve) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-07-06] (IObit)
Task: {C36B46F0-E995-445E-A996-D1BB4C6FC9B1} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2015-06-23] (SlimWare Utilities, Inc.)
Task: {C82BC20A-2403-46AC-92F0-CBE47148D754} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2015-06-23] (SlimWare Utilities, Inc.)
Task: C:\Windows\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - steve).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
2015-08-27 12:29 - 2015-07-07 13:53 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\
Step 5: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST Log
  • 0

#3
pystryker
Posted 31 August 2015 - 04:34 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#4
pystryker
Posted 31 August 2015 - 11:16 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Reopened.
  • 0

#5
moondog830
Posted 31 August 2015 - 12:02 PM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

Fixlog.txt Log

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-08-2015

Ran by steve (2015-08-31 13:15:10) Run:1
Running from C:\Users\steve\Desktop
Loaded Profiles: steve (Available Profiles: steve)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
(PC Drivers HeadQuarters LP) C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAOsvc.exe
(PC Drivers HeadQuarters LP) C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAO.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\DriverSupport.exe
(Boost Shopping) C:\Program Files (x86)\Boost\Boost.exe
C:\Program Files (x86)\Boost
(SlimWare Utilities, Inc.)C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
C:\Program Files (x86)\Veloxum
(SlimWare Utilities, Inc.) C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimService.exe
HKU\S-1-5-21-3757678590-2456448946-363355813-1001\...\Run: [Boost] => C:\Program Files (x86)\Boost\Boost.exe [445328 2015-06-17] (Boost Shopping)
HKU\S-1-5-21-3757678590-2456448946-363355813-1001\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26168088 2015-06-19] (SlimWare Utilities, Inc.)
C:\Program Files\SlimCleaner Plus
BHO: Boost -> {2299856A-6506-42E3-A34F-CD35A47C1B19} -> C:\Program Files (x86)\Boost\64Boost.dll [2015-06-17] (Boost)
BHO-x32: Boost -> {2299856A-6506-42E3-A34F-CD35A47C1B19} -> C:\Program Files (x86)\Boost\Boost.dll [2015-06-17] (Boost)
C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf
R2 DSAO; C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAOsvc.exe [1689040 2015-06-25] (PC Drivers HeadQuarters LP)
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [244504 2015-06-19] (SlimWare Utilities, Inc.)
S3 OATool; \??\C:\Users\ADMINI~1\AppData\Local\Temp\OAToolx64.sys [X]
2015-08-26 17:12 - 2015-08-27 12:29 - 00002876 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (steve)
2015-08-26 17:12 - 2015-08-26 17:14 - 00002162 _____ C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-08-26 17:12 - 2015-08-26 17:12 - 00003234 _____ C:\Windows\System32\Tasks\Driver Booster Scan
2015-08-26 17:12 - 2015-08-26 17:12 - 00003178 _____ C:\Windows\System32\Tasks\Driver Booster Update
2015-08-26 17:12 - 2015-08-26 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-08-25 14:25 - 2015-07-10 08:52 - 00000366 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - steve).job
Task: {27BE0138-8483-49A2-A526-E45861C40CD4} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2015-06-30] (Pro PC Cleaner) <==== ATTENTION
Task: {2063E205-534B-4FC9-AF8C-B2A4285D709E} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-07-06] (IObit)
Task: {5EF93FBB-5677-478E-B1D6-7FAA3934E266} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-07-06] (IObit)
Task: {92A7C86D-CEF6-4286-9B03-76C3BC6F1D6D} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - steve) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2015-06-19] (SlimWare Utilities, Inc.)
Task: {970044DE-3205-46A4-8777-C76C895C89DD} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe [2015-06-30] (PC Drivers Headquarters)
Task: {991E0C95-F0C4-45D1-B317-3ECE19A5F6AF} - System32\Tasks\Driver Booster SkipUAC (steve) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-07-06] (IObit)
Task: {C36B46F0-E995-445E-A996-D1BB4C6FC9B1} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2015-06-23] (SlimWare Utilities, Inc.)
Task: {C82BC20A-2403-46AC-92F0-CBE47148D754} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2015-06-23] (SlimWare Utilities, Inc.)
Task: C:\Windows\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - steve).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
2015-08-27 12:29 - 2015-07-07 13:53 - 00016056 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files\SlimService\SlimServiceFactory.exe => No running process found
C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAOsvc.exe => No running process found
C:\Program Files (x86)\Veloxum\iPTE\DriverSupportAO.exe => No running process found
C:\Program Files (x86)\Driver Support\DriverSupport.exe => No running process found
C:\Program Files (x86)\Boost\Boost.exe => No running process found
C:\Program Files (x86)\Boost => moved successfully.
(SlimWare Utilities, Inc.)C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe => Error: No automatic fix found for this entry.
C:\Program Files (x86)\Veloxum => moved successfully.
C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe => No running process found
C:\Program Files\SlimService\SlimService.exe => No running process found
HKU\S-1-5-21-3757678590-2456448946-363355813-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Boost => value removed successfully
HKU\S-1-5-21-3757678590-2456448946-363355813-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SlimCleaner Plus => value removed successfully
C:\Program Files\SlimCleaner Plus => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2299856A-6506-42E3-A34F-CD35A47C1B19}" => key removed successfully
"HKCR\CLSID\{2299856A-6506-42E3-A34F-CD35A47C1B19}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2299856A-6506-42E3-A34F-CD35A47C1B19}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{2299856A-6506-42E3-A34F-CD35A47C1B19}" => key removed successfully
C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf => moved successfully.
DSAO => Service stopped successfully.
DSAO => service removed successfully
SlimService => service removed successfully
OATool => service removed successfully
C:\Windows\System32\Tasks\Driver Booster SkipUAC (steve) => moved successfully.
C:\Users\Public\Desktop\Driver Booster 2.lnk => moved successfully.
C:\Windows\System32\Tasks\Driver Booster Scan => moved successfully.
C:\Windows\System32\Tasks\Driver Booster Update => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2 => moved successfully.
C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - steve).job => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27BE0138-8483-49A2-A526-E45861C40CD4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27BE0138-8483-49A2-A526-E45861C40CD4}" => key removed successfully
C:\Windows\System32\Tasks\ProPCCleaner_Start => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2063E205-534B-4FC9-AF8C-B2A4285D709E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2063E205-534B-4FC9-AF8C-B2A4285D709E}" => key removed successfully
C:\Windows\System32\Tasks\Driver Booster Scan not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scan" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5EF93FBB-5677-478E-B1D6-7FAA3934E266}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EF93FBB-5677-478E-B1D6-7FAA3934E266}" => key removed successfully
C:\Windows\System32\Tasks\Driver Booster Update not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92A7C86D-CEF6-4286-9B03-76C3BC6F1D6D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92A7C86D-CEF6-4286-9B03-76C3BC6F1D6D}" => key removed successfully
C:\Windows\System32\Tasks\SlimCleaner Plus (Scheduled Scan - steve) => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SlimCleaner Plus (Scheduled Scan - steve)" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{970044DE-3205-46A4-8777-C76C895C89DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{970044DE-3205-46A4-8777-C76C895C89DD}" => key removed successfully
C:\Windows\System32\Tasks\Driver Support => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{991E0C95-F0C4-45D1-B317-3ECE19A5F6AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{991E0C95-F0C4-45D1-B317-3ECE19A5F6AF}" => key removed successfully
C:\Windows\System32\Tasks\Driver Booster SkipUAC (steve) not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (steve)" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C36B46F0-E995-445E-A996-D1BB4C6FC9B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C36B46F0-E995-445E-A996-D1BB4C6FC9B1}" => key removed successfully
C:\Windows\System32\Tasks\DriverUpdate Scan => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Scan" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C82BC20A-2403-46AC-92F0-CBE47148D754}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C82BC20A-2403-46AC-92F0-CBE47148D754}" => key removed successfully
C:\Windows\System32\Tasks\DriverUpdate Startup => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverUpdate Startup" => key removed successfully
C:\Windows\Tasks\DriverUpdate Scan.job => moved successfully.
C:\Windows\Tasks\DriverUpdate Startup.job => moved successfully.
C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - steve).job not found.
C:\Windows\system32\Drivers\SWDUMon.sys => moved successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 390.3 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 13:15:42 ====

Junkware Removal Tool Log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.9 (08.27.2015:1)
OS: Windows 8.1 x64
Ran by steve on Mon 08/31/2015 at 13:24:25.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully deleted: [Service] swdumon [Reboot required]
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\Windows\system32\tasks\DriverRestore_DailyScan
Successfully deleted: [Task] C:\Windows\system32\tasks\DriverRestore_ScheduledScan
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A82703E31615C0F8DCB43AC2B79D910D
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3757678590-2456448946-363355813-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F112EE08-D236-449B-B930-2B81F903A761}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Users\Public\Desktop\driverrestore.lnk
Successfully deleted: [File] C:\Users\Public\Desktop\driverupdate.lnk
Successfully deleted: [File] C:\Users\Public\Desktop\slimcleaner plus.lnk
Successfully deleted: [File] C:\Users\steve\desktop\pro pc cleaner.lnk
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files (x86)\driverrestore
Successfully deleted: [Folder] C:\Program Files (x86)\driverupdate
Successfully deleted: [Folder] C:\Program Files (x86)\iobit\driver booster
Successfully deleted: [Folder] C:\Program Files (x86)\lavasoft\web companion
Successfully deleted: [Folder] C:\Program Files (x86)\pro pc cleaner
Successfully deleted: [Folder] C:\Program Files\slimservice
Successfully deleted: [Folder] C:\ProgramData\iobit\driver booster
Successfully deleted: [Folder] C:\ProgramData\lavasoft\web companion
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driverrestore
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driverupdate
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slimcleaner plus
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\ProgramData\slimware utilities inc
Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers
Successfully deleted: [Folder] C:\Users\steve\Appdata\Local\boost
Successfully deleted: [Folder] C:\Users\steve\Appdata\Local\downloaded installers
Successfully deleted: [Folder] C:\Users\steve\Appdata\Local\pc_drivers_headquarters
Successfully deleted: [Folder] C:\Users\steve\Appdata\Local\pro_pc_cleaner
Successfully deleted: [Folder] C:\Users\steve\Appdata\Local\slimware utilities inc
Successfully deleted: [Folder] C:\Users\steve\AppData\Roaming\iobit\driver booster
Successfully deleted: [Folder] C:\Users\steve\AppData\Roaming\lavasoft\web companion
Successfully deleted: [Folder] C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\pro pc cleaner
Successfully deleted: [Folder] C:\Users\steve\Documents\propccleaner
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\steve\Appdata\Local\Google\Chrome\User Data\Default\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl
 
[C:\Users\steve\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\steve\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
mppnoffgpafgpgbaigljliadgbnhljfl
nafaimnnclfjfedmmabolbppcngeolgf
 
[C:\Users\steve\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\steve\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/31/2015 at 13:26:39.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

AdwCleaner Log

# AdwCleaner v5.002 - Logfile created 31/08/2015 at 13:33:29
# Updated 18/08/2015 by Xplode
# Database : 2015-08-30.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : steve - STEVESTOY
# Running from : C:\Users\steve\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : DSAO
Service Found : swdumon
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Driver Support
Folder Found : C:\Program Files (x86)\Veloxum
Folder Found : C:\ProgramData\Driver Support
Folder Found : C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support
 
***** [ Files ] *****
 
File Found : C:\Users\steve\AppData\Local\Chromium\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Found : C:\Users\steve\AppData\Local\Chromium\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
File Found : C:\Users\steve\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
File Found : C:\Users\steve\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
File Found : C:\Users\steve\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.tb.ask.com_0.localstorage
File Found : C:\Users\steve\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.tb.ask.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : Driver Support-RTMRules
Task Found : Driver Support-RTMScan
Task Found : Driver Support-RTMUpdater
Task Found : Driver Support
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\CLASSES\Boost.BoostBho.1
Key Found : HKLM\SOFTWARE\CLASSES\Boost.BoostBho
Key Found : HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\ProPCCleaner.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{88C20E16-1EB7-40CE-820C-6CFCB41B1D2F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{41634761-D0BA-4C1A-9AC2-04AEE9511370}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E860F65C-6645-411C-A662-E12E25FD3A93}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{88C20E16-1EB7-40CE-820C-6CFCB41B1D2F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{41634761-D0BA-4C1A-9AC2-04AEE9511370}
Key Found : HKU\.DEFAULT\Software\Veloxum
Key Found : HKCU\Software\Boost
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\DriverRestore
Key Found : HKCU\Software\DriverSupport
Key Found : HKCU\Software\Veloxum
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : HKCU\Software\AppDataLow\Software\Boost
Key Found : HKLM\SOFTWARE\Boost
Key Found : HKLM\SOFTWARE\Veloxum
Key Found : HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Boost
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverSupport
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found : [x64] HKCU\Software\Boost
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\DriverRestore
Key Found : [x64] HKCU\Software\DriverSupport
Key Found : [x64] HKCU\Software\Veloxum
Key Found : [x64] HKCU\Software\PRODUCTSETUP
Key Found : [x64] HKCU\Software\SlimWare Utilities Inc
Key Found : [x64] HKLM\SOFTWARE\DriverRestore
Key Found : [x64] HKLM\SOFTWARE\DriverSupport
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverRestore
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
 
***** [ Web browsers ] *****
 
[C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : windows-defender.en.softonic.com
[C:\Users\steve\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Found : search provided by yahoo
[C:\Users\steve\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_15_27&param1=1&param2=f%3D1%26b%3DIS Browser%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztDtCzytAyEyB0EtByD0BtD0FyC0AtCtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzz0DtAtA0CtCyCtGyE0EyCtDtGzytDyD0CtGyDzyyCyBtG0C0E0AtAyD0E0ByB0D0BtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FtDyByDtB0CtAtGtCtDyD0AtGyEtDyEtAtGzzyEyEtDtGzz0Ezy0CtAzyyCyCyC0AtA0D2QtN0A0LzuyE%26cr%3D1128450857%26a%3Dwncy_secureddownload_15_27%26os%3DWindows 8.1%26uref%3Dchmm
[C:\Users\steve\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_15_27&param1=1&param2=f%3D1%26b%3DIS Browser%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztDtCzytAyEyB0EtByD0BtD0FyC0AtCtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzz0DtAtA0CtCyCtGyE0EyCtDtGzytDyD0CtGyDzyyCyBtG0C0E0AtAyD0E0ByB0D0BtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FtDyByDtB0CtAtGtCtDyD0AtGyEtDyEtAtGzzyEyEtDtGzz0Ezy0CtAzyyCyCyC0AtA0D2QtN0A0LzuyE%26cr%3D1128450857%26a%3Dwncy_secureddownload_15_27%26os%3DWindows 8.1%26uref%3Dchmm
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6042 bytes] ##########
 
# AdwCleaner v5.002 - Logfile created 31/08/2015 at 13:35:56
# Updated 18/08/2015 by Xplode
# Database : 2015-08-30.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : steve - STEVESTOY
# Running from : C:\Users\steve\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : DSAO
[-] Service Deleted : swdumon
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Driver Support
[-] Folder Deleted : C:\Program Files (x86)\Veloxum
[-] Folder Deleted : C:\ProgramData\Driver Support
[-] Folder Deleted : C:\Users\steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\steve\AppData\Local\Chromium\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
[-] File Deleted : C:\Users\steve\AppData\Local\Chromium\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
[-] File Deleted : C:\Users\steve\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
[-] File Deleted : C:\Users\steve\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
[-] File Deleted : C:\Users\steve\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\steve\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_mapsgalaxy.dl.tb.ask.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Driver Support-RTMRules
[-] Task Deleted : Driver Support-RTMScan
[-] Task Deleted : Driver Support-RTMUpdater
[-] Task Deleted : Driver Support
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\Boost.BoostBho.1
[-] Key Deleted : HKLM\SOFTWARE\CLASSES\Boost.BoostBho
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\ProPCCleaner.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88C20E16-1EB7-40CE-820C-6CFCB41B1D2F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41634761-D0BA-4C1A-9AC2-04AEE9511370}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E860F65C-6645-411C-A662-E12E25FD3A93}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2299856A-6506-42E3-A34F-CD35A47C1B19}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2299856A-6506-42E3-A34F-CD35A47C1B19}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{88C20E16-1EB7-40CE-820C-6CFCB41B1D2F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41634761-D0BA-4C1A-9AC2-04AEE9511370}
[-] Key Deleted : HKU\.DEFAULT\Software\Veloxum
[-] Key Deleted : HKCU\Software\Boost
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\DriverRestore
[-] Key Deleted : HKCU\Software\DriverSupport
[-] Key Deleted : HKCU\Software\Veloxum
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Boost
[-] Key Deleted : HKLM\SOFTWARE\Boost
[-] Key Deleted : HKLM\SOFTWARE\Veloxum
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Boost
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverSupport
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[!] Key Not Deleted : [x64] HKCU\Software\Boost
[!] Key Not Deleted : [x64] HKCU\Software\eSupport.com
[!] Key Not Deleted : [x64] HKCU\Software\DriverRestore
[!] Key Not Deleted : [x64] HKCU\Software\DriverSupport
[!] Key Not Deleted : [x64] HKCU\Software\Veloxum
[!] Key Not Deleted : [x64] HKCU\Software\PRODUCTSETUP
[!] Key Not Deleted : [x64] HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : [x64] HKLM\SOFTWARE\DriverRestore
[-] Key Deleted : [x64] HKLM\SOFTWARE\DriverSupport
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverRestore
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
 
***** [ Web browsers ] *****
 
[-] [C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : windows-defender.en.softonic.com
[-] [C:\Users\steve\AppData\Local\Chromium\User Data\Default\Web Data] [Search Provider] Deleted : search provided by yahoo
[-] [C:\Users\steve\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_15_27&param1=1&param2=f%3D1%26b%3DIS Browser%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztDtCzytAyEyB0EtByD0BtD0FyC0AtCtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzz0DtAtA0CtCyCtGyE0EyCtDtGzytDyD0CtGyDzyyCyBtG0C0E0AtAyD0E0ByB0D0BtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FtDyByDtB0CtAtGtCtDyD0AtGyEtDyEtAtGzzyEyEtDtGzz0Ezy0CtAzyyCyCyC0AtA0D2QtN0A0LzuyE%26cr%3D1128450857%26a%3Dwncy_secureddownload_15_27%26os%3DWindows 8.1%26uref%3Dchmm
[-] [C:\Users\steve\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_secureddownload_15_27&param1=1&param2=f%3D1%26b%3DIS Browser%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztDtCzytAyEyB0EtByD0BtD0FyC0AtCtN0D0Tzu0StCtByBzztN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StAzz0DtAtA0CtCyCtGyE0EyCtDtGzytDyD0CtGyDzyyCyBtG0C0E0AtAyD0E0ByB0D0BtAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0FtDyByDtB0CtAtGtCtDyD0AtGyEtDyEtAtGzzyEyEtDtGzz0Ezy0CtAzyyCyCyC0AtA0D2QtN0A0LzuyE%26cr%3D1128450857%26a%3Dwncy_secureddownload_15_27%26os%3DWindows 8.1%26uref%3Dchmm
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: Firewall settings cleared
:: IPSec settings cleared
:: BITS queue cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [6641 bytes] ##########
 

Fresh FRST Log 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015

Ran by steve (administrator) on STEVESTOY (31-08-2015 13:51:53)
Running from C:\Users\steve\Desktop
Loaded Profiles: steve (Available Profiles: steve)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe
(Dell) C:\Program Files\Dell\Dell Data Services\DDSSvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft) C:\Program Files\Dell\Dell Foundation Services\DFSSystrayUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-08-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-08-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-08-26] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-06-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-11] (Intel Corporation)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-02] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-07] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3757678590-2456448946-363355813-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-07] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3757678590-2456448946-363355813-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3757678590-2456448946-363355813-1001 -> DefaultScope {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKU\S-1-5-21-3757678590-2456448946-363355813-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-07] (Avast Software s.r.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-07] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{683B0B36-237A-44AE-A8A6-392F5A22E5A9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DB55183E-6CDB-4D58-A2A9-A30B0353E14E}: [DhcpNameServer] 192.168.10.1
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-11] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-07]
 
Chrome: 
=======
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast SafePrice) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-07-18]
CHR Extension: (My Email XP) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcpjemfpcjonokgbnadafdmdpmplgfej [2015-07-18]
CHR Extension: (Avast Online Security) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-03]
CHR Extension: (Google Wallet) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-03]
CHR Extension: (SnapMyScreen) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj [2015-07-10]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-07] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-07-07] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\OTBSurvey.exe [145288 2015-04-09] (Dell Inc.)
R2 Dell Data Services; C:\Program Files\Dell\Dell Data Services\DDSSvc.exe [46792 2015-06-19] (Dell)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [116424 2015-08-18] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-11] (Intel Corporation)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-08-26] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-03] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]
S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-07-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-07-07] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-07] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-07-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-07-07] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-07-07] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-07-07] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-07-07] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1448248 2015-08-26] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-26] (REALiX™)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [250608 2015-08-26] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [129312 2015-08-26] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3776792 2015-08-26] (Intel Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-08-26] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33448 2015-08-26] (Synaptics Incorporated)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-07-07] (Avast Software)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-31 13:51 - 2015-08-31 13:52 - 00016255 _____ C:\Users\steve\Desktop\FRST.txt
2015-08-31 13:37 - 2015-08-31 13:37 - 00287320 _____ C:\Windows\Minidump\083115-27406-01.dmp
2015-08-31 13:33 - 2015-08-31 13:35 - 00000000 ____D C:\AdwCleaner
2015-08-31 13:31 - 2015-08-19 17:56 - 01585664 _____ C:\Users\steve\Desktop\AdwCleaner.exe
2015-08-31 13:26 - 2015-08-31 13:26 - 00004948 _____ C:\Users\steve\Desktop\JRT.txt
2015-08-31 13:24 - 2015-08-31 13:24 - 00000000 ____D C:\Program Files (x86)\Dell Update
2015-08-31 13:19 - 2015-08-19 17:55 - 01798576 _____ (Malwarebytes Corporation) C:\Users\steve\Desktop\JRT.exe
2015-08-31 13:16 - 2015-08-31 13:36 - 670127562 _____ C:\Windows\MEMORY.DMP
2015-08-31 13:16 - 2015-08-31 13:16 - 00287264 _____ C:\Windows\Minidump\083115-24203-01.dmp
2015-08-31 13:16 - 2015-08-31 13:16 - 00000000 ____D C:\Windows\Minidump
2015-08-27 12:36 - 2015-08-31 13:51 - 00000000 ____D C:\FRST
2015-08-27 12:35 - 2015-08-19 09:35 - 02173440 _____ (Farbar) C:\Users\steve\Desktop\FRST64.exe
2015-08-26 18:55 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-26 18:55 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-26 17:34 - 2015-08-26 17:34 - 01399536 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys
2015-08-26 17:34 - 2015-08-26 17:34 - 00881368 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2015-08-26 17:34 - 2015-08-26 17:34 - 00129312 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2015-08-26 17:34 - 2015-08-26 17:34 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-08-26 17:33 - 2015-08-26 17:33 - 00033448 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2015-08-26 17:32 - 2015-08-26 17:32 - 01448248 _____ (Motorola Solutions, Inc.) C:\Windows\system32\Drivers\btmhsf.sys
2015-08-26 17:32 - 2015-08-26 17:32 - 00250608 _____ (Intel Corporation) C:\Windows\system32\Drivers\ibtusb.sys
2015-08-26 17:32 - 2015-08-26 17:32 - 00233712 _____ (Intel Corporation) C:\Windows\system32\ibtproppage.dll
2015-08-26 17:31 - 2015-08-26 17:31 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2015-08-26 17:31 - 2015-08-26 17:31 - 08355960 _____ C:\Windows\system32\Drivers\Netwfw02.dat
2015-08-26 17:31 - 2015-08-26 17:31 - 03776792 _____ (Intel Corporation) C:\Windows\system32\Drivers\Netwbw02.sys
2015-08-26 17:31 - 2015-08-26 17:31 - 00402136 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
2015-08-26 17:31 - 2015-08-26 17:31 - 00083160 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX64.dll
2015-08-26 17:31 - 2015-08-26 17:31 - 00000000 ____D C:\Windows\SysWOW64\sda
2015-08-26 17:31 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-08-26 17:31 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-26 17:31 - 2015-06-09 14:27 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml
2015-08-26 17:31 - 2015-05-11 14:17 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-08-26 17:31 - 2015-05-07 13:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-26 17:31 - 2015-05-07 13:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-08-26 17:31 - 2015-05-07 12:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-26 17:31 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-08-26 17:31 - 2015-05-07 12:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-08-26 17:31 - 2015-05-07 11:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-08-26 17:31 - 2015-05-07 11:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-08-26 17:31 - 2015-05-03 11:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-26 17:31 - 2015-05-03 10:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-26 17:31 - 2015-05-03 10:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-08-26 17:31 - 2015-05-03 10:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-08-26 17:31 - 2015-05-02 20:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-08-26 17:31 - 2015-04-29 19:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-08-26 17:31 - 2015-04-24 22:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-08-26 17:31 - 2015-01-29 23:01 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-08-26 17:31 - 2015-01-29 23:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-08-26 17:31 - 2014-11-04 15:25 - 00059712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-08-26 17:31 - 2014-11-04 15:25 - 00051008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-08-26 17:31 - 2014-11-04 02:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-08-26 17:31 - 2014-11-04 02:54 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-08-26 17:31 - 2014-11-04 02:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-08-26 17:31 - 2014-11-04 02:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-08-26 17:30 - 2015-08-26 17:30 - 00031095 _____ C:\Windows\system32\Drivers\rtwavesEFX.dat
2015-08-26 17:30 - 2015-08-26 17:30 - 00010945 _____ C:\Windows\system32\Drivers\rtwavesMFX.dat
2015-08-26 17:30 - 2015-08-26 17:30 - 00003146 _____ C:\Windows\System32\Tasks\RtHDVBg_PushButton
2015-08-26 17:30 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-26 17:30 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-26 17:30 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-26 17:30 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-26 17:30 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-26 17:30 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-26 17:30 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-26 17:30 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-08-26 17:30 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-08-26 17:30 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-08-26 17:30 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-26 17:30 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-08-26 17:30 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-26 17:30 - 2015-06-26 19:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-26 17:30 - 2015-05-11 12:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-08-26 17:29 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-08-26 17:29 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-08-26 17:29 - 2015-05-12 09:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-08-26 17:29 - 2015-05-03 11:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-08-26 17:29 - 2015-05-03 10:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-08-26 17:29 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-08-26 17:29 - 2015-04-28 09:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-08-26 17:29 - 2015-04-23 11:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-08-26 17:29 - 2015-04-23 11:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-08-26 17:28 - 2015-07-13 23:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-26 17:28 - 2015-07-13 23:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-26 17:28 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-26 17:28 - 2015-07-10 13:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-26 17:28 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-26 17:28 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-26 17:28 - 2015-07-10 12:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-26 17:28 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCORES64.dat
2015-08-26 17:26 - 2015-08-26 17:26 - 35222128 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-08-26 17:26 - 2015-08-26 17:26 - 12996528 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 11899824 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxVoiceAPO30.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 07087448 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2015-08-26 17:26 - 2015-08-26 17:26 - 04514008 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-08-26 17:26 - 2015-08-26 17:26 - 03691608 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioMeters64.exe
2015-08-26 17:26 - 2015-08-26 17:26 - 03234520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 03195416 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 02930904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 02918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 02702552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-08-26 17:26 - 2015-08-26 17:26 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 01949952 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 01749208 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 01718528 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 01374640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 01310936 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 01192368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 01145264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 00980400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 00397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 00184688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-08-26 17:26 - 2015-08-26 17:26 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-08-26 17:25 - 2015-06-16 01:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-26 17:25 - 2015-06-16 01:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-26 17:12 - 2015-08-31 13:25 - 00000000 ____D C:\Users\steve\AppData\Roaming\IObit
2015-08-26 17:12 - 2015-08-31 13:25 - 00000000 ____D C:\ProgramData\IObit
2015-08-26 17:12 - 2015-08-31 13:25 - 00000000 ____D C:\Program Files (x86)\IObit
2015-08-26 17:12 - 2015-08-26 17:12 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-08-26 17:12 - 2015-08-26 17:12 - 00000000 ____D C:\Users\steve\AppData\Local\GWX
2015-08-26 17:06 - 2015-08-08 09:55 - 00794088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-26 17:06 - 2015-08-08 09:55 - 00179688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-25 14:52 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-25 14:52 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-25 14:38 - 2015-07-18 21:58 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-25 14:38 - 2015-07-18 14:51 - 03704320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-25 14:38 - 2015-07-18 14:31 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-25 14:38 - 2015-07-18 14:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-25 14:38 - 2015-07-18 14:31 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-25 14:38 - 2015-07-18 14:29 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-08-25 14:38 - 2015-07-18 14:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-25 14:38 - 2015-07-18 14:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-25 14:38 - 2015-07-18 14:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-25 14:38 - 2015-07-18 14:12 - 02228736 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-25 14:38 - 2015-07-18 14:10 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-25 14:38 - 2015-07-18 14:09 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-25 14:38 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-25 14:38 - 2015-06-28 01:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-25 14:38 - 2015-06-28 01:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-25 14:38 - 2015-06-28 01:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-25 14:38 - 2015-06-28 01:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-25 14:38 - 2015-06-27 12:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-25 14:38 - 2015-06-26 23:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-25 14:38 - 2015-06-26 23:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-25 14:38 - 2015-06-26 23:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-25 14:38 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-25 14:38 - 2015-06-26 23:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-25 14:38 - 2015-06-26 22:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-08-25 14:38 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-25 14:38 - 2015-06-26 22:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-25 14:38 - 2015-06-26 22:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-25 14:38 - 2015-06-26 21:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-08-25 14:38 - 2015-06-26 21:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-25 14:38 - 2015-06-15 18:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-25 14:38 - 2015-06-15 18:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-25 14:38 - 2015-06-15 17:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-25 14:38 - 2015-06-15 17:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-25 14:38 - 2015-06-15 16:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-25 14:38 - 2015-06-15 15:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-25 14:37 - 2015-05-30 17:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-08-25 14:37 - 2015-05-30 15:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-08-25 14:37 - 2015-05-30 15:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-08-24 19:26 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-24 19:26 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-24 19:26 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-24 19:26 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-24 19:26 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-24 19:26 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-24 19:26 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-08-24 19:26 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-24 19:26 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-24 19:26 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-24 19:26 - 2015-07-16 15:45 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-24 19:26 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-24 19:26 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-24 19:26 - 2015-07-16 15:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-08-24 19:26 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-24 19:26 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-24 19:26 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-24 19:26 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-08-24 19:26 - 2015-07-16 15:13 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-24 19:26 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-24 19:26 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-24 19:26 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-24 19:26 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-24 19:26 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-24 19:26 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-08-24 19:26 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-24 19:26 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-24 19:26 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-24 19:26 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-24 19:26 - 2015-06-15 18:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-24 19:26 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-08-24 19:26 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-24 19:26 - 2015-06-15 17:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-24 19:26 - 2015-06-15 17:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-24 19:26 - 2015-06-15 17:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-24 19:26 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-08-24 19:26 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-24 19:26 - 2015-06-15 16:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-24 19:26 - 2015-06-15 16:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-08-24 19:26 - 2015-06-15 16:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-24 19:26 - 2015-06-15 16:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-08-24 19:26 - 2015-06-15 16:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-24 19:26 - 2015-06-15 16:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-24 19:24 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-24 19:24 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-24 19:24 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-24 19:24 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-24 19:24 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-24 19:23 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-24 19:23 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-24 19:23 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-24 19:23 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-24 19:21 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-24 19:21 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-24 19:21 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-24 19:21 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-24 19:21 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-24 19:21 - 2015-06-10 23:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-24 19:21 - 2015-06-10 12:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-15 16:27 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-15 16:27 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-15 16:27 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-15 16:27 - 2015-07-24 14:57 - 04177408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-15 16:27 - 2015-07-24 14:57 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-15 16:27 - 2015-07-24 14:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-15 16:27 - 2015-07-24 13:27 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-15 16:27 - 2015-07-24 13:23 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-31 13:50 - 2015-07-02 23:29 - 00000926 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-31 13:50 - 2015-07-02 23:29 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-31 13:50 - 2014-12-19 14:57 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{47B899A6-5A3B-4C8B-9709-CAD4B2C22534}
2015-08-31 13:49 - 2014-12-19 14:56 - 00000000 ___RD C:\Users\steve\OneDrive
2015-08-31 13:45 - 2015-07-02 23:29 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-31 13:45 - 2015-07-02 23:29 - 00003662 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-31 13:44 - 2014-11-03 17:35 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-08-31 13:41 - 2013-08-22 10:46 - 00025384 _____ C:\Windows\setupact.log
2015-08-31 13:41 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-31 13:40 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-08-31 13:31 - 2014-11-03 17:22 - 01939790 _____ C:\Windows\WindowsUpdate.log
2015-08-31 13:31 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-08-31 13:31 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-31 13:30 - 2014-12-19 14:57 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3757678590-2456448946-363355813-1001
2015-08-31 13:25 - 2015-07-02 22:36 - 00000000 ____D C:\Users\steve\AppData\Roaming\Lavasoft
2015-08-31 13:25 - 2015-07-02 22:36 - 00000000 ____D C:\ProgramData\Lavasoft
2015-08-31 13:25 - 2015-07-02 22:36 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-08-31 13:24 - 2014-11-03 17:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-08-31 13:16 - 2014-03-18 05:44 - 00031474 _____ C:\Windows\PFRO.log
2015-08-31 13:07 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-27 12:54 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-08-27 12:41 - 2014-12-19 14:51 - 00000000 ____D C:\Users\steve\AppData\Local\Packages
2015-08-27 12:39 - 2014-03-18 05:53 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-27 12:28 - 2014-11-03 17:31 - 00000000 ____D C:\ProgramData\McAfee
2015-08-27 12:25 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-08-26 19:01 - 2015-07-07 13:25 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-26 19:01 - 2015-06-27 16:59 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-26 19:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2015-08-26 19:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 19:01 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 19:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\WinStore
2015-08-26 19:01 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-26 19:01 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-26 19:00 - 2015-02-13 20:01 - 00000000 ____D C:\Windows\system32\MRT
2015-08-26 18:59 - 2014-12-19 14:51 - 00000000 ____D C:\Users\steve
2015-08-26 18:54 - 2015-06-27 16:59 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-08-26 18:54 - 2015-06-27 16:59 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-26 18:46 - 2015-07-02 23:30 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-26 18:44 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-08-26 17:38 - 2014-11-03 17:21 - 00000000 ____D C:\Program Files\Dell
2015-08-26 17:35 - 2015-07-21 00:20 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2015-08-26 17:30 - 2014-11-03 17:13 - 01019725 _____ C:\Windows\system32\Drivers\rtwavesskdy.dat
2015-08-26 17:30 - 2014-11-03 17:13 - 00188490 _____ C:\Windows\system32\Drivers\rtwaves40.dat
2015-08-26 17:30 - 2014-11-03 17:13 - 00017979 _____ C:\Windows\system32\Drivers\rtwavesvpcap.dat
2015-08-26 17:28 - 2014-11-03 17:12 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-08-26 17:15 - 2015-07-02 23:13 - 00002202 _____ C:\Users\steve\Desktop\Chromium.lnk
2015-08-26 17:14 - 2015-07-07 14:10 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-25 14:54 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-25 14:54 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-25 14:24 - 2013-08-22 10:44 - 00346744 _____ C:\Windows\system32\FNTCACHE.DAT
 
==================== Files in the root of some directories =======
 
2015-07-03 00:13 - 2015-07-06 20:13 - 0000094 _____ () C:\Users\steve\AppData\Roaming\WB.CFG
2014-11-03 17:13 - 2014-11-03 17:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-03 17:30 - 2014-11-03 17:30 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-11-03 17:26 - 2014-11-03 17:27 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-11-03 17:27 - 2014-11-03 17:28 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-11-03 17:29 - 2014-11-03 17:30 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-11-03 17:26 - 2014-11-03 17:26 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
C:\Users\steve\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-26 18:53
 
==================== End of log ============================

  • 0

#6
pystryker
Posted 31 August 2015 - 04:55 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

Thank you for the logs, they're looking good. Let's run a scan for any remnants and orphans, then check for out of date programs. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#7
moondog830
Posted 01 September 2015 - 06:39 PM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

ESET scan

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# EOSSerial=b52722af5c1ffd4bbba2e1d134e3c703
# end=init
# utc_time=2015-09-01 04:32:21
# local_time=2015-09-01 12:32:21 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.3.9600 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 25550
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# EOSSerial=b52722af5c1ffd4bbba2e1d134e3c703
# end=updated
# utc_time=2015-09-01 04:40:36
# local_time=2015-09-01 12:40:36 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.3.9600 NT 
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=b52722af5c1ffd4bbba2e1d134e3c703
# engine=25550
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-09-01 07:10:46
# local_time=2015-09-01 03:10:46 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.3.9600 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 91 3680554 9980508 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 418165 6117591 0 0
# scanned=190853
# found=7
# cleaned=0
# scan_time=9010
sh=E8EFBAA6D25BCD920FB58268F390E604CFCCCF33 ft=0 fh=0000000000000000 vn="JS/TrojanDropper.Agent.NAJ trojan" ac=I fn="C:\Users\steve\Downloads\Setup (1).jse"
sh=6EF9685329649050BD8A2FC71CD3A0BCBC84A3A8 ft=0 fh=0000000000000000 vn="JS/TrojanDropper.Agent.NAJ trojan" ac=I fn="C:\Users\steve\Downloads\Setup (2).jse"
sh=3AA4CAAFAB1F87E236E9BD27A94C51C2FD276CC6 ft=0 fh=0000000000000000 vn="JS/TrojanDropper.Agent.NAJ trojan" ac=I fn="C:\Users\steve\Downloads\Setup (3).jse"
sh=8E0E545E41B083DDC45575BFB6345C2F8B19A99E ft=0 fh=0000000000000000 vn="JS/TrojanDropper.Agent.NAJ trojan" ac=I fn="C:\Users\steve\Downloads\Setup (4).jse"
sh=FCAA486F2FB35FBBDE5A2793065886A4486F2A1F ft=0 fh=0000000000000000 vn="JS/TrojanDropper.Agent.NAJ trojan" ac=I fn="C:\Users\steve\Downloads\Setup (5).jse"
sh=AB713832ED38D88FCAEACF8DBDE837C0830CAB6C ft=0 fh=0000000000000000 vn="JS/TrojanDropper.Agent.NAJ trojan" ac=I fn="C:\Users\steve\Downloads\Setup.jse"
sh=FC6C4C37E40B3F324695893652E4A31BA1F01C19 ft=1 fh=e271e6813d78311a vn="a variant of Win32/Toolbar.MyWebSearch.AO potentially unwanted application" ac=I fn="C:\Users\steve\Downloads\SnapMyScreenSetup.SnapMyScreen_bf.pnacmlfckijnmogihjeaojfnfiplhhpj.ch.exe"
 
 
MBAM log
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/1/2015
Scan Time: 11:40 AM
Logfile: mbam log.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.01.04
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: steve
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339081
Time Elapsed: 11 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 5
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\TRACING\ProPCCleaner_RASAPI32, Quarantined, [c8f0ae7c1972ab8b44e7980f49bbd42c], 
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\TRACING\ProPCCleaner_RASMANCS, Quarantined, [8d2b171359320b2b2704624551b3f20e], 
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\WOW6432NODE\PRO PC CLEANER\Pro PC Cleaner, Quarantined, [12a685a54645989e82b15d4a22e229d7], 
PUP.Optional.ProPCCleaner, HKU\S-1-5-21-3757678590-2456448946-363355813-1001\SOFTWARE\Pro PC Cleaner, Quarantined, [f8c0b377296230062df78c1bd133916f], 
PUP.Optional.ProPCCleaner, HKU\S-1-5-21-3757678590-2456448946-363355813-1001\SOFTWARE\ProPCCleanerLanguage, Quarantined, [397f2901b9d22f07dc4adccb62a2b848], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 85
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\adapter, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\abstractbutton, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\abstractbutton\background, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\alert, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\alert\background, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\embedhtml, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\embedhtml\background, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\embedhtml\html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\embedhtml\js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\embedscript, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\embedscript\background, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\embedscript\html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\embedscript\js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\flare, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\flare\background, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\flare\icons, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\generic, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\generic\background, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\link, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\link\background, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\menu, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\menu\background, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\menu\css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\menu\html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\menu\images, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\menu\js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\rss, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\rss\background, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\thirdparty, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\thirdparty\background, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\uninstall, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\uninstall\background, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\weather, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\weather\background, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\common, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\radio, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\radio\css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\radio\js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\rss, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\rss\js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\test, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\topapps, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\topapps\css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\topapps\js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\weather, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\weather\css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\weather\js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\api, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\api\background, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\api\window, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\defaultSearch, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\defaultSearch\background, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\defaultSearch\foreground, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\moviereviews, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\moviereviews\background, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\moviereviews\css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\moviereviews\html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\moviereviews\js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\radio, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\radio\background, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\radio\css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\radio\foreground, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\radio\radioWrapper, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\search, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\search\background, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\search\html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\supertab, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\supertab\css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\supertab\html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\supertab\js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\icons, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\native, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\native\libs, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\_metadata, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
 
Files: 237
PUP.Optional.Slimware.Offers, C:\Users\steve\Downloads\DriverUpdate-setup (1).exe, Quarantined, [9820002ae6a545f1c9326d05798816ea], 
PUP.Optional.Slimware.Offers, C:\Users\steve\Downloads\DriverUpdate-setup.exe, Quarantined, [5860dc4ed0bbb87ec5363141fd0431cf], 
PUP.Optional.InstallCore, C:\Users\steve\Downloads\google-chrome.exe, Quarantined, [853349e15c2f4de9c541c8cce81da25e], 
PUP.Optional.WinYahoo, C:\Users\steve\AppData\LocalLow\Microsoft\Internet Explorer\Services\WinYahoo.ico, Quarantined, [1a9e89a18a0104322e5ced80a55fe020], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\manifest.json, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\bg.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\buildVars, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\buildVars.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\companionSW.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\config.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\contentScript.css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\contentScript.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\debug.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\debug.jade, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\extension_toolbar_api.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\initWidgetWindow.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\newTabContentScript.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\options.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\spent.css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\spent.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\spent.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\spent2.css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\spent2.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\spentJ.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\spentK.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\spentK.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\startup.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\stub.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\stubby.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\superFrame.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\toolbar.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\toolbar.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\toolbarUI.css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\toolbarUI.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\toolbarUI.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\url.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\adapter\adapterUtil.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\adapter\widget-adapter.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\abstractbutton\background\abstractButton.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\alert\background\alertButton.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\embedhtml\background\embedHtmlWidget.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\embedhtml\html\embedHtmlTemplate.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\embedhtml\js\embedHtmlUI.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\embedscript\background\embedScriptWidget.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\embedscript\html\embedScriptTemplate.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\embedscript\js\embedScriptUI.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\flare\background\FlareWidget.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\flare\icons\Icon_Flare_blue.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\flare\icons\Icon_Flare_pink.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\flare\icons\Thumbs.db, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\generic\background\GenericWidget.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\link\background\linkButton.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\menu\README.txt, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\menu\background\menuButton.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\menu\css\menuframe.css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\menu\html\menuframe.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\menu\images\right_arrow.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\menu\images\right_arrow_white.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\menu\js\jquery-1.7.1.min.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\menu\js\menuframe.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\menu\js\query-string.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\menu\js\underscore-1.3.1.min.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\rss\background\RssWidget.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\thirdparty\background\thirdPartyWidget.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\uninstall\background\uninstallButton.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\components\weather\background\weatherButton.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\js\bs.30.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\js\common.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\js\dynamic.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\js\enableDetect.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\js\eventListening.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\js\global.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\js\jquery-1.7.1.min.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\js\list-interaction.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\js\messageEventListener.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\js\navRedirector.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\js\paramReplacer.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\js\PartnerId.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\js\set.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\js\underscore-1.3.1.min.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\js\underscore-1.5.2.min.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\js\unifiedLogging.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widget-context-1.0.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\common\common.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\common\eventListening.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\common\list-interaction.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\common\set.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\radio\radio-widget.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\radio\css\radio-widget.css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\radio\js\radio-custom.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\radio\js\radio-parser.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\radio\js\radio-widget.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\rss\rssWidget.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\rss\js\rss-widget.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\test\invalid.json, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\test\jquery.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\test\qunit.css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\test\qunit.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\test\resource.json, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\test\resource.xml, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\test\testWidget.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\test\testWidget.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\topapps\widget.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\topapps\css\widget.css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\topapps\js\topapps-config.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\topapps\js\widget.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\weather\weatherButton.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\weather\css\weatherButton.css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\common\widget-api\widgets\weather\js\weather.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\api\background\ApiBasedWidget.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\api\background\widget-api-impl.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\api\window\hiddenWidgetWindow.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\api\window\hiddenWidgetWindow.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\api\window\hiddenWidgetWindowInit.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\api\window\widgetWindow.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\api\window\widgetWindow.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\defaultSearch\background\updateSearch.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\defaultSearch\background\updateSearchPromptBg.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\defaultSearch\foreground\07_buttons2.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\defaultSearch\foreground\08_buttons2.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\defaultSearch\foreground\defaultSearchModal.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\defaultSearch\foreground\tvf_btn_ok.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\defaultSearch\foreground\tvf_restart_icon.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\moviereviews\background\MovieReviewsWidget.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\moviereviews\css\movieReviews.css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\moviereviews\html\movieReviews.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\moviereviews\js\movieReviews.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\radio\background\RadioWidget.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\radio\css\toolbar-item.css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\radio\foreground\button.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\radio\radioWrapper\radioWrapper.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\radio\radioWrapper\radioWrapper.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\search\background\searchBox.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\search\html\searchSuggestions.css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\search\html\searchSuggestions.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\search\html\searchSuggestions.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\search\html\searchSuggestionsInit.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\supertab\css\supertab.css, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\supertab\html\supertab.html, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\supertab\js\newtabfork.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\supertab\js\reporting.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\supertab\js\srchsugg.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\supertab\js\supertab.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\supertab\js\unifiedLogging.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\components\supertab\js\__utm.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\icons\arrowSprite.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\icons\icon128.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\icons\icon16.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\icons\icon19disabled.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\icons\icon19on.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\icons\icon48.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\icons\tb_icon_search_disappearing_ask.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images\223752988.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images\223752994.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images\223753000.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images\223753022.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images\223753028.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images\223753050.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images\223753067.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images\224441917.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images\down_arrow.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images\IDR_PRODUCT_LOGO_16.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images\IDR_WEBSTORE_ICON.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images\magnifying_glass.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images\RadioPlayerSprite.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images\search_button.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images\tvf_icon_guide.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images\tvf_logo.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\images\wrench.png, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\chromeUtils.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\exeManager.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\exeManagerNMD.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\exePackageManager.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\focusManager.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\globalBlacklistManager.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\messaging.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\mutation_summary-min.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\mutation_summary.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\nativeMessagingDispatcher.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\newTabInfo.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\newTabInitialize.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\options.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\readLocalStorage.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\reservespacefortoolbar.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\reservespaceifenabled.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\scriptInjector.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\searchContext.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\settingsOverrides.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\toolbarCookieParser.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\toolbarPreinit.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\underscore-1.3.1.min.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\URILoaderContentScript.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\Widget.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\widgetContentScriptInjectee.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\widgetFactory.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\js\widgetWindowManager.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\native\cache.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\native\ce.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\native\debug.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\native\ss.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\native\libs\jquery-1.7.1.min.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\native\libs\jquery-1.9.1.min.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\native\libs\underscore-1.5.2.min.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\activePing.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\buttonLogger.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\competitorDnsList.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\console.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\FFPreferencesPersister.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\httpTransport.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\HttpURL.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\internationalSearch.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\LocalStoragePersister.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\MindsparkGlobal.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\MindsparkGlobal.unitTest.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\MindsparkGlobalNotes.txt, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\rsvp-latest.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\searchSuggestLocale.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\testHttpTransport.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\unifiedLogger.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\unifiedLogging.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\universalConsole.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\shared\utils.js, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\_metadata\computed_hashes.json, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
PUP.Optional.MindSpark, C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnacmlfckijnmogihjeaojfnfiplhhpj\12.14.7.40742_0\_metadata\verified_contents.json, Quarantined, [e2d6fb2f86057cba2bb5871227de9f61], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
checkup log
 

 Results of screen317's Security Check version 1.008  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Pro PC Cleaner 2.9.6  
 Google Chrome (43.0.2357.132) 
 Google Chrome (44.0.2403.157) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
dog

  • 0

#8
pystryker
Posted 01 September 2015 - 07:53 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Hello :)

Excellent, only a few files to remove and no programs in need of updating. Let's remove the ones ESET found. :thumbsup:
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
C:\Users\steve\Downloads\Setup*.jse
C:\Users\steve\Downloads\SnapMyScreenSetup.SnapMyScreen_bf.pnacmlfckijnmogihjeaojfnfiplhhpj.ch.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Things I need to see in your next post:

Fixlog.txt Log
  • 0

#9
moondog830
Posted 03 September 2015 - 08:42 AM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by steve (2015-09-03 10:39:31) Run:2
Running from C:\Users\steve\Desktop
Loaded Profiles: steve (Available Profiles: steve)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
C:\Users\steve\Downloads\Setup*.jse
C:\Users\steve\Downloads\SnapMyScreenSetup.SnapMyScreen_bf.pnacmlfckijnmogihjeaojfnfiplhhpj.ch.exe
End
*****************
 
Restore point was successfully created.
C:\Users\steve\Downloads\Setup*.jse => moved successfully.
C:\Users\steve\Downloads\SnapMyScreenSetup.SnapMyScreen_bf.pnacmlfckijnmogihjeaojfnfiplhhpj.ch.exe => moved successfully.
 
==== End of Fixlog 10:39:50 ====

  • 0

#10
pystryker
Posted 03 September 2015 - 05:03 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Looks good. :thumbsup:

Subject to no further problems, I'll remove my tools and we'll create a clean restore point on the machine.


Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
  • You can uninstall ESET Online Scanner at this time.
  • I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.
Step 2: Tips, Information, and Optional Installation of Unchecky
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go. :)
To help protect yourself while on the web, I recommend you read How did I get infected in the first place?


Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.
  • Click here to be taken to Unchecky.com
  • Click the very large Download button.
  • Click Save
  • Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)
  • Once open, click the Install button.
unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:


Things I need to see in your next post

Delfix Log
  • 0

#11
moondog830
Posted 03 September 2015 - 05:52 PM

moondog830

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 804 posts

Thanks for all your help, I'm sure my friend will be  pleasantly surprised that his machine is right with the world now :)

 

DelFix

 

# DelFix v1.010 - Logfile created 03/09/2015 at 19:43:07
# Updated 26/04/2015 by Xplode
# Username : steve - STEVESTOY
# Operating System : Windows 8.1  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\steve\Desktop\AdwCleaner.exe
Deleted : C:\Users\steve\Desktop\Fixlog.txt
Deleted : C:\Users\steve\Desktop\FRST64.exe
Deleted : C:\Users\steve\Desktop\JRT.exe
Deleted : C:\Users\steve\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #10 [avast! antivirus system restore point | 07/07/2015 18:07:44]
Deleted : RP #11 [Windows Update | 08/24/2015 23:21:23]
Deleted : RP #12 [Driver Booster : Intel® 8 Series Chipset Family SATA AHCI Controller | 08/26/2015 21:25:36]
Deleted : RP #14 [Restore Point Created by FRST | 08/31/2015 17:15:10]
Deleted : RP #16 [Restore Point Created by FRST | 09/03/2015 14:39:32]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#12
pystryker
Posted 03 September 2015 - 06:19 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Thanks for all your help, I'm sure my friend will be pleasantly surprised that his machine is right with the world now :)


You're quite welcome. :) If you need us again, please don't hesitate to come back and see us.

Safe surfing!

Pystryker :wave:
  • 0

#13
pystryker
Posted 04 September 2015 - 04:34 AM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP