[cahagg01]

So I just received help fixing my computer.  Now it's my girlfriends turn to fix hers.  I ran AVG Virus scan and had the following threats appear

 

1) malsign.generic.DE7

2) malsign.slizearch.436

3) Adware generic5.axox

4) Adware.adplugin.sm

5) Adward.adinject.resoft

6) win32/hedo

7) trojan horse generic37. ARVT

 

 

Any help fixing these viruses and whatever else may be on the computer would be a great help!.  Thanks

[Advertisements]

Hello and welcome to Geeks To Go! My nickname is Pystryker , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

• If you are receiving help for this issue at another forum, please let me know so I can close this thread.
• Please download to and run all requested tools from your Desktop.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
• At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
• If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
• Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
• Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
• Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?


Hello, let's get a look at your system and see what's going on.


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Place a check in the box marked Addition.txt
  
  
• Press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

[pystryker]

Hello and welcome to Geeks To Go! My nickname is Pystryker , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you

• If you are receiving help for this issue at another forum, please let me know so I can close this thread.
• Please download to and run all requested tools from your Desktop.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
• At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
• If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
• Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
• Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
• Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?


Hello, let's get a look at your system and see what's going on.


Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Place a check in the box marked Addition.txt
  
  
• Press the Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

[cahagg01]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-05-2016

Ran by SJB (2016-05-03 20:34:15)

Running from C:\Users\SJB\Downloads

Windows 7 Home Premium Service Pack 1 (X64) (2011-08-16 12:23:41)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-1739471184-2068617908-1788588825-500 - Administrator - Disabled)

Guest (S-1-5-21-1739471184-2068617908-1788588825-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1739471184-2068617908-1788588825-1006 - Limited - Enabled)

SJB (S-1-5-21-1739471184-2068617908-1788588825-1001 - Administrator - Enabled) => C:\Users\SJB

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: AVG Internet Security (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1703.41614 - ABBYY Software House)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation)

Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)

Acer Crystal Eye Webcam (x32 Version: 1.0.1523 - CyberLink Corp.) Hidden

Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Acer Incorporated)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)

Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.4 - WildTangent)

Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)

Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0301.2011 - Acer Incorporated)

Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)

Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)

Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)

Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)

Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ARO 2012 (HKLM\...\ARO 2012_is1) (Version: 8.0 - Support.com)

AT&T Troubleshoot & Resolve (HKLM-x32\...\ATT-AT&T Troubleshoot & Resolve) (Version: 8.4.1.11 - AT&T)

ATT Management Agent (HKLM-x32\...\ATT-ATT Management Agent) (Version: 8.3.1.7 - ATT)

Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)

AVG (HKLM\...\AvgZen) (Version: 1.51.2.3593 - AVG Technologies)

AVG (Version: 16.71.7596 - AVG Technologies) Hidden

AVG 2016 (Version: 16.0.4565 - AVG Technologies) Hidden

AVG Protection (HKLM\...\AVG) (Version: 2016.71.7596 - AVG Technologies)

AVG Zen (Version: 1.51.58 - AVG Technologies) Hidden

Backup Manager V3 (x32 Version: 3.0.0.85 - NTI Corporation) Hidden

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blackboard Collaborate Launcher (HKLM-x32\...\{E5F1305E-3B86-4C41-A408-3B5DFC381926}) (Version: 1.5.0.0 - Blackboard)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)

Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1422.00 - CyberLink Corp.)

clear.fi (x32 Version: 1.0.1422.00 - CyberLink Corp.) Hidden

clear.fi (x32 Version: 9.0.7418 - CyberLink Corp.) Hidden

clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dropbox (HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)

eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)

Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software)

FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden

Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden

Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version:  - FlashPlayerPro.com)

FMW 1 (Version: 1.73.2 - AVG Technologies) Hidden

Free Download Manager 3.9.3 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)

Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)

iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)

Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)

Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.5 - Acer Inc.)

Lexmark 3400 Series (HKLM\...\Lexmark 3400 Series) (Version:  - Lexmark International, Inc.)

Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version:  - )

Linksicle (HKLM-x32\...\Linksicle) (Version: 1.8.2.0 - Linksicle)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MediaEspresso (x32 Version: 1.0.1418_35759 - CyberLink Corp.) Hidden

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)

Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft SkyDrive (HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Music Remote (HKLM-x32\...\{CA6D5FD2-AD35-44F8-AFEF-B36C908CE901}) (Version: 1.0 - KangoExtensions) <==== ATTENTION

Music remote Addon (remove only) (HKLM-x32\...\Music remote Addon) (Version:  - )

Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden

MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden

MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden

MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)

MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden

Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden

newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)

newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden

NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)

NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)

NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden

OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6314 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)

Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C2700}) (Version: 12.39.0.412 - APN, LLC) <==== ATTENTION

Shop-Up (HKLM-x32\...\Shop-Up) (Version: 1.29.153.2 - Winportal)

Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden

Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)

The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )

The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )

Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)

Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden

Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)

WildTangent Games App (Acer Games) (x32 Version: 4.0.3.57 - WildTangent) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

WiseConvert B2 Toolbar (HKLM-x32\...\WiseConvert_B2 Toolbar) (Version: 6.13.1.500 - WiseConvert B2)

Word Layers (HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\...\Word Layers) (Version: 3 - wordlayersapp.com)

Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {02A5CB4B-4E8B-427E-BC23-33908430C64A} - \AmiUpdXp -> No File <==== ATTENTION

Task: {0563A566-6A91-4BFA-B274-0324BF4CD0CD} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION

Task: {0E5DDBE3-CA5A-4017-9957-23082F98728C} - \Plus-HD-1.6-updater -> No File <==== ATTENTION

Task: {133A1082-02FE-4C40-9F97-665B444D2826} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-02-22] (Acer Incorporated)

Task: {375B77AC-8737-484B-AD94-375F4C8EA05B} - \Plus-HD-1.6-chromeinstaller -> No File <==== ATTENTION

Task: {3B48C71F-1DCE-4832-98E2-683D5D1F5B3F} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-02-22] (CyberLink)

Task: {3DE7B523-4F7F-4E17-A9DB-9E349E817E05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)

Task: {442CA337-2DFE-422A-8466-465428716A86} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {4CB670DA-3947-46F0-B27A-6B8FE89CCA00} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1739471184-2068617908-1788588825-1001UA => C:\Users\SJB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24] (Dropbox, Inc.)

Task: {6B3CCFAA-ED32-4DBB-969F-0F84364AFA32} - \Plus-HD-1.6-codedownloader -> No File <==== ATTENTION

Task: {6EB3A125-0A91-42F6-B4F1-0583665C915A} - \SuperLyrics-1-updater -> No File <==== ATTENTION

Task: {7CFF72DD-1BB4-48E0-B033-8025B2753491} - System32\Tasks\{E194A126-123C-4403-9FB8-A6303A729F7B} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.5.0.158&amp;LastError=12031

Task: {7F772638-DF5F-49E2-9FE6-2CBB0E911196} - System32\Tasks\{FDFC103B-66D6-4E24-8F23-165A1FBC264C} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.5.0.158&amp;LastError=12031

Task: {93C9F481-117A-4D8E-8965-2F0EED8CC397} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1739471184-2068617908-1788588825-1001Core => C:\Users\SJB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24] (Dropbox, Inc.)

Task: {948A73E3-A323-4F2C-99FE-079583A72274} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-12] (AVAST Software)

Task: {9C569DDB-2E90-493E-9A12-659E73088A5B} - \Plus-HD-1.6-firefoxinstaller -> No File <==== ATTENTION

Task: {9F818479-7B0C-43C8-ADDC-2B7FCC80DB61} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-02-22] (CyberLink Corp.)

Task: {A46FA9F6-4D85-417F-A6E5-4B3BFCC6B17C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-02] (Adobe Systems Incorporated)

Task: {B3541D3A-3865-4CBB-8986-4E518DE523F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)

Task: {CF9AFFA6-3B69-4790-9F0D-1B98858B0D32} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-10] (AVAST Software)

Task: {E1FFF8A6-DB5F-4C51-A377-A205C24ECE71} - \Plus-HD-1.6-enabler -> No File <==== ATTENTION

Task: {E877B35C-2C94-40AF-A5B3-B8CE56356F9B} - \BackgroundContainer Startup Task -> No File <==== ATTENTION

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1739471184-2068617908-1788588825-1001Core.job => C:\Users\SJB\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1739471184-2068617908-1788588825-1001UA.job => C:\Users\SJB\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.acer.com/redirect.aspx?rid=09000001

 

==================== Loaded Modules (Whitelisted) ==============

 

2011-09-26 18:56 - 2006-11-22 09:21 - 00045056 _____ () C:\Windows\System32\LXPRMON.DLL

2011-09-26 18:55 - 2006-11-22 09:05 - 00012288 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\FxCtrStr.dll

2011-09-26 18:55 - 2006-11-22 09:19 - 00081408 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\ipcmt64.dll

2011-09-26 18:58 - 2007-03-16 05:42 - 00144896 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxcypp6c.dll

2011-09-26 18:55 - 2007-06-25 09:34 - 00291504 _____ () C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe

2012-01-10 20:12 - 2012-01-10 20:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2015-09-12 11:55 - 2015-09-12 11:55 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-09-12 11:55 - 2015-09-12 11:55 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-05-02 21:56 - 2016-05-02 21:56 - 02892288 _____ () C:\Program Files\AVAST Software\Avast\defs\16050203\algo.dll

2016-05-03 12:06 - 2016-05-03 12:06 - 02891264 _____ () C:\Program Files\AVAST Software\Avast\defs\16050301\algo.dll

2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-04-01 18:08 - 2014-04-01 18:08 - 00244736 _____ () C:\Program Files (x86)\ATT\8.4.1.11\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node

2014-04-01 18:08 - 2014-04-01 18:08 - 00271360 _____ () C:\Program Files (x86)\ATT\8.4.1.11\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node

2014-04-01 18:08 - 2014-04-01 18:08 - 00237056 _____ () C:\Program Files (x86)\ATT\8.4.1.11\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node

2013-04-24 08:55 - 2013-04-24 08:55 - 01581056 _____ () C:\Program Files (x86)\ATT\8.4.1.11\ma\node_modules\libxmljs\build\Release\xmljs.node

2013-04-18 17:55 - 2013-04-18 17:55 - 00068608 _____ () C:\Program Files (x86)\ATT\8.4.1.11\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node

2011-02-15 13:37 - 2011-02-15 13:37 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll

2011-02-15 13:36 - 2011-02-15 13:36 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll

2011-02-15 13:37 - 2011-02-15 13:37 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll

2011-09-26 18:55 - 2006-08-08 14:54 - 00278528 _____ () C:\Program Files (x86)\Lexmark 3400 Series\lxcyscw.dll

2011-09-26 18:55 - 2006-02-13 08:04 - 00143360 _____ () C:\Program Files (x86)\Lexmark 3400 Series\lxcydrec.dll

2011-09-26 18:54 - 2006-05-25 15:20 - 00241664 _____ () C:\Program Files (x86)\Lexmark 3400 Series\iptk.dll

2013-11-03 11:55 - 2013-10-04 15:38 - 03560960 _____ () C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll

2016-05-02 21:55 - 2016-03-21 16:50 - 00034768 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd

2016-05-02 21:55 - 2016-03-21 16:51 - 00019408 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\faulthandler.pyd

2016-05-02 21:55 - 2016-03-21 16:50 - 00116688 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\pywintypes27.dll

2016-05-02 21:55 - 2016-03-21 16:50 - 00093640 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\_ctypes.pyd

2016-05-02 21:55 - 2016-03-21 16:50 - 00018376 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\select.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 00019760 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd

2016-05-02 21:55 - 2016-03-21 16:52 - 00105928 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32api.pyd

2016-05-02 21:55 - 2016-03-21 16:50 - 00392144 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\pythoncom27.dll

2016-05-02 21:55 - 2016-04-08 13:20 - 00381752 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd

2016-05-02 21:55 - 2016-03-21 16:50 - 00692688 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\unicodedata.pyd

2016-05-02 21:55 - 2016-04-08 13:19 - 00020816 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd

2016-05-02 21:55 - 2016-03-21 16:51 - 00112592 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd

2016-05-02 21:55 - 2016-04-08 13:19 - 01682760 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd

2016-05-02 21:55 - 2016-04-08 13:19 - 00020808 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 00021840 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd

2016-05-02 21:55 - 2016-04-08 13:19 - 00038696 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\fastpath.pyd

2016-05-02 21:55 - 2016-03-21 16:52 - 00020936 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\mmapfile.pyd

2016-05-02 21:55 - 2016-03-21 16:52 - 00024528 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32event.pyd

2016-05-02 21:55 - 2016-03-21 16:52 - 00114640 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32security.pyd

2016-05-02 21:55 - 2016-03-21 16:52 - 00124880 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32file.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 00021832 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd

2016-05-02 21:55 - 2016-03-21 16:52 - 00024016 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32clipboard.pyd

2016-05-02 21:55 - 2016-03-21 16:52 - 00175560 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32gui.pyd

2016-05-02 21:55 - 2016-03-21 16:52 - 00030160 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32pipe.pyd

2016-05-02 21:55 - 2016-03-21 16:52 - 00043472 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32process.pyd

2016-05-02 21:55 - 2016-03-21 16:52 - 00028616 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32ts.pyd

2016-05-02 21:55 - 2016-03-21 16:52 - 00048592 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32service.pyd

2016-05-02 21:55 - 2016-04-08 13:19 - 00026456 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd

2016-05-02 21:55 - 2016-03-21 16:52 - 00057808 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32evtlog.pyd

2016-05-02 21:55 - 2016-03-21 16:52 - 00024016 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32profile.pyd

2016-05-02 21:55 - 2016-04-08 13:19 - 00117056 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 00023376 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd

2016-05-02 21:55 - 2016-03-21 16:50 - 00134608 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\_elementtree.pyd

2016-05-02 21:55 - 2016-03-21 16:50 - 00134088 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\pyexpat.pyd

2016-05-02 21:55 - 2016-03-21 16:51 - 00240584 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\jpegtran.pyd

2016-05-02 21:55 - 2016-04-08 13:19 - 00024392 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd

2016-05-02 21:55 - 2016-03-21 16:52 - 00036296 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\librsync.dll

2016-05-02 21:55 - 2016-04-08 13:19 - 00052024 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 00020800 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 00021824 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 00019776 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 00020800 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd

2016-05-02 21:55 - 2016-04-08 13:19 - 00020280 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd

2016-05-02 21:55 - 2016-03-21 16:52 - 00350152 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\winxpgui.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 00022352 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd

2016-05-02 21:55 - 2016-04-08 13:19 - 00084280 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL

2016-05-02 21:55 - 2016-04-08 13:20 - 01826096 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd

2016-05-02 21:55 - 2016-03-21 16:51 - 00083912 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\sip.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 03928880 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 01971504 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 00531248 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 00132912 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 00223544 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 00207672 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 00158008 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 00042808 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd

2016-05-02 21:55 - 2016-03-21 16:54 - 00017864 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\libEGL.dll

2016-05-02 21:55 - 2016-03-21 16:54 - 01631184 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2016-05-02 21:55 - 2016-04-08 13:20 - 00024904 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 00546096 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd

2016-05-02 21:55 - 2016-04-08 13:20 - 00357680 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd

2016-05-02 21:55 - 2016-03-21 16:56 - 00697304 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll

2016-05-02 21:55 - 2016-03-21 16:52 - 00060880 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32print.pyd

2009-04-16 12:02 - 2009-04-16 12:02 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

2015-09-12 11:55 - 2015-09-12 11:55 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2016-03-10 20:29 - 2016-03-10 20:29 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ad1d5f0cd29a1edfa6483a6b07628457\IsdiInterop.ni.dll

2011-04-18 23:22 - 2010-04-13 11:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2016-05-02 22:10 - 2016-05-02 22:08 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll

2016-02-22 19:22 - 2016-02-17 23:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll

2016-02-22 19:22 - 2016-02-17 23:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\Temp:373E1720 [254]

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SJB\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 209.18.47.61 - 209.18.47.62

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{C0DC918D-0524-46D5-A6C2-C7788443675C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe

FirewallRules: [{742EAE0B-B3C8-4E0F-9821-CD9ADC5D7AA6}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe

FirewallRules: [{58A03610-3E74-427C-8256-30E616E5FE33}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{AA9C802F-F2BD-4774-9BA9-DFBC5C603644}] => (Allow) LPort=2869

FirewallRules: [{88EC4423-239D-4F14-8724-CB90A13C9083}] => (Allow) LPort=1900

FirewallRules: [{B52A0F61-6028-4ABE-A4DD-53036C05C4F8}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{676ADD4F-34AF-4177-A404-5633531CBE00}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe

FirewallRules: [{6226D65C-64FA-4183-BA0B-4E8F53030D50}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

FirewallRules: [{129067F6-0F44-4805-802E-9E618C204349}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe

FirewallRules: [{93A7D793-F34A-436A-9FAC-190AC1128581}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe

FirewallRules: [{EA17CE02-2F25-4D68-88D1-77BAFB4027D2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe

FirewallRules: [{27C2F60F-3C98-4002-82F0-FF2C38FC6575}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe

FirewallRules: [{489376A8-765A-4335-B507-384D3EC3F131}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe

FirewallRules: [{732B431F-4342-4827-83CF-77B52FFA09B4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe

FirewallRules: [{2054A5E6-FC75-4908-88A2-1CC94D67FB07}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{5519BFD5-4053-43ED-8E77-F1E40EEC66AE}] => (Allow) C:\Windows\System32\lxcycoms.exe

FirewallRules: [{9758625F-4622-4350-BC31-79316F802512}] => (Allow) C:\Windows\System32\lxcycoms.exe

FirewallRules: [{5D9FFC89-7BB5-4850-AFA0-1BE206A7CA4B}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe

FirewallRules: [{9846F15D-F6FE-465D-A9B8-B6CD5EF62362}] => (Allow) C:\Windows\SysWOW64\lxcycoms.exe

FirewallRules: [{E5F61A1A-99DF-4225-8DE7-B1FF57377B84}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe

FirewallRules: [{F9BAE9CF-F838-4349-89BC-AD98027126A6}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe

FirewallRules: [{BAE2F388-F32D-4EA2-8761-70570E8D4C5D}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyaiox.exe

FirewallRules: [{5A4FF4F1-3927-4A8E-B669-87D326EFEE2A}] => (Allow) C:\Program Files (x86)\Lexmark 3400 Series\lxcyaiox.exe

FirewallRules: [{26C6BFE1-B578-426E-A79F-0F2D74E2DA08}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

FirewallRules: [{06B8117B-F61B-4636-978C-E20B18AEE313}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{E35BE7D8-1C60-4480-AC77-53DB7FE3A2FB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{AFF6B556-2614-4B79-BFCE-0F424C4076C6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{8531B21C-176B-4224-B17B-030F78C126F6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{F165B81F-C12F-418C-9314-0724C2B4DACC}] => (Allow) C:\Users\SJB\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{2424CF29-4D2A-4C37-82C3-11CB8E9C8618}] => (Allow) C:\Users\SJB\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{FA352FD3-A448-4ABC-B0A1-DCC8E3C842D2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe

FirewallRules: [{5E29D327-7B04-490E-A6A9-D15C04C793B7}] => (Allow) C:\Users\SJB\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

FirewallRules: [TCP Query User{1A0E9128-80DE-45B4-B534-658A28BC8131}C:\users\sjb\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sjb\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [UDP Query User{745B6CAE-4338-49F3-83A8-824464225854}C:\users\sjb\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\sjb\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [TCP Query User{42A1FD17-A409-4531-9027-DD6CC804E2E6}C:\users\sjb\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\sjb\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe

FirewallRules: [UDP Query User{D7F52E3A-1339-4CC7-A90A-AAE4F28DCB0D}C:\users\sjb\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\sjb\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe

FirewallRules: [{6183D179-1F81-41A5-B5C9-8001ADA7A7A2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{57CD6917-5BA2-41D9-A5AD-9883E9C6DE69}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{23067E1D-3187-44AA-BC55-25C0CD1413D1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{DF360454-7083-4C3D-9294-D98158D913F6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{7409E53D-1A5D-466D-8DA8-07074BB9253F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{8E92E1A3-B252-44E6-83A3-B137DF790CE3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{48D1DA46-61CD-4845-B8D6-FF4742BF4604}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{C640C7F0-8373-4B7C-8130-379DF1BD0824}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{07FA80AF-DA99-47FD-922D-364DCCFB3459}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

 

==================== Restore Points =========================

 

22-02-2016 20:08:55 Windows Update

22-02-2016 23:30:25 Windows Update

01-03-2016 20:11:38 Windows Update

10-03-2016 20:41:52 Windows Update

10-03-2016 20:55:34 Windows Update

12-03-2016 16:30:05 Windows Update

02-05-2016 21:50:06 Windows Modules Installer

02-05-2016 21:55:51 Windows Modules Installer

02-05-2016 22:15:25 Installed AVG 2016

02-05-2016 22:16:32 Installed AVG

03-05-2016 20:24:25 Windows Update

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (05/03/2016 08:25:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary {9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.

 

System Error:

The system cannot find the file specified.

.

 

Error: (05/03/2016 08:25:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

Error: (05/03/2016 08:25:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

Error: (05/03/2016 12:07:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 83570

 

Error: (05/03/2016 12:07:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 83570

 

Error: (05/03/2016 12:07:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/03/2016 12:06:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 65193

 

Error: (05/03/2016 12:06:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 65193

 

Error: (05/03/2016 12:06:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (05/03/2016 12:06:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 49530

 

 

System errors:

=============

Error: (05/03/2016 08:27:17 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad block.

 

Error: (05/03/2016 08:27:11 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad block.

 

Error: (05/03/2016 08:27:04 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad block.

 

Error: (05/03/2016 08:26:58 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad block.

 

Error: (05/03/2016 08:26:51 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad block.

 

Error: (05/03/2016 08:26:45 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad block.

 

Error: (05/03/2016 08:26:39 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad block.

 

Error: (05/03/2016 08:26:32 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad block.

 

Error: (05/03/2016 08:26:26 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad block.

 

Error: (05/03/2016 08:26:19 PM) (Source: cdrom) (EventID: 7) (User: )

Description: The device, \Device\CdRom0, has a bad block.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Pentium® CPU P6100 @ 2.00GHz

Percentage of memory in use: 75%

Total physical RAM: 3766.7 MB

Available physical RAM: 908.73 MB

Total Virtual: 7531.61 MB

Available Virtual: 4354.61 MB

 

==================== Drives ================================

 

Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:342.78 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FEE87037)

Partition 1: (Not Active) - (Size=16 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=449.7 GB) - (Type=07 NTFS)

[cahagg01]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-05-2016

Ran by SJB (administrator) on SJB-PC (03-05-2016 20:31:56)

Running from C:\Users\SJB\Downloads

Loaded Profiles: SJB (Available Profiles: SJB)

Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Alcatel-Lucent) C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\MAHostService.exe

(Joyent, Inc) C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\node.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

( ) C:\Windows\System32\lxcycoms.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

() C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe

(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Alcatel-Lucent) C:\Program Files\ATT\8.4.1.11\ma\bin\pcTrayApp.exe

(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe

(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe

(Dropbox, Inc.) C:\Users\SJB\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Dropbox, Inc.) C:\Users\SJB\AppData\Local\Dropbox\Update\DropboxUpdate.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{E77AD5CC-91FE-44E4-BC67-1DB961D17007}\50.0.2661.94_chrome_installer.exe

(Google Inc.) C:\Windows\Temp\CR_BB6FF.tmp\setup.exe

(Google Inc.) C:\Windows\Temp\CR_BB6FF.tmp\setup.exe

(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.34-delta.exe

(Microsoft Corporation) C:\Windows\System32\MRT.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11779176 2011-02-18] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)

HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)

HKLM\...\Run: [lxcymon.exe] => C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe [291504 2007-06-25] ()

HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe [82608 2007-06-25] (Lexmark International Inc.)

HKLM\...\Run: [LXCYCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCYtime.dll,RunDLLEntry

HKLM\...\Run: [ATT_McciTrayApp] => C:\Program Files\ATT\8.4.1.11\ma\bin\pcTrayApp.exe [2834432 2014-06-25] (Alcatel-Lucent)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)

HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-02-15] (NTI Corporation)

HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1092688 2011-03-31] (Dritek System Inc.)

HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-02-18] (CyberLink Corp.)

HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [295600 2007-06-25] ()

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-12-20] (AVAST Software)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)

HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1600072 2016-02-12] (APN)

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [4883216 2016-04-20] (AVG Technologies CZ, s.r.o.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"

HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\...\Run: [AROReminder] => C:\Program Files (x86)\ARO 2012\ARO.exe [2553752 2012-07-27] (Support.com, Inc.)

HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\...\Run: [Free Download Manager] => C:\Program Files (x86)\Free Download Manager\fdm.exe [6950400 2013-10-25] (FreeDownloadManager.ORG)

HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\...\Run: [Dropbox Update] => C:\Users\SJB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-24] (Dropbox, Inc.)

HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\...\MountPoints2: {b7c8c0d9-99bb-11e0-ae76-806e6f6e6963} - D:\setup.exe

HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)

HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-12] (AVAST Software)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)

Startup: C:\Users\SJB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-22]

ShortcutTarget: Dropbox.lnk -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\SJB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2011-08-25]

ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

Tcpip\..\Interfaces\{A68D1A0A-02D6-47DA-8BA1-63F1C48DB3C2}: [DhcpNameServer] 209.18.47.61 209.18.47.62

 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11405&pf=V7&trgb=IE&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.17689&apn_uid=7702D1FB-70FA-4DAD-B018-97119024139E&itbv=12.24.1.51&doi=2015-04-02&psv=&pt=tb

URLSearchHook: HKLM-x32 - (No Name) - {da7a20cf-bef4-4342-ad78-0240fdf87055} - No File

URLSearchHook: HKLM-x32 - (No Name) - {6c3bc03f-d7b9-43ac-8931-c242e3cae971} - No File

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=adk_14_18&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzy0Ezy0EyE0AyBtDyEtBtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1T1Q1J1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StBtBzzyE0BzyyDtDtG0DyDyDtCtG0C0DyCtBtG0EtAtA0BtGtCzz0DzzzztC0DyC0CtA0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCtCtB0FtA0FyDtGyC0D0A0AtGzzyD0A0FtGtByE0B0BtGyByCyCtD0B0E0A0AtDyBtBtD2Q&cr=149238162&ir=

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=adk_14_18&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzy0Ezy0EyE0AyBtDyEtBtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1T1Q1J1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StBtBzzyE0BzyyDtDtG0DyDyDtCtG0C0DyCtBtG0EtAtA0BtGtCzz0DzzzztC0DyC0CtA0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCtCtB0FtA0FyDtGyC0D0A0AtGzzyD0A0FtGtByE0B0BtGyByCyCtD0B0E0A0AtDyBtBtD2Q&cr=149238162&ir=

SearchScopes: HKLM-x32 -> DefaultScope value is missing

SearchScopes: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> {1CE601FE-2469-412B-8A9D-40BD8FD7B213} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.24.1.51&apn_uid=7702D1FB-70FA-4DAD-B018-97119024139E&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17689&doi=2015-04-02&trgb=IE&q={searchTerms}&psv=&pt=tb

BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File

BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll [2016-01-04] (APN LLC.)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-12] (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)

BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\mskapbho.dll => No File

BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll [2016-01-04] (APN LLC.)

BHO-x32: No Name -> {6c3bc03f-d7b9-43ac-8931-c242e3cae971} -> No File

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-02] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-12] (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)

BHO-x32: Music RemoteBHO -> {CA6D5FD2-AD35-44F8-AFEF-B36C908CE901} -> C:\Program Files (x86)\Music Remote\1.0\KangoBHO.dll [2013-04-14] (KangoExtensions)

BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-10-25] (FreeDownloadManager.ORG)

BHO-x32: No Name -> {da7a20cf-bef4-4342-ad78-0240fdf87055} -> No File

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-02] (Oracle Corporation)

Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll [2016-01-04] (APN LLC.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)

Toolbar: HKLM-x32 - Music Remote - {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} - C:\Program Files (x86)\Music Remote\1.0\KangoBHO.dll [2013-04-14] (KangoExtensions)

Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll [2016-01-04] (APN LLC.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)

Toolbar: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> No Name - {DA7A20CF-BEF4-4342-AD78-0240FDF87055} -  No File

Toolbar: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> No Name - {6C3BC03F-D7B9-43AC-8931-C242E3CAE971} -  No File

Toolbar: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> No Name - {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} -  No File

Toolbar: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)

Toolbar: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll [2016-01-04] (APN LLC.)

DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-09-09] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-02] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-02] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)

FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\npMotive.dll [2014-06-25] (Alcatel-Lucent)

FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-11-12] ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1739471184-2068617908-1788588825-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-20]

 

Chrome: 

=======

CHR Profile: C:\Users\SJB\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Motive Extension) - C:\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-07-31]

CHR Extension: (Chrome Web Store Payments) - C:\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]

CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-10-16]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-12]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2016-01-04] (APN LLC.)

R2 AT&T Troubleshoot & Resolve; C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\MAHostService.exe [321024 2014-06-25] (Alcatel-Lucent) [File not signed]

S2 ATT MAHostService; C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe [321024 2013-08-26] (Alcatel-Lucent) [File not signed]

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-12] (AVAST Software)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638968 2016-04-20] (AVG Technologies CZ, s.r.o.)

S2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [1999224 2016-04-20] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5155904 2016-04-20] (AVG Technologies CZ, s.r.o.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [710232 2016-04-20] (AVG Technologies CZ, s.r.o.)

R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566448 2007-06-20] ( )

R2 lxcy_device; C:\Windows\SysWOW64\lxcycoms.exe [537264 2007-06-20] ( )

R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)

R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-10-22] (Alcatel-Lucent) [File not signed]

R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-03-02] (Alcatel-Lucent) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-12] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-12] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-12] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-12] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-12-20] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-12-20] (AVAST Software)

S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-09-12] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-12] (AVAST Software)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-04-20] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [248576 2016-03-29] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-04-14] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)

R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-04-18] (AVG Technologies CZ, s.r.o.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-05-03 20:31 - 2016-05-03 20:33 - 00028297 _____ C:\Users\SJB\Downloads\FRST.txt

2016-05-03 20:30 - 2016-05-03 20:31 - 00000000 ____D C:\FRST

2016-05-03 20:29 - 2016-05-03 20:30 - 02377216 _____ (Farbar) C:\Users\SJB\Downloads\FRST64.exe

2016-05-02 22:22 - 2016-05-02 22:22 - 00000000 ____D C:\Users\SJB\AppData\Roaming\AVG

2016-05-02 22:21 - 2016-05-02 22:21 - 00000000 ____D C:\Users\SJB\AppData\Roaming\TuneUp Software

2016-05-02 22:21 - 2016-05-02 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2016-05-02 22:17 - 2016-05-02 22:17 - 00000000 ___HD C:\$AVG

2016-05-02 22:13 - 2016-05-03 20:29 - 00000000 ____D C:\ProgramData\MFAData

2016-05-02 22:13 - 2016-05-02 22:13 - 00000000 ____D C:\Users\SJB\AppData\Local\MFAData

2016-05-02 22:12 - 2016-05-02 22:12 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk

2016-05-02 22:12 - 2016-05-02 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen

2016-05-02 22:10 - 2016-05-02 22:17 - 00000000 ____D C:\ProgramData\Avg

2016-05-02 22:10 - 2016-05-02 22:16 - 00000000 ____D C:\Program Files (x86)\AVG

2016-05-02 22:07 - 2016-05-02 22:22 - 00000000 ____D C:\Users\SJB\AppData\Local\Avg

2016-05-02 22:07 - 2016-05-02 22:13 - 00000000 ____D C:\Users\SJB\AppData\Local\AvgSetupLog

2016-05-02 22:07 - 2016-05-02 22:07 - 02946480 _____ (AVG Technologies CZ, s.r.o.) C:\Users\SJB\Downloads\AVG_Protection_1472.exe

2016-05-02 21:56 - 2016-05-02 21:56 - 00000000 ____D C:\Users\SJB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2016-04-20 14:17 - 2016-04-20 14:17 - 00307456 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys

2016-04-18 09:04 - 2016-04-18 09:04 - 00071936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avguniva.sys

2016-04-14 10:54 - 2016-04-14 10:54 - 00051968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-05-03 20:33 - 2015-06-24 09:59 - 00000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1739471184-2068617908-1788588825-1001Core.job

2016-05-03 20:32 - 2015-06-24 09:59 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1739471184-2068617908-1788588825-1001UA.job

2016-05-03 20:30 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-05-03 20:30 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-05-03 20:28 - 2014-05-20 20:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-05-03 20:27 - 2014-06-23 06:07 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2016-05-03 20:27 - 2014-06-23 06:07 - 00000000 ____D C:\Windows\system32\MRT

2016-05-03 20:25 - 2009-07-14 00:13 - 00006494 _____ C:\Windows\system32\PerfStringBackup.INI

2016-05-03 20:24 - 2013-09-29 14:50 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2016-05-03 20:23 - 2014-01-26 14:34 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-05-02 23:13 - 2014-01-26 14:34 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-05-02 22:22 - 2015-12-20 16:44 - 00000000 ____D C:\Program Files\Common Files\AV

2016-05-02 22:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf

2016-05-02 22:11 - 2011-08-16 15:42 - 00000000 ____D C:\ProgramData\clear.fi

2016-05-02 22:05 - 2012-09-29 13:40 - 00000000 ___RD C:\Users\SJB\Dropbox

2016-05-02 22:01 - 2013-01-29 21:56 - 00000410 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job

2016-05-02 22:00 - 2013-10-16 19:02 - 00000000 ____D C:\Program Files (x86)\ATT

2016-05-02 21:59 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-05-02 21:53 - 2014-05-20 20:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2016-05-02 21:52 - 2013-10-16 20:01 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-05-02 21:52 - 2013-10-16 20:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2016-05-02 21:51 - 2016-03-10 20:28 - 19397312 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2016-05-02 21:51 - 2012-09-29 13:38 - 00000000 ____D C:\Users\SJB\AppData\Roaming\Dropbox

 

==================== Files in the root of some directories =======

 

2014-06-22 19:24 - 2014-06-22 19:24 - 0000047 _____ () C:\Users\SJB\AppData\Roaming\WB.CFG

2011-06-18 10:20 - 2011-06-18 10:24 - 0015211 _____ () C:\ProgramData\ArcadeDeluxe5.log

2012-07-29 14:33 - 2012-07-29 14:33 - 1219966 _____ () C:\ProgramData\SPL97FB.tmp

2013-09-29 13:53 - 2013-09-29 13:53 - 2273608 _____ () C:\ProgramData\SPLC1D1.tmp

2012-07-29 14:27 - 2012-07-29 14:27 - 1219966 _____ () C:\ProgramData\SPLC677.tmp

2012-07-29 14:35 - 2012-07-29 14:35 - 1219966 _____ () C:\ProgramData\SPLC8D8.tmp

 

Some files in TEMP:

====================

C:\Users\SJB\AppData\Local\Temp\6_Offer_16.exe

C:\Users\SJB\AppData\Local\Temp\9379uninstall.exe

C:\Users\SJB\AppData\Local\Temp\air245F.exe

C:\Users\SJB\AppData\Local\Temp\air478B.exe

C:\Users\SJB\AppData\Local\Temp\airEE94.exe

C:\Users\SJB\AppData\Local\Temp\APNSetup.exe

C:\Users\SJB\AppData\Local\Temp\ApnToolbarInstaller.exe

C:\Users\SJB\AppData\Local\Temp\aro.exe

C:\Users\SJB\AppData\Local\Temp\avast! Free Antivirus .exe

C:\Users\SJB\AppData\Local\Temp\CB88_fdminst.exe

C:\Users\SJB\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfgewmy.dll

C:\Users\SJB\AppData\Local\Temp\F65E_FPPSetup.exe

C:\Users\SJB\AppData\Local\Temp\nsw680E.tmp.exe

C:\Users\SJB\AppData\Local\Temp\OfficeSetup.exe

C:\Users\SJB\AppData\Local\Temp\pcDesktopAlertNotifierX.dll

C:\Users\SJB\AppData\Local\Temp\Quarantine.exe

C:\Users\SJB\AppData\Local\Temp\STWSetup.exe

C:\Users\SJB\AppData\Local\Temp\The_Weather_Channel_Application.exe

C:\Users\SJB\AppData\Local\Temp\vcredist_x64.exe

C:\Users\SJB\AppData\Local\Temp\{654FA3CB-97AF-4AD4-B91E-0CF6D8D497A2}-GoogleUpdateSetup.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-01-26 22:47

[pystryker]

Hello, let's get started.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable it after you have completed the steps.


Step 1: Program Uninstalls

Please uninstall the following programs from your machine as they are adware/malware related. If one of the programs fails to uninstall, please move on to the next one in the list.

• Music Remote
• Search App by Ask

Step 2: Fix with FRST

Note: Before performing this step, please move FRST64.exe from C:\Users\SJB\Downloads to the Desktop or the fix will not work. All tools must be run from the Desktop.

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the desktop as fixlist.txt
  
  NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\AskPartnerNetwork
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\...\MountPoints2: {b7c8c0d9-99bb-11e0-ae76-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11405&pf=V7&trgb=IE&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.17689&apn_uid=7702D1FB-70FA-4DAD-B018-97119024139E&itbv=12.24.1.51&doi=2015-04-02&psv=&pt=tb
URLSearchHook: HKLM-x32 - (No Name) - {da7a20cf-bef4-4342-ad78-0240fdf87055} - No File
URLSearchHook: HKLM-x32 - (No Name) - {6c3bc03f-d7b9-43ac-8931-c242e3cae971} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=adk_14_18&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzy0Ezy0EyE0AyBtDyEtBtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1T1Q1J1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StBtBzzyE0BzyyDtDtG0DyDyDtCtG0C0DyCtBtG0EtAtA0BtGtCzz0DzzzztC0DyC0CtA0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCtCtB0FtA0FyDtGyC0D0A0AtGzzyD0A0FtGtByE0B0BtGyByCyCtD0B0E0A0AtDyBtBtD2Q&cr=149238162&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=adk_14_18&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzy0Ezy0EyE0AyBtDyEtBtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1T1Q1J1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StBtBzzyE0BzyyDtDtG0DyDyDtCtG0C0DyCtBtG0EtAtA0BtGtCzz0DzzzztC0DyC0CtA0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCtCtB0FtA0FyDtGyC0D0A0AtGzzyD0A0FtGtByE0B0BtGyByCyCtD0B0E0A0AtDyBtBtD2Q&cr=149238162&ir=
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> {1CE601FE-2469-412B-8A9D-40BD8FD7B213} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.24.1.51&apn_uid=7702D1FB-70FA-4DAD-B018-97119024139E&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17689&doi=2015-04-02&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll [2016-01-04] (APN LLC.)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\mskapbho.dll => No File
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll [2016-01-04] (APN LLC.)
BHO-x32: No Name -> {6c3bc03f-d7b9-43ac-8931-c242e3cae971} -> No File
BHO-x32: Music RemoteBHO -> {CA6D5FD2-AD35-44F8-AFEF-B36C908CE901} -> C:\Program Files (x86)\Music Remote\1.0\KangoBHO.dll [2013-04-14] (KangoExtensions)
C:\Program Files (x86)\Music Remote
BHO-x32: No Name -> {da7a20cf-bef4-4342-ad78-0240fdf87055} -> No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll [2016-01-04] (APN LLC.)
Toolbar: HKLM-x32 - Music Remote - {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} - C:\Program Files (x86)\Music Remote\1.0\KangoBHO.dll [2013-04-14] (KangoExtensions)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll [2016-01-04] (APN LLC.)
Toolbar: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> No Name - {DA7A20CF-BEF4-4342-AD78-0240FDF87055} - No File
Toolbar: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> No Name - {6C3BC03F-D7B9-43AC-8931-C242E3CAE971} - No File
Toolbar: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> No Name - {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} - No File
Toolbar: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll [2016-01-04] (APN LLC.)
FF Plugin HKU\S-1-5-21-1739471184-2068617908-1788588825-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2016-01-04] (APN LLC.)
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
Task: {02A5CB4B-4E8B-427E-BC23-33908430C64A} - \AmiUpdXp -> No File <==== ATTENTION
Task: {0563A566-6A91-4BFA-B274-0324BF4CD0CD} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {0E5DDBE3-CA5A-4017-9957-23082F98728C} - \Plus-HD-1.6-updater -> No File <==== ATTENTION
Task: {375B77AC-8737-484B-AD94-375F4C8EA05B} - \Plus-HD-1.6-chromeinstaller -> No File <==== ATTENTION
Task: {6B3CCFAA-ED32-4DBB-969F-0F84364AFA32} - \Plus-HD-1.6-codedownloader -> No File <==== ATTENTION
Task: {6EB3A125-0A91-42F6-B4F1-0583665C915A} - \SuperLyrics-1-updater -> No File <==== ATTENTION
Task: {9C569DDB-2E90-493E-9A12-659E73088A5B} - \Plus-HD-1.6-firefoxinstaller -> No File <==== ATTENTION
Task: {E1FFF8A6-DB5F-4C51-A377-A205C24ECE71} - \Plus-HD-1.6-enabler -> No File <==== ATTENTION
Task: {E877B35C-2C94-40AF-A5B3-B8CE56356F9B} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [254]
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop

• Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
• Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
• Please Check the following options:
  • Reset Proxy Settings
  • Reset Winsock Settings
  • Reset TCP/IP Settings
  • Reset Firewall Settings
  • Reset IPSec Settings
  • Reset BITS Queue
  • Reset Internet Explorer Policies
  • Reset Chrome Policies
• Close any open windows or browsers.
• Pause your Anti-Virus program if it is running.
• Once it starts, click on the Scan button.
• Let the scan complete itself. This may take a few minutes.
• Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
• When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
  This report is also saved at C:\Adwcleaner

Step 5: Fresh FRST Scan

• Start Farbar's Recovery Scan Tool and press the Scan button.
• FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

• Fixlog.txt Log
• Junkware Removal Tool Log
• AdwCleaner Log
• Fresh FRST.txt Log
• Fresh Addition.txt Log

[cahagg01]

Fix result of Farbar Recovery Scan Tool (x64) Version:03-05-2016
Ran by SJB (2016-05-03 21:08:23) Run:1
Running from C:\Users\SJB\Desktop
Loaded Profiles: SJB (Available Profiles: SJB)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\AskPartnerNetwork
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\...\MountPoints2: {b7c8c0d9-99bb-11e0-ae76-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11405&pf=V7&trgb=IE&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.17689&apn_uid=7702D1FB-70FA-4DAD-B018-97119024139E&itbv=12.24.1.51&doi=2015-04-02&psv=&pt=tb
URLSearchHook: HKLM-x32 - (No Name) - {da7a20cf-bef4-4342-ad78-0240fdf87055} - No File
URLSearchHook: HKLM-x32 - (No Name) - {6c3bc03f-d7b9-43ac-8931-c242e3cae971} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=adk_14_18&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzy0Ezy0EyE0AyBtDyEtBtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1T1Q1J1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StBtBzzyE0BzyyDtDtG0DyDyDtCtG0C0DyCtBtG0EtAtA0BtGtCzz0DzzzztC0DyC0CtA0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCtCtB0FtA0FyDtGyC0D0A0AtGzzyD0A0FtGtByE0B0BtGyByCyCtD0B0E0A0AtDyBtBtD2Q&cr=149238162&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=adk_14_18&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzy0Ezy0EyE0AyBtDyEtBtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1T1Q1J1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StBtBzzyE0BzyyDtDtG0DyDyDtCtG0C0DyCtBtG0EtAtA0BtGtCzz0DzzzztC0DyC0CtA0CtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtCtCtB0FtA0FyDtGyC0D0A0AtGzzyD0A0FtGtByE0B0BtGyByCyCtD0B0E0A0AtDyBtBtD2Q&cr=149238162&ir=
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> {1CE601FE-2469-412B-8A9D-40BD8FD7B213} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.24.1.51&apn_uid=7702D1FB-70FA-4DAD-B018-97119024139E&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17689&doi=2015-04-02&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => No File
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll [2016-01-04] (APN LLC.)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\mskapbho.dll => No File
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll [2016-01-04] (APN LLC.)
BHO-x32: No Name -> {6c3bc03f-d7b9-43ac-8931-c242e3cae971} -> No File
BHO-x32: Music RemoteBHO -> {CA6D5FD2-AD35-44F8-AFEF-B36C908CE901} -> C:\Program Files (x86)\Music Remote\1.0\KangoBHO.dll [2013-04-14] (KangoExtensions)
C:\Program Files (x86)\Music Remote
BHO-x32: No Name -> {da7a20cf-bef4-4342-ad78-0240fdf87055} -> No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll [2016-01-04] (APN LLC.)
Toolbar: HKLM-x32 - Music Remote - {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} - C:\Program Files (x86)\Music Remote\1.0\KangoBHO.dll [2013-04-14] (KangoExtensions)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll [2016-01-04] (APN LLC.)
Toolbar: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> No Name - {DA7A20CF-BEF4-4342-AD78-0240FDF87055} - No File
Toolbar: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> No Name - {6C3BC03F-D7B9-43AC-8931-C242E3CAE971} - No File
Toolbar: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> No Name - {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} - No File
Toolbar: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll [2016-01-04] (APN LLC.)
FF Plugin HKU\S-1-5-21-1739471184-2068617908-1788588825-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198216 2016-01-04] (APN LLC.)
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
Task: {02A5CB4B-4E8B-427E-BC23-33908430C64A} - \AmiUpdXp -> No File <==== ATTENTION
Task: {0563A566-6A91-4BFA-B274-0324BF4CD0CD} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {0E5DDBE3-CA5A-4017-9957-23082F98728C} - \Plus-HD-1.6-updater -> No File <==== ATTENTION
Task: {375B77AC-8737-484B-AD94-375F4C8EA05B} - \Plus-HD-1.6-chromeinstaller -> No File <==== ATTENTION
Task: {6B3CCFAA-ED32-4DBB-969F-0F84364AFA32} - \Plus-HD-1.6-codedownloader -> No File <==== ATTENTION
Task: {6EB3A125-0A91-42F6-B4F1-0583665C915A} - \SuperLyrics-1-updater -> No File <==== ATTENTION
Task: {9C569DDB-2E90-493E-9A12-659E73088A5B} - \Plus-HD-1.6-firefoxinstaller -> No File <==== ATTENTION
Task: {E1FFF8A6-DB5F-4C51-A377-A205C24ECE71} - \Plus-HD-1.6-enabler -> No File <==== ATTENTION
Task: {E877B35C-2C94-40AF-A5B3-B8CE56356F9B} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [254]
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe => No running process found
"C:\Program Files (x86)\AskPartnerNetwork" => not found.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe => No running process found
"HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7c8c0d9-99bb-11e0-ae76-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{b7c8c0d9-99bb-11e0-ae76-806e6f6e6963} => key not found.
HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{da7a20cf-bef4-4342-ad78-0240fdf87055} => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{6c3bc03f-d7b9-43ac-8931-c242e3cae971} => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CE601FE-2469-412B-8A9D-40BD8FD7B213}" => key removed successfully
HKCR\CLSID\{1CE601FE-2469-412B-8A9D-40BD8FD7B213} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7} => key not found.
HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7} => key not found.
HKCR\Wow6432Node\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c3bc03f-d7b9-43ac-8931-c242e3cae971}" => key removed successfully
HKCR\Wow6432Node\CLSID\{6c3bc03f-d7b9-43ac-8931-c242e3cae971} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6D5FD2-AD35-44F8-AFEF-B36C908CE901} => key not found.
HKCR\Wow6432Node\CLSID\{CA6D5FD2-AD35-44F8-AFEF-B36C908CE901} => key not found.
C:\Program Files (x86)\Music Remote => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da7a20cf-bef4-4342-ad78-0240fdf87055}" => key removed successfully
HKCR\Wow6432Node\CLSID\{da7a20cf-bef4-4342-ad78-0240fdf87055} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value not found.
HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D2C31D2B-35BE-4C2B-ACCB-A78877274E60} => value not found.
HKCR\Wow6432Node\CLSID\{D2C31D2B-35BE-4C2B-ACCB-A78877274E60} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value not found.
HKCR\Wow6432Node\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => key not found.
HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DA7A20CF-BEF4-4342-AD78-0240FDF87055} => value removed successfully
HKCR\CLSID\{DA7A20CF-BEF4-4342-AD78-0240FDF87055} => key not found.
HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6C3BC03F-D7B9-43AC-8931-C242E3CAE971} => value removed successfully
HKCR\CLSID\{6C3BC03F-D7B9-43AC-8931-C242E3CAE971} => key not found.
HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D2C31D2B-35BE-4C2B-ACCB-A78877274E60} => value removed successfully
HKCR\CLSID\{D2C31D2B-35BE-4C2B-ACCB-A78877274E60} => key not found.
HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value removed successfully
HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => key not found.
"HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1" => key removed successfully
C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll => not found.
APNMCP => service not found.
MREMPR5 => service removed successfully
MRENDIS5 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02A5CB4B-4E8B-427E-BC23-33908430C64A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02A5CB4B-4E8B-427E-BC23-33908430C64A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0563A566-6A91-4BFA-B274-0324BF4CD0CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0563A566-6A91-4BFA-B274-0324BF4CD0CD}" => key removed successfully
C:\Windows\System32\Tasks\PC Optimizer Pro64 startups => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0E5DDBE3-CA5A-4017-9957-23082F98728C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E5DDBE3-CA5A-4017-9957-23082F98728C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.6-updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{375B77AC-8737-484B-AD94-375F4C8EA05B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{375B77AC-8737-484B-AD94-375F4C8EA05B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.6-chromeinstaller" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B3CCFAA-ED32-4DBB-969F-0F84364AFA32}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B3CCFAA-ED32-4DBB-969F-0F84364AFA32}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.6-codedownloader" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6EB3A125-0A91-42F6-B4F1-0583665C915A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EB3A125-0A91-42F6-B4F1-0583665C915A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SuperLyrics-1-updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9C569DDB-2E90-493E-9A12-659E73088A5B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C569DDB-2E90-493E-9A12-659E73088A5B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.6-firefoxinstaller" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E1FFF8A6-DB5F-4C51-A377-A205C24ECE71}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1FFF8A6-DB5F-4C51-A377-A205C24ECE71}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-1.6-enabler" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E877B35C-2C94-40AF-A5B3-B8CE56356F9B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E877B35C-2C94-40AF-A5B3-B8CE56356F9B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => key removed successfully
C:\Windows\Tasks\PC Optimizer Pro64 startups.job => moved successfully
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 16 GB temporary data Removed.

The system needed a reboot.

[cahagg01]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by SJB (Administrator) on Tue 05/03/2016 at 21:28:28.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 24

Successfully deleted: C:\ProgramData\apn (Folder)
Successfully deleted: C:\Users\SJB\AppData\Local\{48897582-9BDB-49FC-A227-E1964AB76211} (Empty Folder)
Successfully deleted: C:\Users\SJB\AppData\Local\{97595611-EC02-4AAC-9786-54C018F6B6B6} (Empty Folder)
Successfully deleted: C:\Users\SJB\AppData\Local\{E6B78683-2936-4D61-9A80-15C404ABDBD6} (Empty Folder)
Successfully deleted: C:\Users\SJB\AppData\Roaming\download manager (Folder)
Successfully deleted: C:\Users\SJB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\check pc for errors.lnk (Shortcut)
Successfully deleted: C:\Users\SJB\Desktop\check pc for errors.lnk (Shortcut)
Successfully deleted: C:\Users\SJB\Desktop\clean registry for free!.lnk (Shortcut)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\ProgramData\SPL97FB.tmp (File)
Successfully deleted: C:\ProgramData\SPLC1D1.tmp (File)
Successfully deleted: C:\ProgramData\SPLC677.tmp (File)
Successfully deleted: C:\ProgramData\SPLC8D8.tmp (File)
Successfully deleted: C:\Users\SJB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ1U2XKD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\SJB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLY3JAQB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\SJB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2SZSCOT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\SJB\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YW8JY20B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-66EEE4D2.pf (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJ1U2XKD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLY3JAQB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y2SZSCOT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YW8JY20B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\sho1E7A.tmp (File)
Successfully deleted: C:\Windows\SysWOW64\sho628.tmp (File)

 

Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Free Download Manager (Registry Value)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\YahooAUService (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/03/2016 at 21:34:36.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[cahagg01]

# AdwCleaner v5.115 - Logfile created 03/05/2016 at 21:40:48
# Updated 01/05/2016 by Xplode
# Database : 2016-05-01.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : SJB - SJB-PC
# Running from : C:\Users\SJB\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : YahooAUService

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Yahoo! Companion
[#] Folder Deleted : C:\ProgramData\Application Data\Yahoo! Companion
[-] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[-] Folder Deleted : C:\Users\SJB\AppData\LocalLow\Yahoo! Companion
[-] Folder Deleted : C:\Users\SJB\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\SJB\AppData\Roaming\Yahoo!\Companion
[-] Folder Deleted : C:\Users\SJB\Documents\ktip
[-] Folder Deleted : C:\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Yahoo!\Common\unyt.exe

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [Plus-HD-1.6-bg.exe]
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\edmgmpmklgfbohogafcfobonnkogchec
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
[-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
[-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Key Deleted : HKCU\Software\SevereWeatherAlerts
[-] Key Deleted : HKCU\Software\usyndication.com
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linksicle
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key Deleted : HKU\.DEFAULT\Software\DefaultTab
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\us.yhs4.search.yahoo.com

***** [ Web browsers ] *****

[-] [C:\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : edmgmpmklgfbohogafcfobonnkogchec

*************************

:: "Tracing" keys deleted
:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: Firewall settings cleared
:: IPSec settings cleared
:: BITS queue cleared
:: IE policies deleted
:: Chrome policies deleted

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [10727 bytes] - [03/05/2016 21:40:48]
C:\AdwCleaner\AdwCleaner[R0].txt - [20015 bytes] - [06/11/2013 08:25:06]
C:\AdwCleaner\AdwCleaner[R1].txt - [20076 bytes] - [06/11/2013 08:26:15]
C:\AdwCleaner\AdwCleaner[R2].txt - [20119 bytes] - [06/11/2013 08:39:49]
C:\AdwCleaner\AdwCleaner[R3].txt - [5977 bytes] - [22/06/2014 19:57:15]
C:\AdwCleaner\AdwCleaner[S0].txt - [17946 bytes] - [06/11/2013 08:43:01]
C:\AdwCleaner\AdwCleaner[S1].txt - [16315 bytes] - [22/06/2014 19:57:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11244 bytes] ##########

[cahagg01]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-05-2016
Ran by SJB (2016-05-03 21:52:08)
Running from C:\Users\SJB\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-08-16 12:23:41)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1739471184-2068617908-1788588825-500 - Administrator - Disabled)
Guest (S-1-5-21-1739471184-2068617908-1788588825-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1739471184-2068617908-1788588825-1006 - Limited - Enabled)
SJB (S-1-5-21-1739471184-2068617908-1788588825-1001 - Administrator - Enabled) => C:\Users\SJB

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG Internet Security (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1703.41614 - ABBYY Software House)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1523 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1523 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.4 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0301.2011 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARO 2012 (HKLM\...\ARO 2012_is1) (Version: 8.0 - Support.com)
AT&T Troubleshoot & Resolve (HKLM-x32\...\ATT-AT&T Troubleshoot & Resolve) (Version: 8.4.1.11 - AT&T)
ATT Management Agent (HKLM-x32\...\ATT-ATT Management Agent) (Version: 8.3.1.7 - ATT)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)
AVG (HKLM\...\AvgZen) (Version: 1.51.2.3593 - AVG Technologies)
AVG (Version: 16.71.7596 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4565 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.71.7596 - AVG Technologies)
AVG Zen (Version: 1.51.58 - AVG Technologies) Hidden
Backup Manager V3 (x32 Version: 3.0.0.85 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackboard Collaborate Launcher (HKLM-x32\...\{E5F1305E-3B86-4C41-A408-3B5DFC381926}) (Version: 1.5.0.0 - Blackboard)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.6.1.2 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1422.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1422.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7418 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Expert PDF 7 Reader (HKLM-x32\...\{FC279721-37A6-4777-AFD8-7A56681EBA14}) (Version: 7.0.1370.0 - Avanquest software)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version:  - FlashPlayerPro.com)
FMW 1 (Version: 1.73.2 - AVG Technologies) Hidden
Free Download Manager 3.9.3 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.5 - Acer Inc.)
Lexmark 3400 Series (HKLM\...\Lexmark 3400 Series) (Version:  - Lexmark International, Inc.)
Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaEspresso (x32 Version: 1.0.1418_35759 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Music Remote (HKLM-x32\...\{CA6D5FD2-AD35-44F8-AFEF-B36C908CE901}) (Version: 1.0 - KangoExtensions) <==== ATTENTION
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6314 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Shop-Up (HKLM-x32\...\Shop-Up) (Version: 1.29.153.2 - Winportal)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version:  - )
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.3.57 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WiseConvert B2 Toolbar (HKLM-x32\...\WiseConvert_B2 Toolbar) (Version: 6.13.1.500 - WiseConvert B2)
Word Layers (HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\...\Word Layers) (Version: 3 - wordlayersapp.com)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {133A1082-02FE-4C40-9F97-665B444D2826} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-02-22] (Acer Incorporated)
Task: {3B48C71F-1DCE-4832-98E2-683D5D1F5B3F} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-02-22] (CyberLink)
Task: {3DE7B523-4F7F-4E17-A9DB-9E349E817E05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {442CA337-2DFE-422A-8466-465428716A86} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4CB670DA-3947-46F0-B27A-6B8FE89CCA00} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1739471184-2068617908-1788588825-1001UA => C:\Users\SJB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24] (Dropbox, Inc.)
Task: {7CFF72DD-1BB4-48E0-B033-8025B2753491} - System32\Tasks\{E194A126-123C-4403-9FB8-A6303A729F7B} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.5.0.158&amp;LastError=12031
Task: {7F772638-DF5F-49E2-9FE6-2CBB0E911196} - System32\Tasks\{FDFC103B-66D6-4E24-8F23-165A1FBC264C} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.5.0.158&amp;LastError=12031
Task: {93C9F481-117A-4D8E-8965-2F0EED8CC397} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1739471184-2068617908-1788588825-1001Core => C:\Users\SJB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24] (Dropbox, Inc.)
Task: {948A73E3-A323-4F2C-99FE-079583A72274} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-12] (AVAST Software)
Task: {9F818479-7B0C-43C8-ADDC-2B7FCC80DB61} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-02-22] (CyberLink Corp.)
Task: {A46FA9F6-4D85-417F-A6E5-4B3BFCC6B17C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-02] (Adobe Systems Incorporated)
Task: {B3541D3A-3865-4CBB-8986-4E518DE523F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {CF9AFFA6-3B69-4790-9F0D-1B98858B0D32} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-10] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1739471184-2068617908-1788588825-1001Core.job => C:\Users\SJB\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1739471184-2068617908-1788588825-1001UA.job => C:\Users\SJB\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.acer.com/redirect.aspx?rid=09000001

==================== Loaded Modules (Whitelisted) ==============

2011-09-26 18:56 - 2006-11-22 09:21 - 00045056 _____ () C:\Windows\System32\LXPRMON.DLL
2011-09-26 18:55 - 2006-11-22 09:05 - 00012288 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\FxCtrStr.dll
2011-09-26 18:55 - 2006-11-22 09:19 - 00081408 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\ipcmt64.dll
2011-09-26 18:58 - 2007-03-16 05:42 - 00144896 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxcypp6c.dll
2011-09-26 18:55 - 2007-06-25 09:34 - 00291504 _____ () C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
2012-01-10 20:12 - 2012-01-10 20:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-09-12 11:55 - 2015-09-12 11:55 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-12 11:55 - 2015-09-12 11:55 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-05-03 12:06 - 2016-05-03 12:06 - 02891264 _____ () C:\Program Files\AVAST Software\Avast\defs\16050301\algo.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-01 18:08 - 2014-04-01 18:08 - 00244736 _____ () C:\Program Files (x86)\ATT\8.4.1.11\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2014-04-01 18:08 - 2014-04-01 18:08 - 00271360 _____ () C:\Program Files (x86)\ATT\8.4.1.11\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2014-04-01 18:08 - 2014-04-01 18:08 - 00237056 _____ () C:\Program Files (x86)\ATT\8.4.1.11\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 08:55 - 2013-04-24 08:55 - 01581056 _____ () C:\Program Files (x86)\ATT\8.4.1.11\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 17:55 - 2013-04-18 17:55 - 00068608 _____ () C:\Program Files (x86)\ATT\8.4.1.11\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2011-02-15 13:37 - 2011-02-15 13:37 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-02-15 13:36 - 2011-02-15 13:36 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-02-15 13:37 - 2011-02-15 13:37 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-02-22 12:01 - 2011-02-22 12:01 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2011-09-26 18:55 - 2006-08-08 14:54 - 00278528 _____ () C:\Program Files (x86)\Lexmark 3400 Series\lxcyscw.dll
2011-09-26 18:55 - 2006-02-13 08:04 - 00143360 _____ () C:\Program Files (x86)\Lexmark 3400 Series\lxcydrec.dll
2011-09-26 18:54 - 2006-05-25 15:20 - 00241664 _____ () C:\Program Files (x86)\Lexmark 3400 Series\iptk.dll
2016-05-02 21:55 - 2016-03-21 16:50 - 00034768 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-05-02 21:55 - 2016-03-21 16:51 - 00019408 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-05-02 21:55 - 2016-03-21 16:50 - 00116688 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-05-02 21:55 - 2016-03-21 16:50 - 00093640 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-05-02 21:55 - 2016-03-21 16:50 - 00018376 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\select.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 00019760 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-05-02 21:55 - 2016-03-21 16:52 - 00105928 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-05-02 21:55 - 2016-03-21 16:50 - 00392144 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-05-02 21:55 - 2016-04-08 13:20 - 00381752 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-05-02 21:55 - 2016-03-21 16:50 - 00692688 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-05-02 21:55 - 2016-04-08 13:19 - 00020816 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-05-02 21:55 - 2016-03-21 16:51 - 00112592 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-05-02 21:55 - 2016-04-08 13:19 - 01682760 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-05-02 21:55 - 2016-04-08 13:19 - 00020808 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 00021840 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-05-02 21:55 - 2016-04-08 13:19 - 00038696 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-05-02 21:55 - 2016-03-21 16:52 - 00020936 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-05-02 21:55 - 2016-03-21 16:52 - 00024528 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-05-02 21:55 - 2016-03-21 16:52 - 00114640 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-05-02 21:55 - 2016-03-21 16:52 - 00124880 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 00021832 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-05-02 21:55 - 2016-03-21 16:52 - 00024016 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-05-02 21:55 - 2016-03-21 16:52 - 00175560 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-05-02 21:55 - 2016-03-21 16:52 - 00030160 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-05-02 21:55 - 2016-03-21 16:52 - 00043472 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-05-02 21:55 - 2016-03-21 16:52 - 00028616 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-05-02 21:55 - 2016-03-21 16:52 - 00048592 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-05-02 21:55 - 2016-04-08 13:19 - 00026456 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-05-02 21:55 - 2016-03-21 16:52 - 00057808 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-05-02 21:55 - 2016-03-21 16:52 - 00024016 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-05-02 21:55 - 2016-04-08 13:19 - 00117056 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 00023376 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-05-02 21:55 - 2016-03-21 16:50 - 00134608 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-05-02 21:55 - 2016-03-21 16:50 - 00134088 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-05-02 21:55 - 2016-03-21 16:51 - 00240584 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-05-02 21:55 - 2016-04-08 13:19 - 00024392 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-05-02 21:55 - 2016-03-21 16:52 - 00036296 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\librsync.dll
2016-05-02 21:55 - 2016-04-08 13:19 - 00052024 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 00020800 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 00021824 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 00019776 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 00020800 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-05-02 21:55 - 2016-04-08 13:19 - 00020280 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-05-02 21:55 - 2016-03-21 16:52 - 00350152 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 00022352 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-05-02 21:55 - 2016-04-08 13:19 - 00084280 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-05-02 21:55 - 2016-04-08 13:20 - 01826096 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-05-02 21:55 - 2016-03-21 16:51 - 00083912 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\sip.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 03928880 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 01971504 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 00531248 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 00132912 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 00223544 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 00207672 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 00158008 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 00042808 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-05-02 21:55 - 2016-03-21 16:54 - 00017864 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-05-02 21:55 - 2016-03-21 16:54 - 01631184 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-05-02 21:55 - 2016-04-08 13:20 - 00024904 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 00546096 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-05-02 21:55 - 2016-04-08 13:20 - 00357680 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-05-02 21:55 - 2016-03-21 16:56 - 00697304 _____ () C:\Users\SJB\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2009-04-16 12:02 - 2009-04-16 12:02 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2015-09-12 11:55 - 2015-09-12 11:55 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-05-02 22:10 - 2016-05-02 22:08 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-03-10 20:29 - 2016-03-10 20:29 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ad1d5f0cd29a1edfa6483a6b07628457\IsdiInterop.ni.dll
2011-04-18 23:22 - 2010-04-13 11:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SJB\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{A1BF2813-3F4B-4E47-8DFA-9BBEAEE23A01}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe] => (Block) C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe
FirewallRules: [UDP Query User{E64623B6-AA44-4C3A-B86E-8EF5745DBC33}C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe] => (Block) C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe

==================== Restore Points =========================

22-02-2016 23:30:25 Windows Update
01-03-2016 20:11:38 Windows Update
10-03-2016 20:41:52 Windows Update
10-03-2016 20:55:34 Windows Update
12-03-2016 16:30:05 Windows Update
02-05-2016 21:50:06 Windows Modules Installer
02-05-2016 21:55:51 Windows Modules Installer
02-05-2016 22:15:25 Installed AVG 2016
02-05-2016 22:16:32 Installed AVG
03-05-2016 20:24:25 Windows Update
03-05-2016 21:08:24 Restore Point Created by FRST
03-05-2016 21:28:43 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2016 09:54:41 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (05/03/2016 09:50:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/03/2016 09:50:57 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/03/2016 09:44:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2016 09:26:29 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (05/03/2016 09:21:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/03/2016 09:21:53 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/03/2016 09:15:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/03/2016 09:08:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary {9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.

System Error:
The system cannot find the file specified.
.

Error: (05/03/2016 08:25:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary {9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.

System Error:
The system cannot find the file specified.
.

System errors:
=============
Error: (05/03/2016 09:45:32 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/03/2016 09:45:25 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/03/2016 09:45:17 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/03/2016 09:45:10 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/03/2016 09:45:04 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/03/2016 09:44:58 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/03/2016 09:44:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/03/2016 09:44:46 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/03/2016 09:44:39 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (05/03/2016 09:44:33 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU P6100 @ 2.00GHz
Percentage of memory in use: 66%
Total physical RAM: 3766.7 MB
Available physical RAM: 1243.93 MB
Total Virtual: 7531.61 MB
Available Virtual: 4953.05 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:356.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FEE87037)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.7 GB) - (Type=07 NTFS)

[cahagg01]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-05-2016
Ran by SJB (administrator) on SJB-PC (03-05-2016 21:50:50)
Running from C:\Users\SJB\Desktop
Loaded Profiles: SJB (Available Profiles: SJB)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Alcatel-Lucent) C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\MAHostService.exe
(Joyent, Inc) C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\node.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
( ) C:\Windows\System32\lxcycoms.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alcatel-Lucent) C:\Program Files\ATT\8.4.1.11\ma\bin\pcTrayApp.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dropbox, Inc.) C:\Users\SJB\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Inc.) C:\Program Files (x86)\Acer\clear.fi Client\ExtractDeviceIcon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_213_ActiveX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2launcher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11779176 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM\...\Run: [lxcymon.exe] => C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe [291504 2007-06-25] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe [82608 2007-06-25] (Lexmark International Inc.)
HKLM\...\Run: [LXCYCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCYtime.dll,RunDLLEntry
HKLM\...\Run: [ATT_McciTrayApp] => C:\Program Files\ATT\8.4.1.11\ma\bin\pcTrayApp.exe [2834432 2014-06-25] (Alcatel-Lucent)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1092688 2011-03-31] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-02-18] (CyberLink Corp.)
HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [295600 2007-06-25] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2015-12-20] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [4883216 2016-04-20] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\...\Run: [DW6] => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\...\Run: [AROReminder] => C:\Program Files (x86)\ARO 2012\ARO.exe [2553752 2012-07-27] (Support.com, Inc.)
HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\...\Run: [Dropbox Update] => C:\Users\SJB\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-24] (Dropbox, Inc.)
HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-12] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\SJB\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\Users\SJB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\SJB\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\SJB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2011-08-25]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{A68D1A0A-02D6-47DA-8BA1-63F1C48DB3C2}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-12] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-03] (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-12] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-03] (Google Inc.)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-10-25] (FreeDownloadManager.ORG)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-02] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-03] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-1739471184-2068617908-1788588825-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-03] (Google Inc.)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-09-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\npMotive.dll [2014-06-25] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-11-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-20]

Chrome:
=======
CHR Profile: C:\Users\SJB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AT&T Troubleshoot & Resolve; C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\MAHostService.exe [321024 2014-06-25] (Alcatel-Lucent) [File not signed]
S2 ATT MAHostService; C:\Program Files (x86)\ATT\8.3.1.7\ma\bin\MAHostService.exe [321024 2013-08-26] (Alcatel-Lucent) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-12] (AVAST Software)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638968 2016-04-20] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [1999224 2016-04-20] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5155904 2016-04-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [710232 2016-04-20] (AVG Technologies CZ, s.r.o.)
R2 lxcy_device; C:\Windows\system32\lxcycoms.exe [566448 2007-06-20] ( )
R2 lxcy_device; C:\Windows\SysWOW64\lxcycoms.exe [537264 2007-06-20] ( )
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-10-22] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-03-02] (Alcatel-Lucent) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-12] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-12] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-12-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-12-20] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-09-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-12] (AVAST Software)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [307456 2016-04-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [248576 2016-03-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [51968 2016-04-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71936 2016-04-18] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-03 21:46 - 2016-05-03 21:46 - 00011384 _____ C:\Users\SJB\Desktop\AdwCleaner[C1].txt
2016-05-03 21:37 - 2016-05-03 21:37 - 03615296 _____ C:\Users\SJB\Desktop\AdwCleaner.exe
2016-05-03 21:27 - 2016-05-03 21:27 - 01610816 _____ (Malwarebytes) C:\Users\SJB\Desktop\JRT.exe
2016-05-03 21:08 - 2016-05-03 21:12 - 00016565 _____ C:\Users\SJB\Desktop\Fixlog.txt
2016-05-03 20:39 - 2016-05-03 21:50 - 00022419 _____ C:\Users\SJB\Desktop\FRST.txt
2016-05-03 20:38 - 2016-05-03 20:38 - 00045844 _____ C:\Users\SJB\Desktop\Addition.txt
2016-05-03 20:34 - 2016-05-03 20:40 - 00045844 _____ C:\Users\SJB\Downloads\Addition.txt
2016-05-03 20:31 - 2016-05-03 20:40 - 00036165 _____ C:\Users\SJB\Downloads\FRST.txt
2016-05-03 20:30 - 2016-05-03 21:50 - 00000000 ____D C:\FRST
2016-05-03 20:29 - 2016-05-03 20:30 - 02377216 _____ (Farbar) C:\Users\SJB\Desktop\FRST64.exe
2016-05-02 22:22 - 2016-05-02 22:22 - 00000000 ____D C:\Users\SJB\AppData\Roaming\AVG
2016-05-02 22:21 - 2016-05-02 22:21 - 00000000 ____D C:\Users\SJB\AppData\Roaming\TuneUp Software
2016-05-02 22:21 - 2016-05-02 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-05-02 22:17 - 2016-05-02 22:17 - 00000000 ___HD C:\$AVG
2016-05-02 22:13 - 2016-05-03 21:10 - 00000000 ____D C:\ProgramData\MFAData
2016-05-02 22:13 - 2016-05-02 22:13 - 00000000 ____D C:\Users\SJB\AppData\Local\MFAData
2016-05-02 22:12 - 2016-05-02 22:12 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-05-02 22:12 - 2016-05-02 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-05-02 22:10 - 2016-05-02 22:17 - 00000000 ____D C:\ProgramData\Avg
2016-05-02 22:10 - 2016-05-02 22:16 - 00000000 ____D C:\Program Files (x86)\AVG
2016-05-02 22:07 - 2016-05-02 22:22 - 00000000 ____D C:\Users\SJB\AppData\Local\Avg
2016-05-02 22:07 - 2016-05-02 22:13 - 00000000 ____D C:\Users\SJB\AppData\Local\AvgSetupLog
2016-05-02 22:07 - 2016-05-02 22:07 - 02946480 _____ (AVG Technologies CZ, s.r.o.) C:\Users\SJB\Downloads\AVG_Protection_1472.exe
2016-05-02 21:56 - 2016-05-02 21:56 - 00000000 ____D C:\Users\SJB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-20 14:17 - 2016-04-20 14:17 - 00307456 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2016-04-18 09:04 - 2016-04-18 09:04 - 00071936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avguniva.sys
2016-04-14 10:54 - 2016-04-14 10:54 - 00051968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-03 21:51 - 2009-07-14 00:13 - 00006494 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-03 21:50 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-03 21:50 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-03 21:47 - 2012-09-29 13:40 - 00000000 ___RD C:\Users\SJB\Dropbox
2016-05-03 21:43 - 2014-01-26 14:34 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-03 21:43 - 2013-10-16 19:02 - 00000000 ____D C:\Program Files (x86)\ATT
2016-05-03 21:43 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-03 21:41 - 2013-08-13 22:19 - 00000008 __RSH C:\Users\SJB\ntuser.pol
2016-05-03 21:41 - 2011-08-16 07:23 - 00000000 ____D C:\Users\SJB
2016-05-03 21:40 - 2013-11-06 08:25 - 00000000 ____D C:\AdwCleaner
2016-05-03 21:40 - 2013-11-03 11:55 - 00000000 ____D C:\Users\SJB\AppData\Roaming\Yahoo!
2016-05-03 21:40 - 2013-11-03 11:55 - 00000000 ____D C:\Users\SJB\AppData\LocalLow\Yahoo!
2016-05-03 21:40 - 2013-11-03 11:55 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-05-03 21:35 - 2013-09-30 13:20 - 00000000 ____D C:\Users\SJB\AppData\Local\Google
2016-05-03 21:34 - 2013-11-06 09:06 - 00003416 _____ C:\Users\SJB\Desktop\JRT.txt
2016-05-03 21:32 - 2015-06-24 09:59 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1739471184-2068617908-1788588825-1001UA.job
2016-05-03 21:29 - 2014-01-26 14:34 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-03 21:28 - 2014-05-20 20:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-03 21:27 - 2013-09-29 14:50 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-03 21:22 - 2011-08-16 15:42 - 00000000 ____D C:\ProgramData\clear.fi
2016-05-03 21:10 - 2011-10-24 08:09 - 00000000 ___SD C:\Users\SJB\AppData\LocalLow\Temp
2016-05-03 20:52 - 2014-05-20 20:43 - 00002199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-03 20:52 - 2014-05-20 20:43 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-03 20:48 - 2014-06-23 06:07 - 00000000 ____D C:\Windows\system32\MRT
2016-05-03 20:33 - 2015-06-24 09:59 - 00000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1739471184-2068617908-1788588825-1001Core.job
2016-05-03 20:27 - 2014-06-23 06:07 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-02 22:22 - 2015-12-20 16:44 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-02 22:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-05-02 21:53 - 2014-05-20 20:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-02 21:52 - 2013-10-16 20:01 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-02 21:52 - 2013-10-16 20:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-02 21:51 - 2016-03-10 20:28 - 19397312 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-05-02 21:51 - 2012-09-29 13:38 - 00000000 ____D C:\Users\SJB\AppData\Roaming\Dropbox
2016-04-21 15:05 - 2010-11-20 22:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-06-22 19:24 - 2014-06-22 19:24 - 0000047 _____ () C:\Users\SJB\AppData\Roaming\WB.CFG
2011-06-18 10:20 - 2011-06-18 10:24 - 0015211 _____ () C:\ProgramData\ArcadeDeluxe5.log

Some files in TEMP:
====================
C:\Users\SJB\AppData\Local\Temp\libeay32.dll
C:\Users\SJB\AppData\Local\Temp\msvcr120.dll
C:\Users\SJB\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-26 22:47

[pystryker]

Hello

The logs look good, however you are running 2 antivirus programs, Avast and AVG. Running two of them consumes system resources and can cause false positives. Please uninstall one of them.

Also, Music Remote is still showing as installed on the system and needs to be uninstalled, as it is a known malware program.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes


Start the program and select Update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits



Go back to the Dashboard and select Scan Now



If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.





On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.




Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

• Select the option YES, I accept the Terms of Use then click on Start
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
• Now click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• Now click on Finish
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Step 3: Security Analysis

Please download Security Analysis by Rocket Grannie from here

• Save it to your Desktop.
• Close your security software to avoid potential conflicts.
• Double click RGSA.exe
• Click OK on the copyright-disclaimer
• It will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
• Please copy and paste the contents of that log in this topic.

Things I need to see in your next post:

• ESET Scan Log
• MBAM Log
• SecurityCheck Log

[cahagg01]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/3/2016
Scan Time: 10:26 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.04.01
Rootkit Database: v2016.04.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: SJB

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351935
Time Elapsed: 42 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{81A478CB-6828-4872-BFF4-2E9F1694682B}, Quarantined, [5889c01108918babf74af9397b892dd3],
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93D1034B-8D6B-48FC-93A7-B1FFDD45FEE9}, Quarantined, [b22f19b86a2fce68d967df53f31110f0],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5BD89B36-18E3-4151-8558-B9C3C5C89AED}, Quarantined, [f3ee636edfba999df30a48e58183649c],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{81A478CB-6828-4872-BFF4-2E9F1694682B}, Quarantined, [edf419b83168c076f150f83abf4518e8],
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93D1034B-8D6B-48FC-93A7-B1FFDD45FEE9}, Quarantined, [00e1379a2d6c47ef4bf5c072f4106c94],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E753E074-2223-46BD-AFF0-7B522C0E9102}, Quarantined, [5a87ab26b2e7bc7a45b832fb6f959e62],
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Update sizlsearch, Quarantined, [9d44b61b554488ae0fcefb4d06fd55ab],
PUP.Optional.CrossRider, HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{81A478CB-6828-4872-BFF4-2E9F1694682B}, Quarantined, [da074f822f6a3ef853d157dbae566997],
PUP.Optional.CrossRider, HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93D1034B-8D6B-48FC-93A7-B1FFDD45FEE9}, Quarantined, [2db416bbbbdef73f2ff4ed459c6827d9],

Registry Values: 10
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{81a478cb-6828-4872-bff4-2e9f1694682b}|AppName, Shop-Up-codedownloader.exe, Quarantined, [5889c01108918babf74af9397b892dd3]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93d1034b-8d6b-48fc-93a7-b1ffdd45fee9}|AppName, Shop-Up-buttonutil.exe, Quarantined, [b22f19b86a2fce68d967df53f31110f0]
PUP.Optional.MySearchDial, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\Mysearchdial\1.8.29.0\, Quarantined, [6a7731a0c2d75adcda0b02468d77bd43]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5BD89B36-18E3-4151-8558-B9C3C5C89AED}|AppPath, C:\Users\SJB\AppData\Local\Conduit\CT3297951, Quarantined, [f3ee636edfba999df30a48e58183649c]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{81a478cb-6828-4872-bff4-2e9f1694682b}|AppName, Shop-Up-codedownloader.exe, Quarantined, [edf419b83168c076f150f83abf4518e8]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93d1034b-8d6b-48fc-93a7-b1ffdd45fee9}|AppName, Shop-Up-buttonutil.exe, Quarantined, [00e1379a2d6c47ef4bf5c072f4106c94]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E753E074-2223-46BD-AFF0-7B522C0E9102}|AppPath, C:\Users\SJB\AppData\Local\Conduit\CT3287375, Quarantined, [5a87ab26b2e7bc7a45b832fb6f959e62]
PUP.Optional.CrossRider.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|SuperLyrics-1-bg.exe, 8000, Quarantined, [51909c35eeabf83e646b9e1a39cb639d]
PUP.Optional.CrossRider, HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{81a478cb-6828-4872-bff4-2e9f1694682b}|AppName, Shop-Up-codedownloader.exe, Quarantined, [da074f822f6a3ef853d157dbae566997]
PUP.Optional.CrossRider, HKU\S-1-5-21-1739471184-2068617908-1788588825-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93d1034b-8d6b-48fc-93a7-b1ffdd45fee9}|AppName, Shop-Up-buttonutil.exe, Quarantined, [2db416bbbbdef73f2ff4ed459c6827d9]

Registry Data: 0
(No malicious items detected)

Folders: 43
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\AddedAppDialog, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\DefualtImages, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\DetectedAppDialog, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\EngineFirstTimeDialog, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\NewSearchProtectorDialog, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\NewSearchProtectorDialog\images, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorBubbleDialog, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorBubbleDialog\images, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorDialog, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorDialog\Images, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorRetakeoverDialog, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorRetakeoverDialog\Images, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\ToolbarFirstTimeDialog, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\ToolbarFirstTimeDialog\images, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\ToolbarUntrustedAppsApprovalDialog, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\UninstallDialog, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\UntrustedAddedAppDialog, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\UntrustedAppApprovalDialog, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\UntrustedAppPendingDialog, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\EmailNotifier, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\ExternalComponent, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Logs, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\MyStuffApps, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\plugins, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\RadioPlayer, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\AppsMetaData, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\DynamicDialogs, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\ToolbarHiddenLogin, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\ToolbarHiddenSettings, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\ToolbarLogin, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\ToolbarSettings, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\ToolbarTranslation, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_en, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_en\ToolbarTranslation, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\UserDefinedItems, Quarantined, [3aa7577a861340f6e5a013268a79c53b],

Files: 174
PUP.Optional.DownLoadAdmin, C:\Users\SJB\Downloads\openofficeussuite-setup.exe, Quarantined, [aa374d84a7f283b3dc72fc7a3bca7090],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\hk64tbWis0.dll, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\hk64tbWis2.dll, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\hk64tbWise.dll, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\hktbWis0.dll, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\hktbWis2.dll, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\hktbWise.dll, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\ldrtbWis0.dll, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\ldrtbWis2.dll, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\ldrtbWise.dll, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\tbWis0.dll, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\tbWis1.dll, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\tbWis2.dll, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\tbWise.dll, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\ThirdPartyComponents.xml, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\toolbar.cfg, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_68_300_CT3008668_Images_633590752453893750_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_68_300_CT3008668_Images_633590753577643750_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_68_300_CT3008668_Images_633629754211018750_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_68_300_CT3008668_Images_Email_xml-10-Classic-633439771938243750_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_68_300_CT3008668_Images_SearchActivationButton-go_but01_gif-General-633629754908675000_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_SearchEngines_dictionary_search_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_SearchEngines_ebay_search_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_SearchEngines_encyc_search_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_SearchEngines_shopping_search_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___oryte_com_content_icons_clock_ico.ico, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_68_300_CT3008668_Images_633590751926237500_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_SearchEngines_weather_icon_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_MarketPlace_93_ce3_93951332-f9a7-4af7-af02-17ec3d749ce3_Appearance_634159521796627506_24x24_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___tools_wiseconvert_com_images_menu_archive_icon_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___tools_wiseconvert_com_images_menu_audio_icon_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___tools_wiseconvert_com_images_menu_file_tools_icon_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___tools_wiseconvert_com_images_menu_flv_icon_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___tools_wiseconvert_com_images_menu_image_icon_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___tools_wiseconvert_com_images_menu_open_documents_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___tools_wiseconvert_com_images_menu_pdf_icon_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___tools_wiseconvert_com_images_menu_video_icon_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___tools_wiseconvert_com_images_menu_view_pdf_icon_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___oryte_com_content_icons_calculator_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___oryte_com_content_icons_calculator_sci_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___oryte_com_content_icons_calendar_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___oryte_com_content_icons_calories_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_bankimages_iconsGallery_24_5369227798842747855_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_eula_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___oryte_com_content_icons_clothes_ico.ico, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___oryte_com_content_icons_coins_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___oryte_com_content_icons_datecalc_ico.ico, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___oryte_com_content_icons_fileconverter_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___oryte_com_content_icons_map_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___oryte_com_content_icons_spellchecker_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___oryte_com_content_icons_stopwatch_ico.ico, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___oryte_com_content_icons_translator_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___oryte_com_content_icons_unitconverter_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___oryte_com_content_icons_widget_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___oryte_com_content_icons_worddef_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___oryte_com_content_todo_img_favicon_ico.ico, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_16_319_CT3196716_Images_634677797331567756_png.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_68_300_CT3008668_Images_633590750635300000_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\CacheIcons\http___storage_conduit_com_68_300_CT3008668_Images_633590751044362500_gif.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\RoundedCornersIE9.css, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\DialogsAPI.js, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\excanvas.js, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\generalDialogStyle.css, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\PIE.htc, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\RoundedCorners.css, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\settings.js, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\version.txt, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\AddedAppDialog\app-added.js, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\AddedAppDialog\main.html, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\DefualtImages\icon.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\DetectedAppDialog\app-2go.js, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\DetectedAppDialog\main.html, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\EngineFirstTimeDialog\main.html, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\EngineFirstTimeDialog\right-click.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\NewSearchProtectorDialog\main.html, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\NewSearchProtectorDialog\SearchProtector.css, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\NewSearchProtectorDialog\SearchProtector.js, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\NewSearchProtectorDialog\images\ok-button.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\NewSearchProtectorDialog\images\separation-line.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\NewSearchProtectorDialog\images\warning.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorBubbleDialog\bubble.css, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorBubbleDialog\bubble.js, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorBubbleDialog\main.html, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorBubbleDialog\images\information.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorDialog\main.html, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorDialog\SearchProtector.css, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorDialog\SearchProtector.js, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorDialog\Images\info.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorDialog\Images\ok-on.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorDialog\Images\ok.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorRetakeoverDialog\main.html, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.jpg, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\ToolbarFirstTimeDialog\main.html, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\ToolbarFirstTimeDialog\images\arrow.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\ToolbarFirstTimeDialog\images\divider.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\ToolbarFirstTimeDialog\images\facebook.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\UntrustedAddedAppDialog\main.html, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\UntrustedAppApprovalDialog\main.html, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\UntrustedAppPendingDialog\main.html, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en&ctid=CT3297951.xml, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en&ctid=CT3297951.xml, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en&ctid=CT3297951.xml, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en&ctid=CT3297951.xml, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\ExternalComponent\http___oryte_com_content_translate_xml_tools_xml.xml, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\ExternalComponent\http___tools_wiseconvert_com_tools_xml.xml, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGong_16.png, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\RadioPlayer\IP_Stations_Media_List.xml, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\RadioPlayer\Predefined_Media_List.xml, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\AppsMetaData\data.bck.txt, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\AppsMetaData\data.txt, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\DynamicDialogs\data.bck.txt, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\ToolbarHiddenLogin\data.bck.txt, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\ToolbarHiddenLogin\data.txt, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\ToolbarHiddenSettings\data.bck.txt, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\ToolbarHiddenSettings\data.txt, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\ToolbarLogin\data.txt, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\ToolbarSettings\data.txt, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\ToolbarTranslation\data.bck.txt, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_CT3297951\ToolbarTranslation\data.txt, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_en\ToolbarTranslation\data.bck.txt, Quarantined, [3aa7577a861340f6e5a013268a79c53b],
PUP.Optional.WiseConvert, C:\Users\SJB\AppData\LocalLow\WiseConvert_B2\Repository\conduit_CT3297951_en\ToolbarTranslation\data.txt, Quarantined, [3aa7577a861340f6e5a013268a79c53b],

Physical Sectors: 0
(No malicious items detected)

 

[cahagg01]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Update Init
Update Download
Update Finalize
Updated modules version: 29363

 

 

[cahagg01]

I also exported the quarantine log and have attached it

 

C:\AdwCleaner\Quarantine\C\Program Files\Linksicle\IE\LinksicleClientIE.dll.vir a variant of Win64/Adware.Vitruvian.B application
C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir a variant of MSIL/DomaIQ.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linksicle\Uninstall.exe.vir a variant of Win32/Adware.Vitruvian.F application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linksicle\IE\LinksicleClientIE.dll.vir a variant of Win32/AdWare.Vitruvian.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linksicle\Service\lssvc.exe.vir Win32/AdWare.Vitruvian.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MPCBClient.dll.vir a variant of Win32/MyPCBackup.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe.vir MSIL/MyPCBackup.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\32002.crx.vir JS/Toolbar.Crossrider.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\32002.xpi.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bg.exe.vir a variant of Win32/Toolbar.CrossRider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll.vir a variant of Win32/Toolbar.CrossRider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil.dll.vir a variant of Win32/Toolbar.CrossRider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil.exe.vir a variant of Win32/Toolbar.CrossRider.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil64.dll.vir a variant of Win64/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil64.exe.vir a variant of Win64/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe.vir a variant of Win32/Toolbar.CrossRider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe.vir a variant of Win32/Toolbar.CrossRider.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-firefoxinstaller.exe.vir a variant of Win32/Toolbar.CrossRider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-helper.exe.vir a variant of Win32/Toolbar.CrossRider.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe.vir a variant of Win32/Toolbar.CrossRider.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\utils.exe.vir Win32/Packed.ScrambleWrapper.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Shop-Up\42822.crx.vir JS/Toolbar.Crossrider.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Shop-Up\42822.xpi.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Shop-Up\Shop-Up-buttonutil.exe.vir a variant of Win32/Toolbar.CrossRider.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Shop-Up\Shop-Up-chromeinstaller.exe.vir a variant of Win32/Toolbar.CrossRider.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Shop-Up\Shop-Up-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Shop-Up\Shop-Up-firefoxinstaller.exe.vir a variant of Win32/Toolbar.CrossRider.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Shop-Up\Shop-Up-helper.exe.vir a variant of Win32/Toolbar.CrossRider.BQ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Shop-Up\utils.exe.vir Win32/Packed.VMDetector.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-1\SuperLyrics-1-bg.exe.vir a variant of Win32/Toolbar.CrossRider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-1\SuperLyrics-1-bho.dll.vir a variant of Win32/Toolbar.CrossRider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-1\SuperLyrics-1-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-1\SuperLyrics-1-buttonutil.dll.vir a variant of Win32/Toolbar.CrossRider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-1\SuperLyrics-1-buttonutil.exe.vir a variant of Win32/Toolbar.CrossRider.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-1\SuperLyrics-1-buttonutil64.dll.vir a variant of Win64/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-1\SuperLyrics-1-buttonutil64.exe.vir a variant of Win64/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-1\SuperLyrics-1-helper.exe.vir a variant of Win32/Toolbar.CrossRider.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-1\SuperLyrics-1-updater.exe.vir a variant of Win32/Toolbar.CrossRider.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SuperLyrics-1\utils.exe.vir Win32/Packed.ScrambleWrapper.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3287375\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AR potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\101_cortica_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\102_dealply_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\103_intext_5_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\104_jollywallet_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\105_corticas_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\107_coupish_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\108_icm_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\116_ads_only_5_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\119_similar_web_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\120_luck_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\123_intext_adv_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\125_arcadi2_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\126_revizer_ws_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\127_revizer_p_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\128_superfish_pricora_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\129_widdit_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\135_arcadi3_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\138_getdeal_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\13_CrossriderAppUtils.js.vir JS/Toolbar.Crossrider.S potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\141_corticas_ru_m.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\142_intext_fa_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\14_CrossriderUtils.js.vir JS/Toolbar.Crossrider.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\155_ibario_pops_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\159_cortica_rollover_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\170_icm1_5_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\19_CHAppAPIWrapper.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\1_base.js.vir JS/Toolbar.Crossrider.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\21_debug.js.vir JS/Toolbar.Crossrider.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\22_resources.js.vir JS/Toolbar.Crossrider.S potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\28_initializer.js.vir JS/Toolbar.Crossrider.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\47_resources_background.js.vir JS/Toolbar.Crossrider.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\64_appApiMessage.js.vir JS/Toolbar.Crossrider.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\91_monetizationLoader.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\92_superfish_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\extensionData\plugins\97_resourceApiWrapper.js.vir JS/Toolbar.Crossrider.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\background.js.vir JS/Toolbar.Crossrider.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\main.js.vir JS/Toolbar.Crossrider.S potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\api\chrome.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\api\cookie.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\api\message.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\bg_app_api.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\cookie_store.js.vir JS/Toolbar.Crossrider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\crossriderAPI.js.vir JS/Toolbar.Crossrider.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\events.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\onBGDocumentLoad.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\reports.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\util.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\js\lib\xhr.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\101_cortica_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\102_dealply_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\103_intext_5_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\104_jollywallet_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\105_corticas_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\107_coupish_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\108_icm_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\116_ads_only_5_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\119_similar_web_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\120_luck_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\123_intext_adv_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\125_arcadi2_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\126_revizer_ws_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\127_revizer_p_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\128_superfish_pricora_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\129_widdit_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\135_arcadi3_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\138_getdeal_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\141_corticas_ru_m.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\142_intext_fa_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\14_CrossriderUtils.js.vir JS/Toolbar.Crossrider.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\155_ibario_pops_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\159_cortica_rollover_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\170_icm1_5_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\175_coolmirage_m.js.vir JS/Toolbar.Crossrider.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\19_CHAppAPIWrapper.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\1_base.js.vir JS/Toolbar.Crossrider.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\21_debug.js.vir JS/Toolbar.Crossrider.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\22_resources.js.vir JS/Toolbar.Crossrider.S potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\28_initializer.js.vir JS/Toolbar.Crossrider.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\47_resources_background.js.vir JS/Toolbar.Crossrider.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\64_appApiMessage.js.vir JS/Toolbar.Crossrider.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\91_monetizationLoader.js.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\92_superfish_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\extensionData\plugins\97_resourceApiWrapper.js.vir JS/Toolbar.Crossrider.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\js\background.js.vir JS/Toolbar.Crossrider.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\js\main.js.vir JS/Toolbar.Crossrider.S potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\js\api\chrome.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\js\api\cookie.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\js\api\message.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\js\lib\bg_app_api.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\js\lib\cookie_store.js.vir JS/Toolbar.Crossrider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\js\lib\crossriderAPI.js.vir JS/Toolbar.Crossrider.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\js\lib\events.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\js\lib\onBGDocumentLoad.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\js\lib\reports.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\js\lib\util.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod\1.25.17_0\js\lib\xhr.js.vir JS/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\SwvUpdater\Updater.exe.vir a variant of Win32/Amonetize.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SJB\AppData\Local\WordLayers\temp.dat.vir a variant of Win32/AdWare.Toolbar.AmyBar.A application
C:\Users\SJB\AppData\LocalLow\Vafmusic\hk64tbVafm.dll Win64/Toolbar.Conduit.B potentially unwanted application
C:\Users\SJB\AppData\LocalLow\Vafmusic\hktbVafm.dll Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\SJB\AppData\LocalLow\Vafmusic\ldrtbVafm.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\SJB\AppData\LocalLow\Vafmusic\tbVafm.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\SJB\AppData\LocalLow\Vafmusic\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
 

[cahagg01]

Result of Security Analysis by Rocket Grannie (x86) version: 4th May 2016
Running from:C:\Users\SJB\Desktop (19:37:26 - 05/04/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X64 Service Pack 1
UAC is Enabled!
Internet Explorer 11
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
***-----------------Anti-Virus - Firewall-------------------***
avast! Antivirus 270336 up to Date!
Windows Firewall is Enabled!
Searching for any other Firewall
*No other Firewall Installed*
***----------------AntiSpyware - Miscellaneous---------------***
Adobe flash Player Plugin is not installed
Java (version 8.40.26) is *out of Date*
Adobe Flash Player ActiveX (version 21.0.0.213)
Google Chrome (version 50)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Windows Live Essentials -- An older version than (16.4) is installed.
Windows Live Essentials (version 15.4.3508.1109) is *out of Date*
Windows Live Essentials (version 15.4.3502.0922) is *out of Date*

***----------------Analysis Complete-------------------------***