Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Laptop infected; popups, redirects, error log, slow moving browser....

virus malware spyware

  • Please log in to reply

#1
christiety03

christiety03

    Member

  • Member
  • PipPip
  • 12 posts

Please see attached FRST reports. Computer is barely working. Took me 2 days to post this topic and try to run programs to clean computer. Please help. Also receiving an error log from TFC Cleaner, which I saved to my desktop.

 

Thank you in advance for your help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Owner (administrator) on SMITH-PC (09-12-2016 09:08:53)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\dataup\dataup.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\ProgramData\NetworkPacketManitor\Nettrans.exe
() C:\Windows\SysWOW64\NetUtils2016.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.9.829.0\McCSPServiceHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Global surveys) C:\Users\Owner\AppData\Roaming\Interstatnogui\interstatnogui.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\ProgramData\AppxeetouQ\AppxeetouQ.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7539928 2014-02-09] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2807536 2014-01-07] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [flexi] => C:\Program Files (x86)\Undoes\low.exe [482304 2016-12-08] ()
HKLM\...\Run: [flexiflexi] => "C:\Program Files (x86)\Hamon\low.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [14688 2015-11-11] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25838592 2016-11-28] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe [1866936 2016-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [multipolar] => C:\Program Files (x86)\Undoes\low.exe [482304 2016-12-08] ()
HKLM-x32\...\Run: [multipolarmultipolar] => "C:\Program Files (x86)\Hamon\low.exe"
HKLM-x32\...\Run: [mapsgalaxy] => C:\Users\Owner\AppData\Local\Temp\7253453\ic-0.31ccf056389018.exe -start <===== ATTENTION
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [Chromium] => c:\users\owner\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9355480 2016-11-21] (Piriform Ltd)
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\AdobeCollabSync.exe [882872 2016-10-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [oniklo] => rundll32.exe "C:\Users\Owner\AppData\Local\oniklo.dll",oniklo <===== ATTENTION
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [stegmann] => C:\Program Files (x86)\Undoes\low.exe [482304 2016-12-08] ()
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [stegmannstegmann] => "C:\Program Files (x86)\Hamon\low.exe"
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [skoal] => C:\Program Files (x86)\Undoes\low.exe [482304 2016-12-08] ()
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [skoalskoal] => "C:\Program Files (x86)\Hamon\low.exe"
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [budged] => C:\Program Files (x86)\Undoes\low.exe [482304 2016-12-08] ()
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [ProxyGate] => C:\Users\Owner\AppData\Roaming\ProxyGate\MainService.exe <===== ATTENTION
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [Interstatnogui] => C:\Users\Owner\AppData\Roaming\Interstatnogui\interstatnogui.exe [2757560 2016-12-08] (Global surveys) <===== ATTENTION
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-12-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [stoning] => "C:\Program Files (x86)\miya\stoning.exe"
HKU\S-1-5-18\...\Run: [] => 0
AppInit_DLLs: C:\ProgramData\AppxeetouQ\Zumlab.dll => C:\ProgramData\AppxeetouQ\Zumlab.dll [358912 2016-12-09] ()
AppInit_DLLs-x32: C:\ProgramData\AppxeetouQ\Warmstring.dll => C:\ProgramData\AppxeetouQ\Warmstring.dll [248320 2016-12-09] ()
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2016-12-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2016-12-08] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lawson.lnk [2016-12-08]
ShortcutTarget: lawson.lnk -> C:\Program Files (x86)\Undoes\low.exe ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-09-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{11DB65DE-AFBA-496E-A7CE-E847599D81E4}: [DhcpNameServer] 168.94.0.14 168.94.0.15
Tcpip\..\Interfaces\{C98674E6-3F29-41E4-A7AD-DE21905D9A03}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_32&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEtAyEyC0BtDtD0FtA0FyDzzzztAzytN0D0Tzu0StCyCzzyDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtAyBtD0CtC0DtBtGtCtDyCyCtGyByCtD0FtGyEtAtBtBtGyEtA0B0ByB0CyB0CzzyE0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBzyyBtDtBzytGtBtAzz0EtGyE0D0FyBtGzz0DzytCtGtBtCyEyC0A0A0D0BtD0FtByE2QtN0A0LzuyE%26cr%3D1066021647%26a%3Dwbf_ir_16_32%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_32&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEtAyEyC0BtDtD0FtA0FyDzzzztAzytN0D0Tzu0StCyCzzyDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtAyBtD0CtC0DtBtGtCtDyCyCtGyByCtD0FtGyEtAtBtBtGyEtA0B0ByB0CyB0CzzyE0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBzyyBtDtBzytGtBtAzz0EtGyE0D0FyBtGzz0DzytCtGtBtCyEyC0A0A0D0BtD0FtByE2QtN0A0LzuyE%26cr%3D1066021647%26a%3Dwbf_ir_16_32%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEHXdzv7XidwSoQfyAVi7tH6kGaEashkPich_EHRfH75ICwq6cE5wZB_a1-cDPsdHBk8SCf6G4UjgFs1jM0oLSk2Dtax0Mn74SCbqaXRo6lJt_0_OW8xBSuhto7fp7fO6Dgm-hRGCmImqufV6p6jf8,
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEHXdzv7XidwSoQfyAVi7tH6kGaEashkPich_EHRfH75ICwq6cE5wZB_a1-cDPsdHBop7EPq2dU2Emm6amYESeVkBWjUeb_5UL7au9QLuQgSHD_EsTumf4sSiraAO6miVHe9CJbtaNfG18ADy4tgVY,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEtAyEyC0BtDtD0FtA0FyDzzzztAzytN0D0Tzu0StCyCzzyDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtAyBtD0CtC0DtBtGtCtDyCyCtGyByCtD0FtGyEtAtBtBtGyEtA0B0ByB0CyB0CzzyE0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBzyyBtDtBzytGtBtAzz0EtGyE0D0FyBtGzz0DzytCtGtBtCyEyC0A0A0D0BtD0FtByE2QtN0A0LzuyE%26cr%3D1066021647%26a%3Dwbf_ir_16_32%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEtAyEyC0BtDtD0FtA0FyDzzzztAzytN0D0Tzu0StCyCzzyDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtAyBtD0CtC0DtBtGtCtDyCyCtGyByCtD0FtGyEtAtBtBtGyEtA0B0ByB0CyB0CzzyE0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBzyyBtDtBzytGtBtAzz0EtGyE0D0FyBtGzz0DzytCtGtBtCyEyC0A0A0D0BtD0FtByE2QtN0A0LzuyE%26cr%3D1066021647%26a%3Dwbf_ir_16_32%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {57FB77C4-A0F7-457B-9310-661C01DC5DA7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEHXdzv7XidwSoQfyAVi7tH6kGaEashkPich_EHRfH75ICwq6cE5wZB_a1-cDPsdHBop7EPq2dU2Emm6amYESeVkBWjUeb_5UL7au9QLuQgSHD_EsTumf4sSiraAO6miVHe9CJbtaNfG18ADy4tgVY,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_32&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEtAyEyC0BtDtD0FtA0FyDzzzztAzytN0D0Tzu0StCyCzzyDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtAyBtD0CtC0DtBtGtCtDyCyCtGyByCtD0FtGyEtAtBtBtGyEtA0B0ByB0CyB0CzzyE0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBzyyBtDtBzytGtBtAzz0EtGyE0D0FyBtGzz0DzytCtGtBtCyEyC0A0A0D0BtD0FtByE2QtN0A0LzuyE%26cr%3D1066021647%26a%3Dwbf_ir_16_32%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> {57FB77C4-A0F7-457B-9310-661C01DC5DA7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEHXdzv7XidwSoQfyAVi7tH6kGaEashkPich_EHRfH75ICwq6cE5wZB_a1-cDPsdHBop7EPq2dU2Emm6amYESeVkBWjUeb_5UL7au9QLuQgSHD_EsTumf4sSiraAO6miVHe9CJbtaNfG18ADy4tgVY,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002 -> {4A4AC7EA-3F17-4748-AFCF-E8F9F2B747B4} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002 -> {57FB77C4-A0F7-457B-9310-661C01DC5DA7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002 -> {ielnksrch} URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEHXdzv7XidwSoQfyAVi7tH6kGaEashkPich_EHRfH75ICwq6cE5wZB_a1-cDPsdHBop7EPq2dU2Emm6amYESeVkBWjUeb_5UL7au9QLuQgSHD_EsTumf4sSiraAO6miVHe9CJbtaNfG18ADy4tgVY,&q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-15] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-15] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-15] (Google Inc.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-15] (Google Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-05-24] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-05-24] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn [2016-08-16]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-07-21] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll [2012-07-18] (Nuance Communications Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK6GX7xbIX0PZXZRWDoQSnAfe5vnZEiJbUwXH8iPFtDxlNg7052aYBp_GHtWsm3lM5aVk-yCpT1sgE4Rx4-UUEKGmMgCHap4OPTsSD68CGHe1Yw5mkta-U5RRakxS2H9zDZ7fUgSoQndSCdltBdi8,
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK6GX7xbIX0PZXZRWDoQSnAfe5vnZEiJbUwXH8iPFtDxlNg7052aYBp_GHtWsm3lM5aVk-yCpT1sgE4RANvL3gzCj80X1qLTx5Bgv573HrvYKkR9ER8uzm6a7iAzCjRHp7dsOZmqnYP7zaThNdGtQ,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2016-12-09]
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-29]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-29]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-29]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-08]
CHR Extension: (Browser Hunt) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki [2016-12-08]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-29]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-29]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-29]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-24]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 AppxeetouQ; C:\ProgramData\\AppxeetouQ\\AppxeetouQ.exe [400896 2016-12-08] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows ® Win 7 DDK provider) [File not signed]
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2016-10-30] (Microsoft Corporation)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [76944 2016-08-05] (Comodo Security Solutions, Inc.)
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2016-09-22] () [File not signed] <==== ATTENTION
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-16] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-11-28] (Dropbox, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-12-16] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-05-24] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-18] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 Nettrans; C:\ProgramData\NetworkPacketManitor\Nettrans.exe [57856 2016-09-28] () [File not signed]
R2 NetUtils2016srv; C:\Windows\SysWOW64\NetUtils2016.exe [470592 2016-12-08] ()
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [990656 2016-10-28] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-10-28] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-10-28] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-25] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-03-11] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-03-11] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
R1 NetUtils2016; C:\Windows\system32\drivers\NetUtils2016.sys [909944 2016-12-08] () <==== ATTENTION
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-12-16] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [29936 2014-01-07] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-01-07] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [13920 2016-08-12] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-09 09:09 - 2016-12-09 09:09 - 00000000 ____D C:\Users\Owner\Desktop\New folder
2016-12-09 08:59 - 2016-12-09 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-12-08 21:52 - 2016-12-09 01:42 - 00000000 ____D C:\SUPERDelete
2016-12-08 21:51 - 2016-12-08 22:44 - 00000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9e88b202-93b7-4d8f-baa9-5d103a1f07d5.job
2016-12-08 21:51 - 2016-12-08 22:44 - 00000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7cc9fbc5-e185-437c-8b69-3724f3b45856.job
2016-12-08 21:51 - 2016-12-08 21:51 - 00003582 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 9e88b202-93b7-4d8f-baa9-5d103a1f07d5
2016-12-08 21:51 - 2016-12-08 21:51 - 00003500 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 7cc9fbc5-e185-437c-8b69-3724f3b45856
2016-12-08 21:50 - 2016-12-08 21:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2016-12-08 21:49 - 2016-12-08 21:50 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-12-08 21:49 - 2016-12-08 21:49 - 28595680 _____ (SUPERAntiSpyware) C:\Users\Owner\Desktop\SUPERAntiSpyware.exe
2016-12-08 21:49 - 2016-12-08 21:49 - 00001827 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-12-08 21:49 - 2016-12-08 21:49 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-12-08 21:49 - 2016-12-08 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-12-08 21:33 - 2016-12-08 21:33 - 00000000 ____D C:\Rem-VBSqt
2016-12-08 21:18 - 2016-12-08 21:18 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe
2016-12-08 21:13 - 2016-12-08 21:13 - 00050688 _____ (Atribune.org) C:\Users\Owner\Downloads\ATF-Cleaner.exe
2016-12-08 20:38 - 2016-12-08 20:38 - 05658636 _____ (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2016-12-08 19:12 - 2016-12-08 19:12 - 00000000 ____D C:\Users\Owner\Downloads\FRST-OlderVersion
2016-12-08 18:47 - 2016-12-08 18:47 - 00003082 _____ C:\Windows\System32\Tasks\{3642E9CF-9229-4600-8FDA-2EFF27B0942C}
2016-12-08 10:07 - 2016-12-08 10:07 - 00000000 ____D C:\ProgramData\AppxeetouQs
2016-12-08 10:06 - 2016-12-09 09:03 - 00000000 ____D C:\ProgramData\AppxeetouQ
2016-12-08 09:29 - 2016-12-08 09:29 - 00000000 ____D C:\ProgramData\Lavasoft
2016-12-08 09:26 - 2016-12-08 09:27 - 00000000 ____D C:\ProgramData\MAGIX
2016-12-08 09:21 - 2016-12-08 09:21 - 00000000 ____D C:\Users\Owner\AppData\Local\pinger.com
2016-12-08 09:13 - 2016-12-08 23:04 - 00000000 ____D C:\Users\Owner\AppData\Local\mstrn32
2016-12-08 09:13 - 2016-12-08 09:13 - 00000000 ____D C:\Users\Owner\AppData\Local\cpx
2016-12-08 09:12 - 2016-12-08 23:27 - 00000000 ____D C:\Program Files (x86)\cpx
2016-12-08 09:12 - 2016-12-08 23:25 - 00000000 ____D C:\Program Files (x86)\msrtn32
2016-12-08 09:09 - 2016-12-08 09:09 - 00000000 ____D C:\Users\Owner\AppData\Local\AnonymizerLauncher
2016-12-08 03:02 - 2016-12-08 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-12-08 03:02 - 2016-12-08 03:02 - 00000000 ____D C:\ProgramData\BSD
2016-12-08 03:01 - 2016-12-08 03:01 - 00000000 ____D C:\ProgramData\PCVARK
2016-12-08 03:01 - 2016-12-08 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-12-08 03:00 - 2016-12-09 09:03 - 00002386 _____ C:\Windows\SysWOW64\findit.xml
2016-12-08 03:00 - 2016-12-09 01:46 - 00625272 _____ C:\Windows\system32\NetUtils2016.dll
2016-12-08 03:00 - 2016-12-08 23:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ProxyGate
2016-12-08 03:00 - 2016-12-08 03:00 - 00909944 _____ C:\Windows\system32\Drivers\NetUtils2016.sys
2016-12-08 03:00 - 2016-12-08 03:00 - 00470592 _____ C:\Windows\SysWOW64\NetUtils2016.exe
2016-12-08 03:00 - 2016-12-08 03:00 - 00003264 _____ C:\Windows\System32\Tasks\psv_Tresfax
2016-12-08 03:00 - 2016-12-08 03:00 - 00003264 _____ C:\Windows\System32\Tasks\psv_Lamis
2016-12-08 03:00 - 2016-12-08 03:00 - 00003258 _____ C:\Windows\System32\Tasks\psv_Hotlight
2016-12-08 03:00 - 2016-12-08 03:00 - 00000000 ____D C:\Windows\SysWOW64\sstmp
2016-12-08 03:00 - 2016-12-08 03:00 - 00000000 ____D C:\Windows\system32\sstmp
2016-12-08 03:00 - 2016-12-08 03:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2016-12-08 03:00 - 2016-12-08 03:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Interstatnogui
2016-12-08 03:00 - 2016-12-08 03:00 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashRpt
2016-12-08 03:00 - 2016-12-08 03:00 - 00000000 ____D C:\ProgramData\Quoteexs
2016-12-08 02:59 - 2016-12-08 23:42 - 00000000 ____D C:\ProgramData\Logic Handler
2016-12-08 02:59 - 2016-12-08 10:06 - 00000000 ____D C:\ProgramData\NetworkPacketManitor
2016-12-08 02:59 - 2016-12-08 02:59 - 07310848 _____ C:\Users\Owner\AppData\Roaming\agent.dat
2016-12-08 02:59 - 2016-12-08 02:59 - 01907835 _____ C:\Users\Owner\AppData\Roaming\Transfax.tst
2016-12-08 02:59 - 2016-12-08 02:59 - 00126464 _____ C:\Users\Owner\AppData\Roaming\noah.dat
2016-12-08 02:59 - 2016-12-08 02:59 - 00070704 _____ C:\Users\Owner\AppData\Roaming\Config.xml
2016-12-08 02:59 - 2016-12-08 02:59 - 00018432 _____ C:\Users\Owner\AppData\Roaming\Main.dat
2016-12-08 02:59 - 2016-12-08 02:59 - 00005568 _____ C:\Users\Owner\AppData\Roaming\md.xml
2016-12-08 02:58 - 2016-12-08 02:59 - 00016224 _____ C:\Users\Owner\AppData\Roaming\InstallationConfiguration.xml
2016-12-08 02:58 - 2016-12-08 02:58 - 00140288 _____ C:\Users\Owner\AppData\Roaming\Installer.dat
2016-12-08 02:58 - 2016-12-08 02:58 - 00000000 ____D C:\Users\Owner\AppData\Local\Shortcut Installer
2016-12-08 02:52 - 2016-12-08 09:22 - 00000000 ____D C:\Windows\system32\SSL
2016-12-08 02:52 - 2016-12-08 02:52 - 00000000 ____D C:\ProgramData\Microleaves
2016-12-08 02:52 - 2016-12-08 02:52 - 00000000 _____ C:\Users\Owner\AppData\Local\tr5b.txt
2016-12-08 02:51 - 2016-12-09 01:42 - 00000000 ___HD C:\Program Files (x86)\miya
2016-12-08 02:51 - 2016-12-08 15:42 - 00000000 ___HD C:\Program Files (x86)\Hamon
2016-12-08 02:51 - 2016-12-08 02:51 - 00003790 _____ C:\Windows\System32\Tasks\69914424
2016-12-08 02:51 - 2016-12-08 02:51 - 00003788 _____ C:\Windows\System32\Tasks\41777599
2016-12-08 02:51 - 2016-12-08 02:51 - 00003788 _____ C:\Windows\System32\Tasks\21681042
2016-12-08 02:51 - 2016-12-08 02:51 - 00003628 _____ C:\Windows\System32\Tasks\Da6991442469914424
2016-12-08 02:51 - 2016-12-08 02:51 - 00003626 _____ C:\Windows\System32\Tasks\Da4177759941777599
2016-12-08 02:51 - 2016-12-08 02:51 - 00003626 _____ C:\Windows\System32\Tasks\Da2168104221681042
2016-12-08 02:51 - 2016-12-08 02:51 - 00000003 _____ C:\Users\Owner\AppData\Local\run1.txt
2016-12-08 02:51 - 2016-12-08 02:51 - 00000000 ___HD C:\Program Files (x86)\Undoes
2016-12-08 02:49 - 2016-12-08 09:27 - 00000000 ____D C:\Program Files (x86)\Microleaves
2016-12-08 02:49 - 2016-12-08 02:51 - 00000000 ____D C:\Users\Owner\AppData\Roaming\iZotope
2016-12-08 02:49 - 2016-12-08 02:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microleaves
2016-12-08 02:49 - 2016-12-08 02:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\c
2016-12-08 02:49 - 2016-12-08 02:49 - 00000000 ____D C:\Users\Owner\.proxycheck
2016-12-08 02:49 - 2016-12-08 02:49 - 00000000 ____D C:\Users\Owner\.AnonymizerLauncher
2016-12-08 02:49 - 2016-12-08 02:49 - 00000000 ____D C:\ProgramData\1481183384
2016-12-08 02:49 - 2016-12-08 02:49 - 00000000 ____D C:\Program Files (x86)\regtool
2016-12-08 02:49 - 2016-12-08 02:49 - 00000000 ____D C:\Program Files (x86)\dataup
2016-12-08 02:48 - 2016-12-08 09:22 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2016-12-08 02:48 - 2016-12-08 02:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AGData
2016-12-08 02:48 - 2016-12-08 02:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2016-12-08 02:43 - 2016-12-08 09:27 - 00000000 ____D C:\ProgramData\VEGAS
2016-12-08 02:41 - 2016-12-08 02:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Sony
2016-12-08 02:38 - 2016-12-08 09:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\MAGIX
2016-12-08 02:38 - 2016-12-08 02:38 - 00000000 ____D C:\Users\Owner\Documents\MAGIX Downloads
2016-12-08 01:40 - 2016-12-08 09:26 - 00000000 ____D C:\Users\Owner\Documents\iZotope
2016-12-08 01:40 - 2016-12-08 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2016-12-08 01:40 - 2016-12-08 09:26 - 00000000 ____D C:\Program Files\Common Files\VST3
2016-12-08 01:40 - 2016-12-08 01:40 - 00000000 ____D C:\Program Files\Common Files\Avid
2016-12-08 01:18 - 2016-12-08 01:18 - 00528896 _____ (minis) C:\Users\Owner\AppData\Local\predicates.exe
2016-12-08 01:18 - 2016-12-08 01:18 - 00482304 _____ C:\Windows\vadim.exe
2016-12-08 01:10 - 2016-05-31 12:52 - 01431552 _____ (Propellerhead Software AB) C:\Windows\SysWOW64\ReWire.dll
2016-12-07 09:27 - 2016-12-07 09:27 - 00005120 _____ C:\Users\Owner\AppData\Local\ddnow.exe
2016-12-06 17:59 - 2016-12-06 17:59 - 02001079 _____ C:\Windows\97b4226e82053e864b386d56e6ff8b45.exe
2016-12-01 18:53 - 2016-12-01 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-29 13:06 - 2016-11-29 13:06 - 08995888 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup524_protrial.exe
2016-11-28 09:05 - 2016-11-28 09:05 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-11-28 09:05 - 2016-11-28 09:05 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-11-28 09:05 - 2016-11-28 09:05 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-11-28 09:05 - 2016-11-28 09:05 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-11-17 11:41 - 2016-11-17 11:42 - 128534041 _____ C:\Users\Owner\Downloads\HHID1992 (Bonus Track Edition) [320 kbps].zip
2016-11-17 11:33 - 2016-11-17 11:34 - 70451032 _____ C:\Users\Owner\Downloads\Travis Scott - Days Before Birds.zip
2016-11-17 11:24 - 2016-11-17 11:27 - 117515512 _____ C:\Users\Owner\Downloads\Jeezy_-_Trap_Or_Die_3_[iTunes][GangstaRapTalk.com] (1).zip
2016-11-17 11:16 - 2016-11-23 14:09 - 00000000 ____D C:\Users\Owner\Desktop\GoPro Stuff
2016-11-17 11:05 - 2016-11-17 11:06 - 137057942 _____ C:\Users\Owner\Downloads\Attack_The_Block-(DatPiff.com).zip
2016-11-17 11:05 - 2016-11-17 11:05 - 19516601 _____ C:\Users\Owner\Downloads\Free_Bricks_2_Zone_6_Edition-(DatPiff.com).zip
2016-11-17 11:04 - 2016-11-17 11:04 - 74215411 _____ C:\Users\Owner\Downloads\RARE-(DatPiff.com).zip
2016-11-17 10:59 - 2016-11-17 10:59 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2017.lnk
2016-11-17 10:54 - 2016-11-17 10:54 - 00001129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2017.lnk
2016-11-17 10:54 - 2016-11-17 10:54 - 00000000 ____D C:\Users\Public\Documents\Adobe
2016-11-17 10:52 - 2016-11-17 10:52 - 00000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2016-11-17 10:47 - 2016-11-17 10:47 - 00001176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-11-17 10:47 - 2016-11-17 10:47 - 00001164 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-09 09:08 - 2016-08-14 15:46 - 00000000 ____D C:\FRST
2016-12-09 09:08 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2016-12-09 09:06 - 2016-10-10 14:46 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-09 09:05 - 2016-05-07 15:09 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1984768383-2945694233-2252105598-1002
2016-12-09 09:03 - 2016-05-29 11:01 - 00002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-09 09:03 - 2016-05-29 11:01 - 00002222 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-09 09:03 - 2016-05-07 15:04 - 00001441 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-09 08:59 - 2016-05-07 15:06 - 00000000 ____D C:\Users\Owner\Documents\Youcam
2016-12-09 08:58 - 2016-09-20 16:10 - 00000000 ____D C:\Users\Owner\OneDrive
2016-12-09 08:58 - 2016-05-29 11:00 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-09 08:58 - 2013-08-26 01:09 - 00956540 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-09 08:58 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-12-09 08:57 - 2016-06-16 09:31 - 00000920 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-09 01:42 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-09 01:41 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-12-09 01:19 - 2016-05-29 11:00 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-09 01:08 - 2016-05-07 16:13 - 00000000 ____D C:\ProgramData\TEMP
2016-12-09 00:51 - 2016-06-16 09:31 - 00000924 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-08 23:44 - 2016-08-12 12:45 - 00000000 __HDC C:\ProgramData\{3A83B8C4-5F70-453E-A723-B5672F107885}
2016-12-08 23:34 - 2014-02-21 18:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-12-08 23:34 - 2014-02-21 18:48 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-12-08 23:03 - 2016-07-12 23:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2016-12-08 22:12 - 2016-05-09 13:22 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D7E6FA46-9960-47BE-8AE6-600DC20F6780}
2016-12-08 21:53 - 2016-08-12 12:50 - 00000000 ____D C:\Users\Owner\AppData\Local\SlimWare Utilities Inc
2016-12-08 19:18 - 2016-08-14 15:51 - 00043851 _____ C:\Users\Owner\Downloads\Addition.txt
2016-12-08 19:18 - 2016-08-14 15:47 - 00062824 _____ C:\Users\Owner\Downloads\FRST.txt
2016-12-08 19:12 - 2016-08-14 15:45 - 02420224 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-12-08 17:02 - 2016-08-12 16:02 - 00000366 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Owner).job
2016-12-08 15:19 - 2013-08-22 08:25 - 00000187 _____ C:\Windows\win.ini
2016-12-08 15:15 - 2016-07-19 23:45 - 00000000 ___RD C:\Users\Owner\Creative Cloud Files
2016-12-08 15:15 - 2016-07-13 00:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-08 12:24 - 2016-05-07 15:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2016-12-08 11:27 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-12-08 10:13 - 2016-08-15 15:19 - 00000000 ____D C:\Program Files\CCleaner
2016-12-08 09:21 - 2014-02-21 18:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-12-08 09:18 - 2014-02-21 18:48 - 00000000 ____D C:\ProgramData\WildTangent
2016-12-08 02:52 - 2016-08-12 12:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\efo
2016-12-08 02:49 - 2016-05-07 15:03 - 00000000 ____D C:\Users\Owner
2016-12-08 02:40 - 2016-05-07 16:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-07 13:25 - 2016-08-15 16:51 - 00000000 ____D C:\Program Files\TrueKey
2016-12-06 13:06 - 2016-08-15 17:01 - 00001217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-12-06 13:05 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-12-01 18:53 - 2016-06-16 09:31 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-11-29 13:46 - 2016-06-16 09:31 - 00003896 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-29 13:46 - 2016-06-16 09:31 - 00003660 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-29 13:06 - 2016-08-15 15:19 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-27 19:00 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-18 22:27 - 2016-06-16 09:35 - 00000000 ___RD C:\Users\Owner\Dropbox
2016-11-18 22:26 - 2016-06-16 09:31 - 00000000 ____D C:\Users\Owner\AppData\Local\Dropbox
2016-11-17 14:13 - 2013-08-22 09:44 - 05154656 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-17 11:40 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-17 11:36 - 2014-02-21 18:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-17 11:09 - 2016-07-13 01:21 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-11-17 11:01 - 2016-07-13 01:21 - 00000000 ____D C:\Users\Owner\Documents\Adobe
2016-11-17 10:59 - 2016-09-14 02:17 - 00000000 ____D C:\Program Files\Adobe
2016-11-17 10:54 - 2016-09-14 02:19 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-11-17 10:47 - 2016-07-13 00:04 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-11-16 17:10 - 2016-05-29 11:29 - 00000000 ____D C:\Windows\system32\MRT
2016-11-16 17:04 - 2016-05-29 11:29 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-09 09:17 - 2016-08-15 16:51 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2016-12-08 02:59 - 2016-12-08 02:59 - 7310848 _____ () C:\Users\Owner\AppData\Roaming\agent.dat
2016-12-08 02:59 - 2016-12-08 02:59 - 0070704 _____ () C:\Users\Owner\AppData\Roaming\Config.xml
2016-12-08 02:58 - 2016-12-08 02:59 - 0016224 _____ () C:\Users\Owner\AppData\Roaming\InstallationConfiguration.xml
2016-12-08 02:58 - 2016-12-08 02:58 - 0140288 _____ () C:\Users\Owner\AppData\Roaming\Installer.dat
2016-12-08 02:59 - 2016-12-08 02:59 - 0018432 _____ () C:\Users\Owner\AppData\Roaming\Main.dat
2016-12-08 02:59 - 2016-12-08 02:59 - 0005568 _____ () C:\Users\Owner\AppData\Roaming\md.xml
2016-12-08 02:59 - 2016-12-08 02:59 - 0126464 _____ () C:\Users\Owner\AppData\Roaming\noah.dat
2016-12-08 02:59 - 2016-12-08 02:59 - 1907835 _____ () C:\Users\Owner\AppData\Roaming\Transfax.tst
2016-12-08 03:00 - 2016-12-08 03:00 - 0032038 _____ () C:\Users\Owner\AppData\Roaming\uninstall_temp.ico
2016-12-07 09:27 - 2016-12-07 09:27 - 0005120 _____ () C:\Users\Owner\AppData\Local\ddnow.exe
2016-03-18 00:00 - 2016-03-18 00:00 - 0000000 _____ () C:\Users\Owner\AppData\Local\ok223.txt
2016-12-08 01:18 - 2016-12-08 01:18 - 0528896 _____ (minis) C:\Users\Owner\AppData\Local\predicates.exe
2016-12-08 02:51 - 2016-12-08 02:51 - 0000003 _____ () C:\Users\Owner\AppData\Local\run1.txt
2016-12-08 02:52 - 2016-12-08 02:52 - 0000000 _____ () C:\Users\Owner\AppData\Local\tr5b.txt

Files to move or delete:
====================
C:\Users\Owner\AppData\Roaming\Interstatnogui\interstatnogui.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Owner (09-12-2016 09:11:00)
Running from C:\Users\Owner\Desktop
Windows 8.1 (Update) (X64) (2016-05-07 20:02:51)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1984768383-2945694233-2252105598-500 - Administrator - Disabled)
Guest (S-1-5-21-1984768383-2945694233-2252105598-501 - Limited - Disabled)
Owner (S-1-5-21-1984768383-2945694233-2252105598-1002 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E0F06755100}) (Version: 15.006.30244 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{A3B31167-C1B8-416E-35E6-8966F355418C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4503 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3618 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.00.100 - Nuance Communications Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{0F475378-05E5-453D-99B3-CFB58218D5E9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{2C395A31-8A70-4C2E-893F-25CBF37394CC}) (Version: 7.4.50.10 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.9042 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7426.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
ProxyGate version 3.0.0.1176 (HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1176 - Gold Click Ltd) <==== ATTENTION
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29074 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7171 - Realtek Semiconductor Corp.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.6.2 - Synaptics Incorporated)
SyncFileSetup (x86) (x32 Version: 1.2.5793.19891 - Western Digital Technologies, Inc) Hidden
vShare Helper (HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\vShare Helper) (Version: 1.1.5.3 - vShare.com Co.,LTD)
WD Access (HKLM-x32\...\{79f4d6a1-f721-43f9-8e15-19129edd8f19}) (Version: 1.1.5767.15076 - Western Digital Technologies, Inc.)
WD Access (x32 Version: 1.1.5767.15076 - Western Digital Technologies, Inc) Hidden
WD Sync (HKLM-x32\...\{f9386239-2d5b-4e8a-aec6-156c568155ec}) (Version: 1.2.5793.19891 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C0AFE69-CBEC-4B1B-BB10-1B52601155C5} - System32\Tasks\{3642E9CF-9229-4600-8FDA-2EFF27B0942C} => pcalua.exe -a C:\Users\Owner\AppData\Local\uninstallro.exe
Task: {107AD98D-398D-4B3F-B8A9-9012832AF621} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-07] (Synaptics Incorporated)
Task: {1AF79A0E-82C3-43B0-B7D7-4DBCEE8D271F} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-12-17] (CyberLink Corp.)
Task: {1CCF0303-2440-4B51-A8B2-436E7401FEAE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-12-16] (Hewlett-Packard Company)
Task: {1FB480B9-CD02-465F-A9D5-0F7B39026202} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {22443467-488E-4D81-BFB7-4FB11557BBD0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation)
Task: {27C0A64C-5098-4265-B2B5-5EF06A1C0B16} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {2DD80982-9C9F-4E22-84B1-CF3E1F535726} - System32\Tasks\psv_Tresfax => /c regedit.exe /s "C:\ProgramData\Quoteex\Yearcore.reg" &amp; del "C:\ProgramData\Quoteex\Yearcore.reg" &amp; SCHTASKS /Delete /TN "psv_Tresfax" /F <==== ATTENTION
Task: {32561B9C-20BA-44D7-A678-502563E8BD10} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {36291BBD-0446-4D38-9DE0-2CF2B0A1C5BA} - System32\Tasks\Da2168104221681042 => C:\Users\Owner\AppData\Local\low.exe
Task: {3AF11470-D4A0-49CB-9FB5-0ADD62AF8642} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {3C21C76A-7FBB-42E1-A570-BF480CA7D242} - System32\Tasks\41777599 => C:\Program Files (x86)\Hamon\low.exe <==== ATTENTION
Task: {46ABCC5A-349A-4121-A8D2-89BFD225AA61} - System32\Tasks\psv_Hotlight => /c regedit.exe /s "C:\ProgramData\Quoteex\Lamlab.reg" &amp; del "C:\ProgramData\Quoteex\Lamlab.reg" &amp; SCHTASKS /Delete /TN "psv_Hotlight" /F <==== ATTENTION
Task: {4BB866E7-EF6F-43BB-87F2-F77CBA6FB163} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-12-16] (Hewlett-Packard Company)
Task: {4CA71005-924A-4B1C-B4FF-44B92D38E225} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {5020EDD4-5533-463A-B48E-2942D1D9497E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {52BBFD60-FF72-4B3F-A4E0-A17202E5DAAF} - System32\Tasks\21681042 => C:\Users\Owner\AppData\Local\low.exe <==== ATTENTION
Task: {5770EB8F-26F2-405D-856A-705000B2253A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-16] (Dropbox, Inc.)
Task: {596BD565-EB0A-4160-887C-DFA4F858D072} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-16] (Dropbox, Inc.)
Task: {75ABC42D-8B96-46AC-8EF1-AD17F9401172} - System32\Tasks\SUPERAntiSpyware Scheduled Task 9e88b202-93b7-4d8f-baa9-5d103a1f07d5 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {871C2029-FD6F-4A1A-9189-B7B67F313D19} - System32\Tasks\69914424 => C:\Program Files (x86)\Undoes\low.exe [2016-12-08] () <==== ATTENTION
Task: {8BDDED05-97C9-4D9B-B9CA-2004B542EF25} - System32\Tasks\Da6991442469914424 => C:\Program Files (x86)\Undoes\low.exe [2016-12-08] ()
Task: {903CCA55-9CB5-45AC-9F84-E672DE5C88D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {9D8D6F72-3A76-4780-A6FD-1BB41A425876} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
Task: {AA521709-0CAD-4B4B-A4E0-9D8081FE05CF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {BA9D046C-B740-423C-817C-CBB0989E5D67} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {BCDFEAAF-48F5-4670-9AA1-55159AFE8120} - System32\Tasks\AdobeAAMUpdater-1.0-Smith-PC-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {BD5C7C7C-6EDA-445D-A012-266A5611A3D8} - System32\Tasks\Da4177759941777599 => C:\Program Files (x86)\Hamon\low.exe
Task: {C3A00456-0AC6-4039-A83D-CEC3B23E059E} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Owner) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {C86EE836-0CC5-4F7E-9432-2B6091D9B461} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2016-04-23] (McAfee, Inc.)
Task: {CD793485-2329-44B8-A2C0-63EAE70D2BAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {D13C9BBA-8A25-4A7B-96A7-21ACBDA80770} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {DE87D587-BE9D-43C4-B5FF-13876A6EE1D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-29] (Google Inc.)
Task: {DFB47F9D-6162-46A3-A38C-E0EB7F2FE586} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-29] (Google Inc.)
Task: {E29A640A-DD57-45D4-A39D-1B568D7D8CE5} - System32\Tasks\SUPERAntiSpyware Scheduled Task 7cc9fbc5-e185-437c-8b69-3724f3b45856 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {EDC5844A-1CA8-4F80-8A20-C1DE11C6A4FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {EEE89191-0B57-4BAA-B6EF-BC08D9838279} - System32\Tasks\psv_Lamis => /c regedit.exe /s "C:\ProgramData\Quoteex\Domsilzap.reg" &amp; del "C:\ProgramData\Quoteex\Domsilzap.reg" &amp; SCHTASKS /Delete /TN "psv_Lamis" /F <==== ATTENTION
Task: {F18A7749-9AA2-4E4A-84D7-98EDDC6ED8E7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-21] (Piriform Ltd)
Task: {F9992C12-3ADF-4C3F-BC24-5AB1A54BAE02} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Owner).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7cc9fbc5-e185-437c-8b69-3724f3b45856.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9e88b202-93b7-4d8f-baa9-5d103a1f07d5.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Owner\Desktop\WDMyCloud - Shortcut.lnk -> hxxp://10.0.0.10

ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

==================== Loaded Modules (Whitelisted) ==============

2013-10-14 14:23 - 2013-10-14 14:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 14:24 - 2013-10-14 14:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 14:25 - 2013-10-14 14:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 14:35 - 2013-10-14 14:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 14:35 - 2013-10-14 14:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-12-11 17:11 - 2013-12-11 17:11 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-22 09:23 - 2016-09-22 09:23 - 00077824 _____ () C:\Program Files (x86)\dataup\dataup.exe
2016-09-26 02:00 - 2016-09-28 03:08 - 00057856 _____ () C:\ProgramData\NetworkPacketManitor\Nettrans.exe
2016-12-08 03:00 - 2016-12-08 03:00 - 00470592 _____ () C:\Windows\SysWOW64\NetUtils2016.exe
2016-12-08 03:00 - 2016-12-09 01:46 - 00625272 _____ () C:\Windows\System32\NetUtils2016.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-15 15:19 - 2016-10-30 11:12 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-10-14 14:30 - 2013-10-14 14:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2016-01-06 11:41 - 2016-01-06 11:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-12-09 09:03 - 2016-12-09 09:03 - 00358912 _____ () C:\ProgramData\AppxeetouQ\Zumlab.dll
2016-12-09 09:02 - 2016-12-08 02:05 - 00400896 _____ () C:\ProgramData\AppxeetouQ\AppxeetouQ.exe
2016-05-29 11:19 - 2016-05-29 11:19 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2016-09-21 23:32 - 2016-09-21 23:32 - 00224768 _____ () C:\Program Files (x86)\dataup\help_dll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [132]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\sharepoint.com -> hxxps://mailirsc-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2016-12-08 02:51 - 00001046 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com
162.222.193.86       aoaomo.tremorhub.com
162.222.193.86       www.howcast.com
162.222.193.86       howcast.com
192.192.3.8       www.virustotal.com
192.192.3.8       virustotal.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "WDAppManager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{107B422A-D0AB-449F-A1AA-C817425F30A4}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ED88D1C7-C270-4D46-A4EF-5097B952B6ED}] => LPort=2869
FirewallRules: [{BFE52D7C-AE3A-4CFA-ABF5-CC7C43499C2F}] => LPort=1900
FirewallRules: [{663CF732-DD41-47C7-99BA-F0DA231DC35A}] => C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{D0965732-E040-4205-96DF-71DE67C04772}] => C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{2AFC2523-92B4-4881-A64B-37B3DF250EE3}] => %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{51C2F6A7-7307-4A96-A673-321E57FD7959}] => %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{BDEF92DD-2FEF-4BE2-8DBB-7082997619B0}] => %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{B15A4410-322D-44D8-BFE1-7F9FD7F0CC32}] => %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{D962882F-3580-435D-AF20-28684EE66874}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{984A98BE-2F37-40AC-AA85-A1EAAACBD480}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5B7927E7-8C97-4A5F-9FBF-2364891B75A7}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0BE510EE-C771-4B21-9EED-50215D0A5401}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F4578446-9999-4156-9C05-BB05CC6611CF}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BDE5C514-3F67-4F99-A26D-6F74ADA16B60}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4A023536-259E-4535-A346-29A1351C2882}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{49F45BF9-629E-4634-87FF-0206D8FD9562}] => C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{077D3B58-EBA6-4F9A-924B-38C6C73B77DC}] => C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{98CF36DD-002C-47D7-A6F3-8C22FA4848CF}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A102E186-3B3F-4C3E-87B0-B8C629C17894}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E290C894-FE29-48CD-85A6-051DB04E3913}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{ACB75E4F-A7CA-4AD4-A674-EC4D48074A29}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7A628478-0B7F-45F1-9DAF-B151105148E2}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{30F1077D-3FB0-42AF-B78E-6239A4FD0032}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6DB66054-D168-449B-8350-0C4A32EC1839}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E24190F6-F5ED-4A01-B9FD-05363F2FF108}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{9DC07A29-9B73-4858-80CC-9195BD9A9A57}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{BB396CE8-D628-4D41-88F0-AFEFA86700BB}] => C:\Windows\system32\rundll32.exe
FirewallRules: [{15917833-B7A8-4389-927C-B8A58886AFC7}] => C:\Users\Owner\AppData\Local\ddnow.exe
FirewallRules: [{F690E5B5-DE78-4E87-9380-E84090FCDB0A}] => C:\Users\Owner\AppData\Local\Temp\installer1.exe
FirewallRules: [{97F46F78-E874-42D0-A9C7-09F0C475D080}] => C:\Users\Owner\AppData\Local\29924446.exe
FirewallRules: [{F523302B-DA30-4609-8E55-12024C57BEAD}] => C:\Program Files (x86)\Undoes\low.exe
FirewallRules: [{4DFCDF10-4134-4F5C-9880-68BA6AF281DA}] => C:\Program Files (x86)\Hamon\low.exe

==================== Restore Points =========================

29-11-2016 14:29:18 Scheduled Checkpoint
07-12-2016 02:47:38 Scheduled Checkpoint
08-12-2016 09:15:45 Removed Traffic Exchange

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2016 08:58:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Owner\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/09/2016 01:46:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 54.0.2840.99 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f24

Start Time: 01d251e7a9b2db3b

Termination Time: 34738

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 109a8b52-bddb-11e6-82e9-b8ee65099743

Faulting package full name:

Faulting package-relative application ID:

Error: (12/09/2016 01:43:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Owner\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/09/2016 01:42:23 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/08/2016 11:34:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Au_.exe, version: 37.1.1.4, time stamp: 0x49ee67aa
Faulting module name: Wpc.dll_unloaded, version: 6.3.9600.17415, time stamp: 0x54503e7c
Exception code: 0xc0000005
Fault offset: 0x000775a0
Faulting process id: 0x379c
Faulting application start time: 0x01d251d57546361e
Faulting application path: C:\Users\Owner\AppData\Local\Temp\~nsu.tmp\Au_.exe
Faulting module path: Wpc.dll
Report Id: b797a8cb-bdc8-11e6-82e8-b8ee65099743
Faulting package full name:
Faulting package-relative application ID:

Error: (12/08/2016 11:04:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Owner\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/08/2016 10:44:59 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/08/2016 10:42:36 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/08/2016 10:42:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (12/08/2016 10:01:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

System errors:
=============
Error: (12/09/2016 01:42:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

Error: (12/09/2016 01:42:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/09/2016 01:41:31 AM) (Source: DCOM) (EventID: 10010) (User: SMITH-PC)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (12/08/2016 10:45:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.

Error: (12/08/2016 10:44:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/08/2016 10:43:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the mfefire service.

Error: (12/08/2016 10:43:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the ModuleCoreService service.

Error: (12/08/2016 10:43:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the mccspsvc service.

Error: (12/08/2016 10:43:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the mfemms service.

Error: (12/08/2016 10:43:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.

==================== Memory info ===========================

Processor: AMD A10-5750M APU with Radeon™ HD Graphics
Percentage of memory in use: 49%
Total physical RAM: 5338.26 MB
Available physical RAM: 2714.3 MB
Total Virtual: 6234.26 MB
Available Virtual: 3304.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:902.06 GB) (Free:752.46 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:28.68 GB) (Free:3.04 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 99C3433D)

Partition: GPT.

==================== End of Addition.txt ============================

 

 


Edited by christiety03, 09 December 2016 - 09:31 AM.

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Remove this program

ProxyGate version

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, place a checkmark in the selection box for Scan for rootkits.
  • Then select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

    [list]
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#3
christiety03

christiety03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Administrator: Yes

-Software Information-
Version: 3.0.4.1269
Components Version: 1.0.39
Update Package Version: 1.0.675
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: SMITH-PC\Owner

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 377482
Time Elapsed: 10 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 6
PUP.Optional.GeekBuddy, C:\PROGRAM FILES (X86)\COMMON FILES\COMODO\LAUNCHER_SERVICE.EXE, Quarantined, [2242], [342284],1.0.675
PUP.Optional.Linkury, C:\PROGRAMDATA\NETWORKPACKETMANITOR\NETTRANS.EXE, Quarantined, [400], [331415],1.0.675
PUP.Optional.StartGo123, C:\WINDOWS\SYSWOW64\NETUTILS2016.EXE, Quarantined, [865], [325509],1.0.675
PUP.Optional.UserMon, C:\USERS\OWNER\APPDATA\ROAMING\INTERSTATNOGUI\INTERSTATNOGUI.EXE, Quarantined, [1907], [337830],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\AppxeetouQ.exe, Quarantined, [96], [182898],1.0.675
PUP.Optional.Yelloader, C:\Program Files (x86)\dataup\dataup.exe, Quarantined, [1708], [245997],1.0.675

Module: 9
PUP.Optional.GeekBuddy, C:\PROGRAM FILES (X86)\COMMON FILES\COMODO\LAUNCHER_SERVICE.EXE, Quarantined, [2242], [342284],1.0.675
PUP.Optional.Linkury, C:\PROGRAMDATA\NETWORKPACKETMANITOR\NETTRANS.EXE, Quarantined, [400], [331415],1.0.675
PUP.Optional.StartGo123, C:\WINDOWS\SYSWOW64\NETUTILS2016.EXE, Quarantined, [865], [325509],1.0.675
PUP.Optional.StartGo123, C:\WINDOWS\SYSTEM32\NETUTILS2016.DLL, Quarantined, [865], [318108],1.0.675
PUP.Optional.UserMon, C:\USERS\OWNER\APPDATA\ROAMING\INTERSTATNOGUI\INTERSTATNOGUI.EXE, Quarantined, [1907], [337830],1.0.675
PUP.Optional.Linkury.ACMB1, C:\PROGRAMDATA\APPXEETOUQ\ZUMLAB.DLL, Quarantined, [96], [319430],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\AppxeetouQ.exe, Quarantined, [96], [182898],1.0.675
PUP.Optional.Yelloader, C:\Program Files (x86)\dataup\dataup.exe, Quarantined, [1708], [245997],1.0.675
PUP.Optional.Yelloader, C:\Program Files (x86)\dataup\help_dll.dll, Quarantined, [1708], [245997],1.0.675

Registry Key: 89
PUP.Optional.GeekBuddy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CLPSLauncher, Delete-on-Reboot, [2242], [342284],1.0.675
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Nettrans, Delete-on-Reboot, [400], [331415],1.0.675
PUP.Optional.StartGo123, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetUtils2016, Delete-on-Reboot, [865], [325509],1.0.675
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [131], [170024],1.0.675
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [131], [-1],0.0.0
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [131], [170024],1.0.675
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [131], [170024],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppxeetouQ, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\APPXEETOUQ.EXE, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\APPXEETOUQ.EXE, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Yelloader, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\NTService.Control.1, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}\InprocServer32, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}\InprocServer32, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [649], [260991],1.0.675
PUP.Optional.WinYahoo, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [117], [182758],1.0.675
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [117], [182758],1.0.675
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [117], [182758],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\21681042, Delete-on-Reboot, [1732], [183038],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\41777599, Delete-on-Reboot, [1732], [183038],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\69914424, Delete-on-Reboot, [1732], [183038],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Da2168104221681042, Delete-on-Reboot, [1732], [183039],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Da4177759941777599, Delete-on-Reboot, [1732], [183039],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Da6991442469914424, Delete-on-Reboot, [1732], [183039],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Hotlight, Delete-on-Reboot, [96], [259770],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Lamis, Delete-on-Reboot, [96], [259770],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\psv_Tresfax, Delete-on-Reboot, [96], [259770],1.0.675
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SlimCleaner Plus (Scheduled Scan - Owner), Delete-on-Reboot, [1656], [334109],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AppxeetouQ_RASAPI32, Delete-on-Reboot, [96], [182901],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AppxeetouQ_RASMANCS, Delete-on-Reboot, [96], [182901],1.0.675
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\NetRadio-3_RASAPI32, Delete-on-Reboot, [10462], [255410],1.0.675
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\NetRadio-3_RASMANCS, Delete-on-Reboot, [10462], [255410],1.0.675
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\NetRadio_RASAPI32, Delete-on-Reboot, [10462], [255411],1.0.675
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\NetRadio_RASMANCS, Delete-on-Reboot, [10462], [255411],1.0.675
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASAPI32, Delete-on-Reboot, [7655], [246229],1.0.675
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASMANCS, Delete-on-Reboot, [7655], [246229],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Quoteex_RASAPI32, Delete-on-Reboot, [96], [260623],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Quoteex_RASMANCS, Delete-on-Reboot, [96], [260623],1.0.675
PUP.Optional.Linkury, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}, Delete-on-Reboot, [400], [259313],1.0.675
PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROLEAVES\{5C2B5FB4-B961-4BA8-AAC5-11381225A8FA}, Delete-on-Reboot, [696], [339688],1.0.675
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [649], [260991],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\AppxeetouQ.exe, Delete-on-Reboot, [96], [182902],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe, Delete-on-Reboot, [96], [260624],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2DD80982-9C9F-4E22-84B1-CF3E1F535726}, Delete-on-Reboot, [96], [259767],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{36291BBD-0446-4D38-9DE0-2CF2B0A1C5BA}, Delete-on-Reboot, [1732], [183036],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3C21C76A-7FBB-42E1-A570-BF480CA7D242}, Delete-on-Reboot, [1732], [183035],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{46ABCC5A-349A-4121-A8D2-89BFD225AA61}, Delete-on-Reboot, [96], [259767],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{52BBFD60-FF72-4B3F-A4E0-A17202E5DAAF}, Delete-on-Reboot, [1732], [183035],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{871C2029-FD6F-4A1A-9189-B7B67F313D19}, Delete-on-Reboot, [1732], [183035],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8BDDED05-97C9-4D9B-B9CA-2004B542EF25}, Delete-on-Reboot, [1732], [183036],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BD5C7C7C-6EDA-445D-A012-266A5611A3D8}, Delete-on-Reboot, [1732], [183036],1.0.675
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C3A00456-0AC6-4039-A83D-CEC3B23E059E}, Delete-on-Reboot, [1656], [334102],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EEE89191-0B57-4BAA-B6EF-BC08D9838279}, Delete-on-Reboot, [96], [259767],1.0.675
PUP.Optional.GeekBuddy, HKLM\SYSTEM\SOFTWARE\COMODO\CLPS 4, Delete-on-Reboot, [2242], [342292],1.0.675
PUP.Optional.InstallCore, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\csastats, Delete-on-Reboot, [8], [260986],1.0.675
PUP.Optional.InstallCore, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\ICSW1.22, Delete-on-Reboot, [8], [239562],1.0.675
PUP.Optional.InterStat, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\Interstatnogui, Delete-on-Reboot, [1693], [333863],1.0.675
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\mtAppxeetouQ, Delete-on-Reboot, [96], [182899],1.0.675
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\mtApService, Delete-on-Reboot, [96], [259536],1.0.675
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application Installer, Delete-on-Reboot, [696], [333868],1.0.675
PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Traffic Exchange, Delete-on-Reboot, [696], [333881],1.0.675
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch, Delete-on-Reboot, [400], [259314],1.0.675
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES? INC.\DriverApp, Delete-on-Reboot, [1209], [341522],1.0.675
PUP.Optional.StartGo123, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetUtils2016srv, Delete-on-Reboot, [865], [325507],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, Delete-on-Reboot, [96], [259928],1.0.675
PUP.Optional.DataUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup, Delete-on-Reboot, [1332], [315676],1.0.675
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\WOW6432NODE\GeekBuddyRSP, Delete-on-Reboot, [2242], [342277],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtAppxeetouQ, Delete-on-Reboot, [96], [182903],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtApService, Delete-on-Reboot, [96], [259827],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtQuoteex, Delete-on-Reboot, [96], [260625],1.0.675
PUP.Optional.UniversalDriverUpdater, HKLM\SOFTWARE\WOW6432NODE\PCVARK, Delete-on-Reboot, [1780], [337998],1.0.675
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES INC\SlimCleaner Plus, Delete-on-Reboot, [1656], [338932],1.0.675
PUP.Optional.SearchManager, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [649], [183362],1.0.675
PUP.Optional.ProxyGate, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1, Delete-on-Reboot, [1171], [337556],1.0.675
PUP.Optional.SlimCleanerPlus, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\SLIMWARE UTILITIES INC\SlimCleaner Plus, Delete-on-Reboot, [1656], [340171],1.0.675
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\GeekBuddyRSP, Delete-on-Reboot, [2242], [342277],1.0.675
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, Delete-on-Reboot, [14436], [253915],1.0.675
PUP.Optional.ProductSetup, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\PRODUCTSETUP, Delete-on-Reboot, [16818], [242047],1.0.675

 

Registry Value: 50
PUP.Optional.GeekBuddy, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\COMODO\LAUNCHER_SERVICE.EXE, Delete-on-Reboot, [2242], [342284],1.0.675
PUP.Optional.UserMon, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Interstatnogui, Delete-on-Reboot, [1907], [337830],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, Replace-on-Reboot, [96], [319430],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Delete-on-Reboot, [96], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Delete-on-Reboot, [96], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\ENVIRONMENT|SNF, Delete-on-Reboot, [96], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [131], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [131], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, Replace-on-Reboot, [96], [182898],1.0.675
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Delete-on-Reboot, [117], [182758],1.0.675
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Replace-on-Reboot, [400], [293477],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\APPXEETOUQ|IMAGEPATH, Delete-on-Reboot, [96], [182904],1.0.675
PUP.Optional.GeekBuddy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CLPSLAUNCHER|DISPLAYNAME, Delete-on-Reboot, [2242], [342293],1.0.675
PUP.Optional.Linkury, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DISPLAYNAME, Delete-on-Reboot, [400], [259313],1.0.675
PUP.Optional.NetRadio, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NETRADIO.EXE, Delete-on-Reboot, [10462], [256972],1.0.675
PUP.Optional.NetRadio, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NETRADIO.VSHOST.EXE, Delete-on-Reboot, [10462], [256973],1.0.675
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Delete-on-Reboot, [117], [182758],1.0.675
PUP.Optional.Linkury, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Replace-on-Reboot, [400], [293476],1.0.675
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, Delete-on-Reboot, [96], [259988],1.0.675
PUP.Optional.ProxyGate.PrxySvrRST, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PROXYGATE, Delete-on-Reboot, [14617], [184419],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2DD80982-9C9F-4E22-84B1-CF3E1F535726}|PATH, Delete-on-Reboot, [96], [259767],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{36291BBD-0446-4D38-9DE0-2CF2B0A1C5BA}|PATH, Delete-on-Reboot, [1732], [183036],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3C21C76A-7FBB-42E1-A570-BF480CA7D242}|PATH, Delete-on-Reboot, [1732], [183035],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{46ABCC5A-349A-4121-A8D2-89BFD225AA61}|PATH, Delete-on-Reboot, [96], [259767],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{52BBFD60-FF72-4B3F-A4E0-A17202E5DAAF}|PATH, Delete-on-Reboot, [1732], [183035],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{871C2029-FD6F-4A1A-9189-B7B67F313D19}|PATH, Delete-on-Reboot, [1732], [183035],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8BDDED05-97C9-4D9B-B9CA-2004B542EF25}|PATH, Delete-on-Reboot, [1732], [183036],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{BD5C7C7C-6EDA-445D-A012-266A5611A3D8}|PATH, Delete-on-Reboot, [1732], [183036],1.0.675
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C3A00456-0AC6-4039-A83D-CEC3B23E059E}|PATH, Delete-on-Reboot, [1656], [334102],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EEE89191-0B57-4BAA-B6EF-BC08D9838279}|PATH, Delete-on-Reboot, [96], [259767],1.0.675
PUP.Optional.Linkury, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETTRANS|IMAGEPATH, Delete-on-Reboot, [400], [331424],1.0.675
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NETRADIO.EXE, Delete-on-Reboot, [10462], [256972],1.0.675
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NETRADIO.VSHOST.EXE, Delete-on-Reboot, [10462], [256973],1.0.675
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DISPLAYNAME, Delete-on-Reboot, [400], [259314],1.0.675
PUP.Optional.DataUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|IMAGEPATH, Delete-on-Reboot, [1332], [254580],1.0.675
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [117], [293461],1.0.675
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\ENVIRONMENT|SNF, Delete-on-Reboot, [96], [259517],1.0.675
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\ENVIRONMENT|SNP, Delete-on-Reboot, [96], [259518],1.0.675
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, Delete-on-Reboot, [96], [259987],1.0.675
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [117], [293461],1.0.675
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, Delete-on-Reboot, [96], [259989],1.0.675
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [96], [293485],1.0.675
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, Replace-on-Reboot, [96], [293485],1.0.675
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH BAR, Replace-on-Reboot, [96], [293485],1.0.675
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCHASSISTANT, Replace-on-Reboot, [96], [293485],1.0.675
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Replace-on-Reboot, [96], [293486],1.0.675
PUP.Optional.ProductSetup, HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\PRODUCTSETUP|TB, Delete-on-Reboot, [16818], [242047],1.0.675

Data Stream: 0
(No malicious items detected)

Folder: 77
PUP.Optional.TweakBit, C:\PROGRAMDATA\BSD\DriverHive, Delete-on-Reboot, [1419], [330442],1.0.675
PUP.Optional.TweakBit, C:\PROGRAMDATA\BSD\DriverHiveEngine, Delete-on-Reboot, [1419], [331811],1.0.675
PUP.Optional.OnlineIO, C:\ProgramData\Microleaves\Online.io Application\updates, Delete-on-Reboot, [696], [335287],1.0.675
PUP.Optional.OnlineIO, C:\PROGRAMDATA\Microleaves\Online.io Application, Delete-on-Reboot, [696], [335287],1.0.675
PUP.Optional.OnlineIO, C:\ProgramData\Microleaves\Traffic Exchange\updates, Delete-on-Reboot, [696], [335288],1.0.675
PUP.Optional.OnlineIO, C:\PROGRAMDATA\Microleaves\Traffic Exchange, Delete-on-Reboot, [696], [335288],1.0.675
PUP.Optional.Linkury, C:\PROGRAMDATA\NetworkPacketManitor, Delete-on-Reboot, [400], [331423],1.0.675
PUP.Optional.UniversalDriverUpdater, C:\ProgramData\PCVARK\Universal Driver Updater\1.x\Data, Delete-on-Reboot, [1780], [337995],1.0.675
PUP.Optional.UniversalDriverUpdater, C:\ProgramData\PCVARK\Universal Driver Updater\1.x\Logs, Delete-on-Reboot, [1780], [337995],1.0.675
PUP.Optional.UniversalDriverUpdater, C:\ProgramData\PCVARK\Universal Driver Updater\1.x, Delete-on-Reboot, [1780], [337995],1.0.675
PUP.Optional.UniversalDriverUpdater, C:\PROGRAMDATA\PCVARK\Universal Driver Updater, Delete-on-Reboot, [1780], [337995],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\ondemand, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\PROGRAMDATA\APPXEETOUQ, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X64, Delete-on-Reboot, [3994], [183111],1.0.675
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\X86, Delete-on-Reboot, [3994], [183111],1.0.675
PUP.Optional.LogicHandler, C:\PROGRAMDATA\LOGIC HANDLER, Delete-on-Reboot, [3994], [183111],1.0.675
PUP.Optional.Linkury.ACMB1, C:\PROGRAMDATA\APPXEETOUQS, Delete-on-Reboot, [96], [302602],1.0.675
PUP.Optional.Linkury.ACMB1, C:\PROGRAMDATA\QUOTEEXS, Delete-on-Reboot, [96], [302605],1.0.675
PUP.Optional.AnonymizerGadget, C:\USERS\OWNER\APPDATA\ROAMING\AGDATA, Delete-on-Reboot, [1862], [338259],1.0.675
PUP.Optional.InterStat, C:\USERS\OWNER\APPDATA\ROAMING\Interstatnogui, Delete-on-Reboot, [1693], [333846],1.0.675
Rogue.RegTool, C:\PROGRAM FILES (X86)\regtool, Delete-on-Reboot, [4050], [171224],1.0.675
PUP.Optional.AnonymizerGadget, C:\USERS\OWNER\.AnonymizerLauncher, Delete-on-Reboot, [1862], [339677],1.0.675
PUP.Optional.AnonymizerGadget, C:\USERS\OWNER\.proxycheck, Delete-on-Reboot, [1862], [339680],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\macromedia.com\support\flashplayer\sys\#cdn2.dashbida.com, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\macromedia.com\support\flashplayer\sys\#sportmovs.com, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\cdn2.dashbida.com\prod\db\1.0\VPAID2.swf, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\macromedia.com\support\flashplayer\sys, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\macromedia.com\support\flashplayer, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\cdn2.dashbida.com\prod\db\1.0, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\cdn2.dashbida.com\prod\db, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\objects.tremormedia.com, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\macromedia.com\support, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\cdn2.dashbida.com\prod, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\cdn2.dashbida.com, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\macromedia.com, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\sportmovs.com, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\BBGNYDM6, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\IndexedDB\http_www.marthastewart.com_0.indexeddb.leveldb, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Local Storage, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\IndexedDB, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\databases, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\USERS\OWNER\APPDATA\LOCAL\AnonymizerLauncher, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.Mstrn, C:\Users\Owner\AppData\Local\mstrn32\dump, Delete-on-Reboot, [11493], [175232],1.0.675
PUP.Optional.Mstrn, C:\USERS\OWNER\APPDATA\LOCAL\mstrn32, Delete-on-Reboot, [11493], [175232],1.0.675
PUP.Optional.SlimCleanerPlus, C:\Users\Owner\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage, Delete-on-Reboot, [1656], [340170],1.0.675
PUP.Optional.SlimCleanerPlus, C:\Users\Owner\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache, Delete-on-Reboot, [1656], [340170],1.0.675
PUP.Optional.SlimCleanerPlus, C:\USERS\OWNER\APPDATA\LOCAL\SlimWare Utilities Inc\SlimCleaner Plus, Delete-on-Reboot, [1656], [340170],1.0.675
PUP.Optional.ProxyGate, C:\Users\Owner\AppData\Roaming\ProxyGate\ocx, Delete-on-Reboot, [1171], [314822],1.0.675
PUP.Optional.ProxyGate, C:\USERS\OWNER\APPDATA\ROAMING\PROXYGATE, Delete-on-Reboot, [1171], [314822],1.0.675
PUP.Optional.EasyFileOpener, C:\Users\Owner\AppData\Roaming\efo\langs, Delete-on-Reboot, [3996], [261970],1.0.675
PUP.Optional.EasyFileOpener, C:\USERS\OWNER\APPDATA\ROAMING\EFO, Delete-on-Reboot, [3996], [261970],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\sqldrivers, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\platforms, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\plugins, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\PROGRAM FILES (X86)\MSRTN32, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\PepperFlash, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\PROGRAM FILES (X86)\CPX, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.Yelloader, C:\PROGRAM FILES (X86)\DATAUP, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Linkury, C:\WINDOWS\TEMP\SMARTBAR, Delete-on-Reboot, [400], [259312],1.0.675
PUP.Optional.AmazonDotD, C:\USERS\OWNER\APPDATA\LOCAL\SHORTCUT INSTALLER, Delete-on-Reboot, [1213], [337557],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ANONYMIZERGADGET, Delete-on-Reboot, [1421], [329210],1.0.675

File: 416
PUP.Optional.GeekBuddy, C:\PROGRAM FILES (X86)\COMMON FILES\COMODO\LAUNCHER_SERVICE.EXE, Delete-on-Reboot, [2242], [342284],1.0.675
PUP.Optional.Linkury, C:\PROGRAMDATA\NETWORKPACKETMANITOR\NETTRANS.EXE, Delete-on-Reboot, [400], [331415],1.0.675
PUP.Optional.StartGo123, C:\WINDOWS\SYSWOW64\NETUTILS2016.EXE, Delete-on-Reboot, [865], [325509],1.0.675
PUP.Optional.StartGo123, C:\WINDOWS\SYSTEM32\NETUTILS2016.DLL, Delete-on-Reboot, [865], [318108],1.0.675
PUP.Optional.TweakBit, C:\ProgramData\BSD\DriverHive\history2.dat, Delete-on-Reboot, [1419], [330442],1.0.675
PUP.Optional.TweakBit, C:\ProgramData\BSD\DriverHiveEngine\scandet2.dat, Delete-on-Reboot, [1419], [331811],1.0.675
PUP.Optional.TweakBit, C:\ProgramData\BSD\DriverHiveEngine\scansummary2.dat, Delete-on-Reboot, [1419], [331811],1.0.675
PUP.Optional.UserMon, C:\USERS\OWNER\APPDATA\ROAMING\INTERSTATNOGUI\INTERSTATNOGUI.EXE, Delete-on-Reboot, [1907], [337830],1.0.675
PUP.Optional.Linkury.ACMB1, C:\PROGRAMDATA\APPXEETOUQ\ZUMLAB.DLL, Delete-on-Reboot, [96], [319430],1.0.675
PUP.Optional.OnlineIO, C:\ProgramData\Microleaves\Traffic Exchange\updates\mupdates.aiu, Delete-on-Reboot, [696], [335288],1.0.675
PUP.Optional.Linkury, C:\ProgramData\NetworkPacketManitor\Config.xml, Delete-on-Reboot, [400], [331423],1.0.675
PUP.Optional.Linkury, C:\ProgramData\NetworkPacketManitor\crambo.exe, Delete-on-Reboot, [400], [331423],1.0.675
PUP.Optional.Linkury, C:\ProgramData\NetworkPacketManitor\Nettrans.exe.config, Delete-on-Reboot, [400], [331423],1.0.675
PUP.Optional.UniversalDriverUpdater, C:\ProgramData\PCVARK\Universal Driver Updater\1.x\Data\dlc.dat, Delete-on-Reboot, [1780], [337995],1.0.675
PUP.Optional.UniversalDriverUpdater, C:\ProgramData\PCVARK\Universal Driver Updater\1.x\Data\statistics.dat, Delete-on-Reboot, [1780], [337995],1.0.675
PUP.Optional.UniversalDriverUpdater, C:\ProgramData\PCVARK\Universal Driver Updater\1.x\Logs\DriverHiveEngine_0.log, Delete-on-Reboot, [1780], [337995],1.0.675
PUP.Optional.UniversalDriverUpdater, C:\ProgramData\PCVARK\Universal Driver Updater\1.x\Logs\UniversalDriverUpdaterLogic.log, Delete-on-Reboot, [1780], [337995],1.0.675
PUP.Optional.StartGo123, C:\WINDOWS\SYSTEM32\DRIVERS\NETUTILS2016.SYS, Delete-on-Reboot, [865], [325509],1.0.675
PUP.Optional.Linkury.ACMB1, C:\PROGRAMDATA\APPXEETOUQ\BAMKIX.BIN, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\Ranfix.dat, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\AppxeetouQ.d.dat, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\AppxeetouQ.dat, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\AppxeetouQ.exe, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\conf.config, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\Config.xml, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\Kantop.bin, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\LamJob.dat, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\md.xml, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\Medtam.exe, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\Medtam.exe.config, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\TrioAnair.bin, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\uninstall.dat, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\Vaiacore.exe, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\Vaiacore.exe.config, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\Warmstring.dll, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\Warmtam.bin, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\Y-is.exe, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\Y-is.exe.config, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\Yearfix.bin, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\Zummaex.dat, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\Zumtone.bin, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQ\ZunAnit.bin, Delete-on-Reboot, [96], [182898],1.0.675
PUP.Optional.LogicHandler, C:\PROGRAMDATA\LOGIC HANDLER\SET.EXE.CONFIG, Delete-on-Reboot, [3994], [183111],1.0.675
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\Config.json, Delete-on-Reboot, [3994], [183111],1.0.675
PUP.Optional.LogicHandler, C:\ProgramData\Logic Handler\System.Data.SQLite.xml, Delete-on-Reboot, [3994], [183111],1.0.675
PUP.Optional.Linkury.ACMB1, C:\PROGRAMDATA\APPXEETOUQS\FF.HP, Delete-on-Reboot, [96], [302602],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQs\ff.NT, Delete-on-Reboot, [96], [302602],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\AppxeetouQs\snp.sc, Delete-on-Reboot, [96], [302602],1.0.675
PUP.Optional.Linkury, C:\USERS\OWNER\APPDATA\ROAMING\MD.XML, Delete-on-Reboot, [400], [258091],1.0.675
PUP.Optional.Linkury.ACMB1, C:\PROGRAMDATA\QUOTEEXS\FF.HP, Delete-on-Reboot, [96], [302605],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteexs\ff.NT, Delete-on-Reboot, [96], [302605],1.0.675
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Quoteexs\snp.sc, Delete-on-Reboot, [96], [302605],1.0.675
PUP.Optional.Linkury, C:\USERS\OWNER\APPDATA\ROAMING\NOAH.DAT, Delete-on-Reboot, [400], [258092],1.0.675
PUP.Optional.Linkury.ACMB1, C:\USERS\OWNER\APPDATA\ROAMING\CONFIG.XML, Delete-on-Reboot, [96], [302553],1.0.675
PUP.Optional.Linkury.Gen, C:\USERS\OWNER\APPDATA\ROAMING\TRANSFAX.TST, Delete-on-Reboot, [19425], [261636],1.0.675
PUP.Optional.AnonymizerGadget, C:\USERS\OWNER\APPDATA\ROAMING\AGDATA\CONFIG.JSON, Delete-on-Reboot, [1862], [338259],1.0.675
PUP.Optional.AnonymizerGadget, C:\Users\Owner\AppData\Roaming\AGData\add.json, Delete-on-Reboot, [1862], [338259],1.0.675
PUP.Optional.Linkury.ACMB1, C:\USERS\OWNER\APPDATA\ROAMING\INSTALLATIONCONFIGURATION.XML, Delete-on-Reboot, [96], [302554],1.0.675
PUP.Optional.Linkury, C:\USERS\OWNER\APPDATA\ROAMING\UNINSTALL_TEMP.ICO, Delete-on-Reboot, [400], [258093],1.0.675
Rogue.RegTool, C:\Program Files (x86)\regtool\regtool.exe, Delete-on-Reboot, [4050], [171224],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\data_0, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\data_1, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\data_2, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\data_3, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000001, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000002, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000003, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000004, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000005, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000006, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000007, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000008, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000009, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00000a, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00000b, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00000c, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00000d, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00000e, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00000f, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000011, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000012, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000013, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000014, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000015, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000016, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000017, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000018, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000019, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00001a, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00001b, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00001c, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00001d, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00001e, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00001f, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000020, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000021, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000022, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000023, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000025, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000026, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000027, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000028, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000029, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00002a, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00002b, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00002c, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00002d, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00002e, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00002f, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000030, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000031, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000032, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000033, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000034, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000035, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000036, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000037, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000039, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00003a, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00003b, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00003c, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00003d, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00003e, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00003f, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000040, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000041, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000042, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000043, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000044, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000045, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000046, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000047, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000048, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000049, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00004a, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00004b, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00004d, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00004e, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00004f, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000050, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000051, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000052, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000053, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000054, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000055, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000056, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000057, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000058, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000059, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00005a, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00005b, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00005c, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00005d, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00005e, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00005f, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000061, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000063, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000064, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000065, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000066, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000067, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000068, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000069, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00006a, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00006b, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00006c, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00006d, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00006e, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00006f, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000070, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000071, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000072, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000073, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000010, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000024, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000038, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00004c, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000060, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000074, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000088, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000075, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000076, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000077, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000078, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000079, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00007a, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00007b, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00007c, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00007d, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00007e, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00007f, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000080, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000081, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000082, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000083, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000084, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000085, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000086, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000087, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000089, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00008a, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00008b, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00008c, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00008d, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00008e, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00008f, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000090, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000091, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000092, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000093, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000095, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000096, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000097, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000098, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_000099, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00009a, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00009b, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00009c, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00009d, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00009e, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\f_00009f, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\cache\QtWebEngine\Default\Cache\index, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\databases\Databases.db, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\databases\Databases.db-journal, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\IndexedDB\http_www.marthastewart.com_0.indexeddb.leveldb\000003.log, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\IndexedDB\http_www.marthastewart.com_0.indexeddb.leveldb\CURRENT, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\IndexedDB\http_www.marthastewart.com_0.indexeddb.leveldb\LOCK, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\IndexedDB\http_www.marthastewart.com_0.indexeddb.leveldb\LOG, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\IndexedDB\http_www.marthastewart.com_0.indexeddb.leveldb\MANIFEST-000001, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\cdn2.dashbida.com\prod\db\1.0\VPAID2.swf\dbStore.sol, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\macromedia.com\support\flashplayer\sys\#cdn2.dashbida.com\settings.sol, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\macromedia.com\support\flashplayer\sys\#objects.tremormedia.com\settings.sol, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\macromedia.com\support\flashplayer\sys\#sportmovs.com\settings.sol, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\macromedia.com\support\flashplayer\sys\settings.sol, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XX896SMB\objects.tremormedia.com\com.quantserve.sol, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Cookies, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\Cookies-journal, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\QuotaManager, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\Users\Owner\AppData\Local\AnonymizerLauncher\QtWebEngine\Default\QuotaManager-journal, Delete-on-Reboot, [1421], [329192],1.0.675
PUP.Optional.Mstrn, C:\Users\Owner\AppData\Local\mstrn32\dump\7c3d7591-6e25-404b-8be1-de33daf9452e.dmp, Delete-on-Reboot, [11493], [175232],1.0.675
PUP.Optional.Mstrn, C:\Users\Owner\AppData\Local\mstrn32\dump\cc574c7b-3bc5-4eb0-99ba-586a53862de4.dmp, Delete-on-Reboot, [11493], [175232],1.0.675
PUP.Optional.Mstrn, C:\Users\Owner\AppData\Local\mstrn32\cookies, Delete-on-Reboot, [11493], [175232],1.0.675
PUP.Optional.Mstrn, C:\Users\Owner\AppData\Local\mstrn32\db.sqlite, Delete-on-Reboot, [11493], [175232],1.0.675
PUP.Optional.Mstrn, C:\Users\Owner\AppData\Local\mstrn32\db.sqlite.bak, Delete-on-Reboot, [11493], [175232],1.0.675
PUP.Optional.Mstrn, C:\Users\Owner\AppData\Local\mstrn32\Setting.ini, Delete-on-Reboot, [11493], [175232],1.0.675
PUP.Optional.Mstrn, C:\Users\Owner\AppData\Local\mstrn32\urls.txt, Delete-on-Reboot, [11493], [175232],1.0.675
PUP.Optional.Mstrn, C:\Users\Owner\AppData\Local\mstrn32\urls.txt.bak, Delete-on-Reboot, [11493], [175232],1.0.675
PUP.Optional.SlimCleanerPlus, C:\Users\Owner\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage\ui_main_0.localstorage, Delete-on-Reboot, [1656], [340170],1.0.675
PUP.Optional.SlimCleanerPlus, C:\Users\Owner\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage\ui_main_0.localstorage-journal, Delete-on-Reboot, [1656], [340170],1.0.675
PUP.Optional.SlimCleanerPlus, C:\Users\Owner\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\cookiefilter.db, Delete-on-Reboot, [1656], [340170],1.0.675
PUP.Optional.SlimCleanerPlus, C:\Users\Owner\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\settings, Delete-on-Reboot, [1656], [340170],1.0.675
PUP.Optional.ProxyGate, C:\USERS\OWNER\APPDATA\ROAMING\PROXYGATE\DNS.DAT, Delete-on-Reboot, [1171], [314822],1.0.675
PUP.Optional.ProxyGate, C:\Users\Owner\AppData\Roaming\ProxyGate\ocx\mscomctl.ocx, Delete-on-Reboot, [1171], [314822],1.0.675
PUP.Optional.ProxyGate, C:\Users\Owner\AppData\Roaming\ProxyGate\Cloud.exe, Delete-on-Reboot, [1171], [314822],1.0.675
PUP.Optional.ProxyGate, C:\Users\Owner\AppData\Roaming\ProxyGate\conf.dat, Delete-on-Reboot, [1171], [314822],1.0.675
PUP.Optional.ProxyGate, C:\Users\Owner\AppData\Roaming\ProxyGate\Config.ini, Delete-on-Reboot, [1171], [314822],1.0.675
PUP.Optional.ProxyGate, C:\Users\Owner\AppData\Roaming\ProxyGate\dbghelp.dll, Delete-on-Reboot, [1171], [314822],1.0.675
PUP.Optional.ProxyGate, C:\Users\Owner\AppData\Roaming\ProxyGate\list.dat, Delete-on-Reboot, [1171], [314822],1.0.675
PUP.Optional.ProxyGate, C:\Users\Owner\AppData\Roaming\ProxyGate\msvbvm60.dll, Delete-on-Reboot, [1171], [314822],1.0.675
PUP.Optional.ProxyGate, C:\Users\Owner\AppData\Roaming\ProxyGate\TrafficMonitor.ini, Delete-on-Reboot, [1171], [314822],1.0.675
PUP.Optional.EasyFileOpener, C:\USERS\OWNER\APPDATA\ROAMING\EFO\EFO.EXE.CONFIG, Delete-on-Reboot, [3996], [261970],1.0.675
PUP.Optional.EasyFileOpener, C:\Users\Owner\AppData\Roaming\efo\langs\danish_efo_da.ini, Delete-on-Reboot, [3996], [261970],1.0.675
PUP.Optional.EasyFileOpener, C:\Users\Owner\AppData\Roaming\efo\langs\Dutch_efo_nl.ini, Delete-on-Reboot, [3996], [261970],1.0.675
PUP.Optional.EasyFileOpener, C:\Users\Owner\AppData\Roaming\efo\langs\english_efo_en.ini, Delete-on-Reboot, [3996], [261970],1.0.675
PUP.Optional.EasyFileOpener, C:\Users\Owner\AppData\Roaming\efo\langs\finish_efo_fi.ini, Delete-on-Reboot, [3996], [261970],1.0.675
PUP.Optional.EasyFileOpener, C:\Users\Owner\AppData\Roaming\efo\langs\French_efo_fr.ini, Delete-on-Reboot, [3996], [261970],1.0.675
PUP.Optional.EasyFileOpener, C:\Users\Owner\AppData\Roaming\efo\langs\german_efo_de.ini, Delete-on-Reboot, [3996], [261970],1.0.675
PUP.Optional.EasyFileOpener, C:\Users\Owner\AppData\Roaming\efo\langs\italian_efo_it.ini, Delete-on-Reboot, [3996], [261970],1.0.675
PUP.Optional.EasyFileOpener, C:\Users\Owner\AppData\Roaming\efo\langs\japanese_efo_ja.ini, Delete-on-Reboot, [3996], [261970],1.0.675
PUP.Optional.EasyFileOpener, C:\Users\Owner\AppData\Roaming\efo\langs\norwegian_efo_no.ini, Delete-on-Reboot, [3996], [261970],1.0.675
PUP.Optional.EasyFileOpener, C:\Users\Owner\AppData\Roaming\efo\langs\portuguese_efo_ptbr.ini, Delete-on-Reboot, [3996], [261970],1.0.675
PUP.Optional.EasyFileOpener, C:\Users\Owner\AppData\Roaming\efo\langs\russian_efo_ru.ini, Delete-on-Reboot, [3996], [261970],1.0.675
PUP.Optional.EasyFileOpener, C:\Users\Owner\AppData\Roaming\efo\efo.exe, Delete-on-Reboot, [3996], [261970],1.0.675
PUP.Optional.Clicker, C:\PROGRAM FILES (X86)\MSRTN32\LIBEAY32.DLL, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qdds.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qgif.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qicns.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qico.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qjp2.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qjpeg.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qmng.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qsvg.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qtga.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qtiff.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qwbmp.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\imageformats\qwebp.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\platforms\qminimal.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\platforms\qwindows.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\plugins\NPSWF32_11_5_502_110.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\sqldrivers\qsqlite.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\boost_serialization-vc100-mt-1_54.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\cdhtr.exe, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\icudt53.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\icuin53.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\icuio53.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\icule53.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\iculx53.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\icutest53.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\icutu53.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\icuuc53.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\msvcp100.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\msvcr100.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Core.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Gui.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Multimedia.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5MultimediaWidgets.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Network.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5OpenGL.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Positioning.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5PrintSupport.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Qml.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Quick.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Sensors.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Sql.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5WebKit.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5WebKitWidgets.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\Qt5Widgets.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\QtXml4.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\QxOrm.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\rthdcpd.exe, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\ssleay32.dll, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.Clicker, C:\Program Files (x86)\msrtn32\ua.txt, Delete-on-Reboot, [987], [261673],1.0.675
PUP.Optional.CPX, C:\PROGRAM FILES (X86)\CPX\FFMPEGSUMO.DLL, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\hi.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\am.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ar.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\bg.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\bn.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ca.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\cs.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\da.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\de.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\el.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\en-GB.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\en-US.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\es-419.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\es.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\et.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\fa.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\fi.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\fil.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\fr.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\gu.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\he.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\hr.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\hu.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\id.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\it.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ja.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\kn.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ko.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\lt.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\lv.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ml.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\mr.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ms.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\nb.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\nl.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\pl.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\pt-BR.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\pt-PT.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ro.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ru.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sk.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sl.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sr.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sv.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sw.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ta.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\te.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\th.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\tr.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\uk.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\vi.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\zh-CN.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\zh-TW.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\PepperFlash\manifest.json, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\PepperFlash\pepflashplayer.dll, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\cef.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\cef_100_percent.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\cef_200_percent.pak, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\core.dll, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\d3dcompiler_43.dll, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\d3dcompiler_47.dll, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\debug.log, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\icudtl.dat, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\libcef.dll, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\libEGL.dll, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\libGLESv2.dll, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\natives_blob.bin, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.CPX, C:\Program Files (x86)\cpx\snapshot_blob.bin, Delete-on-Reboot, [16313], [235087],1.0.675
PUP.Optional.Linkury.ACMB1, C:\WINDOWS\SYSWOW64\FINDIT.XML, Delete-on-Reboot, [96], [259512],1.0.675
PUP.Optional.Yelloader, C:\PROGRAM FILES (X86)\DATAUP\DATAUP.INI, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Yelloader, C:\Program Files (x86)\dataup\dataup.exe, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Yelloader, C:\Program Files (x86)\dataup\help_dll.dll, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Yelloader, C:\Program Files (x86)\dataup\NTSVC.ocx, Delete-on-Reboot, [1708], [245997],1.0.675
PUP.Optional.Linkury, C:\WINDOWS\TEMP\SMARTBAR\ZAMTAX.ICO, Delete-on-Reboot, [400], [259312],1.0.675
Adware.DotDo, C:\WINDOWS\VADIM.EXE, Delete-on-Reboot, [55], [333617],1.0.675
Adware.Agent.Proxy, C:\USERS\OWNER\APPDATA\LOCAL\DDNOW.EXE, Delete-on-Reboot, [1046], [261040],1.0.675
PUP.Optional.AmazonDotD, C:\USERS\OWNER\APPDATA\LOCAL\SHORTCUT INSTALLER\AMAZON DEAL OF THE DAY.ICO, Delete-on-Reboot, [1213], [337557],1.0.675
PUP.Optional.SearchManager, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Delete-on-Reboot, [649], [260990],1.0.675
PUP.Optional.SafeFinder.ShrtCln, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_search.safefinder.com_0.localstorage, Delete-on-Reboot, [476], [316774],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, C:\PROGRAMDATA\NTUSER.POL, Delete-on-Reboot, [1732], [-1],0.0.0
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, Delete-on-Reboot, [1732], [-1],0.0.0
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\Da2168104221681042, Delete-on-Reboot, [1732], [183030],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\Da4177759941777599, Delete-on-Reboot, [1732], [183030],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\Da6991442469914424, Delete-on-Reboot, [1732], [183030],1.0.675
PUP.Optional.Linkury.ACMB1, C:\WINDOWS\SYSTEM32\TASKS\psv_Hotlight, Delete-on-Reboot, [96], [259513],1.0.675
PUP.Optional.Linkury.ACMB1, C:\WINDOWS\SYSTEM32\TASKS\psv_Lamis, Delete-on-Reboot, [96], [259513],1.0.675
PUP.Optional.Linkury.ACMB1, C:\WINDOWS\SYSTEM32\TASKS\psv_Tresfax, Delete-on-Reboot, [96], [259513],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\21681042, Delete-on-Reboot, [1732], [183029],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\41777599, Delete-on-Reboot, [1732], [183029],1.0.675
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\SYSTEM32\TASKS\69914424, Delete-on-Reboot, [1732], [183029],1.0.675
PUP.Optional.SlimCleanerPlus, C:\WINDOWS\SYSTEM32\TASKS\SlimCleaner Plus (Scheduled Scan - Owner), Delete-on-Reboot, [1656], [334098],1.0.675
PUP.Optional.SlimCleanerPlus, C:\WINDOWS\TASKS\SLIMCLEANER PLUS (SCHEDULED SCAN - OWNER).JOB, Delete-on-Reboot, [1656], [331621],1.0.675
PUP.Optional.AnonymizerGadget.PrxySvrRST, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ANONYMIZERGADGET\ANONYMIZERGADGET.LNK, Delete-on-Reboot, [1421], [329210],1.0.675

Physical Sector: 0
(No malicious items detected)

(end

 

 

*****I am also receiving a DLL error when rebooting?

 

Thank you for your help!!


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts

I am also receiving a DLL error when rebooting?


We will get to that. You're badly infected.


Next

Please download adwCleaner to your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next
    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

  • 0

#5
christiety03

christiety03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

# AdwCleaner v6.040 - Logfile created 09/12/2016 at 12:03:04
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-09.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : Owner - SMITH-PC
# Running from : C:\Users\Owner\Downloads\adwcleaner_6.040.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

[!] Service not deleted: swdumon

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Owner\AppData\Local\slimware utilities inc
[-] Folder deleted: C:\Users\Owner\AppData\Local\cpx
[#] Folder deleted on reboot: C:\Users\Owner\AppData\Local\SlimWare Utilities Inc
[-] Folder deleted: C:\Users\Owner\AppData\Roaming\Microleaves
[-] Folder deleted: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
[-] Folder deleted: C:\Users\Owner\Documents\vShare
[-] Folder deleted: C:\ProgramData\lavasoft\web companion
[-] Folder deleted: C:\ProgramData\PCVARK
[-] Folder deleted: C:\ProgramData\Microleaves
[-] Folder deleted: C:\ProgramData\BSD
[#] Folder deleted on reboot: C:\ProgramData\Application Data\lavasoft\web companion
[#] Folder deleted on reboot: C:\ProgramData\Application Data\PCVARK
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Microleaves
[#] Folder deleted on reboot: C:\ProgramData\Application Data\BSD
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
[-] Folder deleted: C:\Program Files (x86)\AnonymizerGadget
[-] Folder deleted: C:\Program Files (x86)\Microleaves
[-] Folder deleted: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki

***** [ Files ] *****

[-] File deleted: C:\Windows\SysNative\drivers\swdumon.sys
[-] File deleted: C:\Users\Owner\AppData\Local\ok223.txt
[-] File deleted: C:\Users\Owner\AppData\Local\tr5b.txt
[-] File deleted: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdckocnfhibclnnkifmjbbogcfkbijki_0.localstorage

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\free.mapsgalaxy.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mapsgalaxy.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mapsgalaxy.dl.myway.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\Software\SlimWare Utilities Inc
[#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key deleted: HKLM\SOFTWARE\IDOT
[-] Key deleted: HKLM\SOFTWARE\Microleaves
[#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc
[-] Key deleted: [x64] HKLM\SOFTWARE\IDOT
[-] Key deleted: [x64] HKLM\SOFTWARE\AppApcVerifier
[-] Key deleted: [x64] HKLM\SOFTWARE\HDWallpaper
[-] Key deleted: [x64] HKLM\SOFTWARE\Microleaves
[-] Key deleted: [x64] HKLM\SOFTWARE\pcv-var
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\advancedpccare.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\coupontime.co
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\reimageplus.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\safefinder.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\search.safefinder.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.advancedpccare.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.reimageplus.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\advancedpccare.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\coupontime.co
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\foxi69.tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\reimageplus.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\safefinder.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\search.safefinder.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\tlscdn.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.advancedpccare.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.reimageplus.com
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [cpx]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [msrtn32]
[-] Value deleted: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [ProxyGate]
[-] Value deleted: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Interstatnogui]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]

***** [ Web browsers ] *****

[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: feed.sonic-search.com
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fdckocnfhibclnnkifmjbbogcfkbijki
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK6GX7xbIX0PZXZRWDoQSnAfe5vnZEiJbUwXH8iPFtDxlNg7052aYBp_GHtWsm3lM5aVk-yCpT1sgE4Rx4-UUEKGmMgCHap4OPTsSD68CGHe1Yw5mkta-U5RRakxS2H9zDZ7fUgSoQndSCdltBdi8,

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8557 Bytes] - [09/12/2016 12:03:04]
C:\AdwCleaner\AdwCleaner[S0].txt - [8203 Bytes] - [09/12/2016 12:01:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8703 Bytes] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 8.1 x64
Ran by Owner (Administrator) on Fri 12/09/2016 at 12:12:46.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 3

Successfully deleted: C:\Users\Owner\AppData\Local\{D6CEE075-F39C-8D03-98AA-AAD1447857EF} (Empty Folder)
Successfully deleted: C:\Users\Owner\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)

 

Registry: 3

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SWDUMon (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{57FB77C4-A0F7-457B-9310-661C01DC5DA7} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{57FB77C4-A0F7-457B-9310-661C01DC5DA7} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/09/2016 at 12:16:22.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Did you run Combofix, I noticed it was installed.

If so post the log file for Combofix. It should be at C:/combofix/Combofix.txt
  • 0

#7
christiety03

christiety03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

No, I cant seem to get it to run. Can you send me the download link and I will try to reinstall?


  • 1

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
It does not run on windows 8. Please do not employ combofix.


Download zoek.exe to your Desktop: http://hijackthis.nl/smeenk/

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe.
  • on Windows Vista, 7, 8 and 10 right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear.
  • copy/paste the entire script inside the codebox below into the input field of Zoek:

    createsrpoint;
    autoclean;
    emptyclsid;
    emptyffcache;
    FFdefaults;
    emptyiecache;
    iedefaults;
    emptychrcache;
    CHRdefaults;
    emptyalltemp;
    emptyfolderscheck;delete
    ipconfig /flushdns;b
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
    if a reboot is needed, the log will be opened after the reboot.

  • 0

#9
christiety03

christiety03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Owner on Fri 12/09/2016 at 12:48:47.02.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Owner\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12/9/2016 12:49:59 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Hamon deleted successfully
C:\PROGRA~2\miya deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\COMMON~1\VST3 deleted successfully
C:\Program Files\COMODO deleted successfully
C:\Program Files\Intel deleted successfully
C:\Program Files\Common Files\VST3 deleted successfully
C:\PROGRA~3\Lavasoft deleted successfully
C:\Users\Owner\AppData\Roaming\c deleted successfully
C:\Users\Owner\AppData\Roaming\hpqlog deleted successfully
C:\Users\Owner\AppData\Local\EmieSiteList deleted successfully
C:\Users\Owner\AppData\Local\EmieUserList deleted successfully
C:\Users\Owner\AppData\Local\pinger.com deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Hamon not found
C:\PROGRA~2\miya not found
C:\PROGRA~3\1481183384 deleted
C:\PROGRA~2\vShare Helper deleted
C:\PROGRA~3\{3A83B8C4-5F70-453E-A723-B5672F107885} deleted
C:\PROGRA~3\{6D7D6B2B-F420-4D47-A984-F9E6A638BF48} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Owner\AppData\Local\predicates.exe deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Owner\Documents\Updater deleted
"C:\windows\Installer\1de12.msi" deleted

==== Orphaned Tasks deleted from Registry ======================

{6E4B5402-0EA2-4EC4-ABF3-0C75AF0CE710} deleted
{D931BB62-284C-4134-B488-8FA65A801436} deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn" [08/16/2016 09:17 PM]

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
mikhcaiakabeeokmenglcdebplfdjicn - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx[07/18/2012 09:13 PM]

Chrome Media Router - Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"=""
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"=""

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.bing.com/...0TR&pc=HPNTDFJS
HKLM\SearchScopes\{57FB77C4-A0F7-457B-9310-661C01DC5DA7} - http://www.amazon.co...ds={searchTerms}
HKLM\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.co...54371-11896-2/4
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.bing.com/...0TR&pc=HPNTDFJS
HKLM\Wow6432Node\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.co...54371-11896-2/4
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.co...?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...0TR&pc=HPNTDFJS
HKCU\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} - http://www.bing.com/...=IESR02&pc=UE10
HKCU\SearchScopes\{4A4AC7EA-3F17-4748-AFCF-E8F9F2B747B4} - http://www.google.co...?q={searchTerms}
HKCU\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} - http://rover.ebay.co...54371-11896-2/4

==== Reset Google Chrome ======================

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2C0D8C2E79C150C439A9B5310AEF56C5 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2C0D8C2E79C150C439A9B5310AEF56C5 deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Owner\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=432 folders=99 214627469 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Owner\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Owner\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Fri 12/09/2016 at 13:16:40.92 ======================


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
One more Malware scan,
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • post the report to your reply
  • Close the program then click Close

  • 0

Advertisements


#11
christiety03

christiety03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Emsisoft Emergency Kit - Version 12.0
Last update: 12/9/2016 1:31:47 PM
User account: SMITH-PC\Owner
Computer name: SMITH-PC
OS version: Windows 8.1x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 12/9/2016 1:33:45 PM

Scanned 75458
Found 0

Scan end: 12/9/2016 1:38:11 PM
Scan time: 0:04:26


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,

On your desktop find FRST.txt and Additions.txt
Right click and delete them. So there is no confusion in posting the second set of logs.

Then

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#13
christiety03

christiety03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Owner (administrator) on SMITH-PC (09-12-2016 13:48:29)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\acrotray.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7539928 2014-02-09] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2807536 2014-01-07] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [flexi] => C:\Program Files (x86)\Undoes\low.exe [482304 2016-12-08] ()
HKLM\...\Run: [flexiflexi] => "C:\Program Files (x86)\Hamon\low.exe"
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [14688 2015-11-11] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25838592 2016-11-28] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe [1866936 2016-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [multipolar] => C:\Program Files (x86)\Undoes\low.exe [482304 2016-12-08] ()
HKLM-x32\...\Run: [multipolarmultipolar] => "C:\Program Files (x86)\Hamon\low.exe"
HKLM-x32\...\Run: [mapsgalaxy] => C:\Users\Owner\AppData\Local\Temp\7253453\ic-0.31ccf056389018.exe -start <===== ATTENTION
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [Chromium] => c:\users\owner\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9355480 2016-11-21] (Piriform Ltd)
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\AdobeCollabSync.exe [882872 2016-10-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [oniklo] => rundll32.exe "C:\Users\Owner\AppData\Local\oniklo.dll",oniklo <===== ATTENTION
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [stegmann] => C:\Program Files (x86)\Undoes\low.exe [482304 2016-12-08] ()
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [stegmannstegmann] => "C:\Program Files (x86)\Hamon\low.exe"
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [skoal] => C:\Program Files (x86)\Undoes\low.exe [482304 2016-12-08] ()
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [skoalskoal] => "C:\Program Files (x86)\Hamon\low.exe"
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [budged] => C:\Program Files (x86)\Undoes\low.exe [482304 2016-12-08] ()
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-12-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [stoning] => "C:\Program Files (x86)\miya\stoning.exe"
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2016-12-08] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2016-12-08] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lawson.lnk [2016-12-08]
ShortcutTarget: lawson.lnk -> C:\Program Files (x86)\Undoes\low.exe ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-09-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{11DB65DE-AFBA-496E-A7CE-E847599D81E4}: [DhcpNameServer] 168.94.0.14 168.94.0.15
Tcpip\..\Interfaces\{C98674E6-3F29-41E4-A7AD-DE21905D9A03}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {57FB77C4-A0F7-457B-9310-661C01DC5DA7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002 -> {4A4AC7EA-3F17-4748-AFCF-E8F9F2B747B4} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-15] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-15] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-15] (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-15] (Google Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn [2016-08-16]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll [2012-07-18] (Nuance Communications Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows ® Win 7 DDK provider) [File not signed]
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2016-10-30] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-16] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-11-28] (Dropbox, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-12-16] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-18] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-25] (Advanced Micro Devices)
S4 epp; C:\EEK\bin64\epp.sys [114968 2016-10-31] (Emsisoft Ltd)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-09] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-09] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-09] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2016-12-09] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2016-12-09] (Malwarebytes)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-12-16] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [29936 2014-01-07] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-01-07] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-09 13:48 - 2016-12-09 13:49 - 00027357 _____ C:\Users\Owner\Desktop\FRST.txt
2016-12-09 13:28 - 2016-12-09 13:47 - 00000000 ____D C:\EEK
2016-12-09 13:26 - 2016-12-09 13:27 - 267013568 _____ C:\Users\Owner\Downloads\EmsisoftEmergencyKit.exe
2016-12-09 13:14 - 2016-12-09 12:48 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-12-09 12:48 - 2016-12-09 13:10 - 00000000 ____D C:\zoek_backup
2016-12-09 12:16 - 2016-12-09 12:16 - 00001132 _____ C:\Users\Owner\Desktop\JRT.txt
2016-12-09 12:10 - 2016-12-09 12:10 - 01631928 _____ (Malwarebytes) C:\Users\Owner\Downloads\JRT.exe
2016-12-09 12:09 - 2016-12-09 12:09 - 00008894 _____ C:\Users\Owner\Desktop\AdwCleaner[C0].txt
2016-12-09 11:58 - 2016-12-09 12:03 - 00000000 ____D C:\AdwCleaner
2016-12-09 11:58 - 2016-12-09 11:58 - 03968464 _____ C:\Users\Owner\Downloads\adwcleaner_6.040.exe
2016-12-09 11:34 - 2016-12-09 11:34 - 00095874 _____ C:\Users\Owner\Desktop\Mbam report.txt
2016-12-09 11:23 - 2016-12-09 13:16 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-12-09 11:06 - 2016-12-09 13:16 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-09 11:06 - 2016-12-09 13:16 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-09 11:06 - 2016-12-09 11:06 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-09 11:05 - 2016-12-09 13:16 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-09 11:05 - 2016-12-09 13:16 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-09 11:05 - 2016-12-09 11:05 - 00001890 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-09 11:05 - 2016-12-09 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-09 11:05 - 2016-12-09 11:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-09 11:05 - 2016-12-09 11:05 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-09 11:05 - 2016-11-29 06:27 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-09 11:04 - 2016-12-09 11:04 - 51969976 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mb3-setup-consumer-3.0.4.1269.exe
2016-12-09 09:13 - 2016-12-09 09:13 - 00448512 _____ C:\Users\Owner\Desktop\TFC Log.txt
2016-12-08 21:52 - 2016-12-09 01:42 - 00000000 ____D C:\SUPERDelete
2016-12-08 21:51 - 2016-12-08 22:44 - 00000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9e88b202-93b7-4d8f-baa9-5d103a1f07d5.job
2016-12-08 21:51 - 2016-12-08 22:44 - 00000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7cc9fbc5-e185-437c-8b69-3724f3b45856.job
2016-12-08 21:51 - 2016-12-08 21:51 - 00003582 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 9e88b202-93b7-4d8f-baa9-5d103a1f07d5
2016-12-08 21:51 - 2016-12-08 21:51 - 00003500 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 7cc9fbc5-e185-437c-8b69-3724f3b45856
2016-12-08 21:50 - 2016-12-08 21:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2016-12-08 21:49 - 2016-12-08 21:50 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-12-08 21:49 - 2016-12-08 21:49 - 28595680 _____ (SUPERAntiSpyware) C:\Users\Owner\Desktop\SUPERAntiSpyware.exe
2016-12-08 21:49 - 2016-12-08 21:49 - 00001827 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-12-08 21:49 - 2016-12-08 21:49 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-12-08 21:49 - 2016-12-08 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-12-08 21:33 - 2016-12-08 21:33 - 00000000 ____D C:\Rem-VBSqt
2016-12-08 21:18 - 2016-12-08 21:18 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe
2016-12-08 21:13 - 2016-12-08 21:13 - 00050688 _____ (Atribune.org) C:\Users\Owner\Downloads\ATF-Cleaner.exe
2016-12-08 19:12 - 2016-12-08 19:12 - 00000000 ____D C:\Users\Owner\Downloads\FRST-OlderVersion
2016-12-08 18:47 - 2016-12-08 18:47 - 00003082 _____ C:\Windows\System32\Tasks\{3642E9CF-9229-4600-8FDA-2EFF27B0942C}
2016-12-08 09:26 - 2016-12-08 09:27 - 00000000 ____D C:\ProgramData\MAGIX
2016-12-08 03:02 - 2016-12-08 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-12-08 03:01 - 2016-12-08 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-12-08 03:00 - 2016-12-08 03:00 - 00000000 ____D C:\Windows\SysWOW64\sstmp
2016-12-08 03:00 - 2016-12-08 03:00 - 00000000 ____D C:\Windows\system32\sstmp
2016-12-08 03:00 - 2016-12-08 03:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2016-12-08 02:59 - 2016-12-08 02:59 - 07310848 _____ C:\Users\Owner\AppData\Roaming\agent.dat
2016-12-08 02:59 - 2016-12-08 02:59 - 00018432 _____ C:\Users\Owner\AppData\Roaming\Main.dat
2016-12-08 02:58 - 2016-12-08 02:58 - 00140288 _____ C:\Users\Owner\AppData\Roaming\Installer.dat
2016-12-08 02:52 - 2016-12-08 09:22 - 00000000 ____D C:\Windows\system32\SSL
2016-12-08 02:51 - 2016-12-08 02:51 - 00000003 _____ C:\Users\Owner\AppData\Local\run1.txt
2016-12-08 02:51 - 2016-12-08 02:51 - 00000000 ___HD C:\Program Files (x86)\Undoes
2016-12-08 02:49 - 2016-12-08 02:51 - 00000000 ____D C:\Users\Owner\AppData\Roaming\iZotope
2016-12-08 02:43 - 2016-12-08 09:27 - 00000000 ____D C:\ProgramData\VEGAS
2016-12-08 02:41 - 2016-12-08 02:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Sony
2016-12-08 02:38 - 2016-12-08 09:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\MAGIX
2016-12-08 02:38 - 2016-12-08 02:38 - 00000000 ____D C:\Users\Owner\Documents\MAGIX Downloads
2016-12-08 01:40 - 2016-12-08 09:26 - 00000000 ____D C:\Users\Owner\Documents\iZotope
2016-12-08 01:40 - 2016-12-08 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2016-12-08 01:40 - 2016-12-08 01:40 - 00000000 ____D C:\Program Files\Common Files\Avid
2016-12-08 01:10 - 2016-05-31 12:52 - 01431552 _____ (Propellerhead Software AB) C:\Windows\SysWOW64\ReWire.dll
2016-12-06 17:59 - 2016-12-06 17:59 - 02001079 _____ C:\Windows\97b4226e82053e864b386d56e6ff8b45.exe
2016-12-01 18:53 - 2016-12-01 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-29 13:06 - 2016-11-29 13:06 - 08995888 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup524_protrial.exe
2016-11-28 09:05 - 2016-11-28 09:05 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-11-28 09:05 - 2016-11-28 09:05 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-11-28 09:05 - 2016-11-28 09:05 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-11-28 09:05 - 2016-11-28 09:05 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-11-17 11:41 - 2016-11-17 11:42 - 128534041 _____ C:\Users\Owner\Downloads\HHID1992 (Bonus Track Edition) [320 kbps].zip
2016-11-17 11:33 - 2016-11-17 11:34 - 70451032 _____ C:\Users\Owner\Downloads\Travis Scott - Days Before Birds.zip
2016-11-17 11:24 - 2016-11-17 11:27 - 117515512 _____ C:\Users\Owner\Downloads\Jeezy_-_Trap_Or_Die_3_[iTunes][GangstaRapTalk.com] (1).zip
2016-11-17 11:16 - 2016-11-23 14:09 - 00000000 ____D C:\Users\Owner\Desktop\GoPro Stuff
2016-11-17 11:05 - 2016-11-17 11:06 - 137057942 _____ C:\Users\Owner\Downloads\Attack_The_Block-(DatPiff.com).zip
2016-11-17 11:05 - 2016-11-17 11:05 - 19516601 _____ C:\Users\Owner\Downloads\Free_Bricks_2_Zone_6_Edition-(DatPiff.com).zip
2016-11-17 11:04 - 2016-11-17 11:04 - 74215411 _____ C:\Users\Owner\Downloads\RARE-(DatPiff.com).zip
2016-11-17 10:59 - 2016-11-17 10:59 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2017.lnk
2016-11-17 10:54 - 2016-11-17 10:54 - 00001129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2017.lnk
2016-11-17 10:54 - 2016-11-17 10:54 - 00000000 ____D C:\Users\Public\Documents\Adobe
2016-11-17 10:52 - 2016-11-17 10:52 - 00000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2016-11-17 10:47 - 2016-11-17 10:47 - 00001176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-11-17 10:47 - 2016-11-17 10:47 - 00001164 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-09 13:48 - 2016-08-14 15:46 - 00000000 ____D C:\FRST
2016-12-09 13:24 - 2016-10-10 14:46 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-09 13:21 - 2013-08-26 01:09 - 00956540 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-09 13:21 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-12-09 13:19 - 2016-05-29 11:00 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-09 13:18 - 2016-05-07 15:06 - 00000000 ____D C:\Users\Owner\Documents\Youcam
2016-12-09 13:17 - 2016-09-20 16:10 - 00000000 ____D C:\Users\Owner\OneDrive
2016-12-09 13:16 - 2016-06-16 09:31 - 00000920 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-09 13:16 - 2016-05-29 11:00 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-09 13:16 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-09 13:10 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-12-09 13:10 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-12-09 12:51 - 2016-06-16 09:31 - 00000924 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-09 12:36 - 2016-09-08 08:09 - 00000000 ____D C:\Users\Owner\Desktop\Zachs Music
2016-12-09 11:49 - 2016-05-07 15:09 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1984768383-2945694233-2252105598-1002
2016-12-09 11:42 - 2016-07-12 23:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2016-12-09 11:36 - 2016-05-07 16:16 - 00000000 ____D C:\ProgramData\McAfee
2016-12-09 11:36 - 2016-05-07 16:16 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-12-09 11:35 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-12-09 11:23 - 2016-05-29 11:01 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-09 11:23 - 2016-05-29 11:01 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-09 11:23 - 2016-05-07 15:04 - 00001453 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-09 11:23 - 2013-09-30 17:49 - 00001602 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Control Zone (Touchpad Clickpad Trackpad Mouse).lnk
2016-12-09 11:19 - 2016-05-07 15:03 - 00000000 ____D C:\Users\Owner
2016-12-09 09:42 - 2016-05-09 13:22 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D7E6FA46-9960-47BE-8AE6-600DC20F6780}
2016-12-09 09:38 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-12-09 09:38 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-12-09 09:18 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2016-12-09 01:08 - 2016-05-07 16:13 - 00000000 ____D C:\ProgramData\TEMP
2016-12-08 23:34 - 2014-02-21 18:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-12-08 23:34 - 2014-02-21 18:48 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-12-08 19:18 - 2016-08-14 15:51 - 00043851 _____ C:\Users\Owner\Downloads\Addition.txt
2016-12-08 19:18 - 2016-08-14 15:47 - 00062824 _____ C:\Users\Owner\Downloads\FRST.txt
2016-12-08 19:12 - 2016-08-14 15:45 - 02420224 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-12-08 15:19 - 2013-08-22 08:25 - 00000187 _____ C:\Windows\win.ini
2016-12-08 15:15 - 2016-07-19 23:45 - 00000000 ___RD C:\Users\Owner\Creative Cloud Files
2016-12-08 15:15 - 2016-07-13 00:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-08 12:24 - 2016-05-07 15:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2016-12-08 11:27 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-12-08 10:13 - 2016-08-15 15:19 - 00000000 ____D C:\Program Files\CCleaner
2016-12-08 09:21 - 2014-02-21 18:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-12-08 09:18 - 2014-02-21 18:48 - 00000000 ____D C:\ProgramData\WildTangent
2016-12-01 18:53 - 2016-06-16 09:31 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-11-29 13:46 - 2016-06-16 09:31 - 00003896 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-29 13:46 - 2016-06-16 09:31 - 00003660 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-29 13:06 - 2016-08-15 15:19 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-27 19:00 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-18 22:27 - 2016-06-16 09:35 - 00000000 ___RD C:\Users\Owner\Dropbox
2016-11-18 22:26 - 2016-06-16 09:31 - 00000000 ____D C:\Users\Owner\AppData\Local\Dropbox
2016-11-17 14:13 - 2013-08-22 09:44 - 05154656 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-17 11:40 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-17 11:36 - 2014-02-21 18:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-17 11:09 - 2016-07-13 01:21 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-11-17 11:01 - 2016-07-13 01:21 - 00000000 ____D C:\Users\Owner\Documents\Adobe
2016-11-17 10:59 - 2016-09-14 02:17 - 00000000 ____D C:\Program Files\Adobe
2016-11-17 10:54 - 2016-09-14 02:19 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-11-17 10:47 - 2016-07-13 00:04 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-11-16 17:10 - 2016-05-29 11:29 - 00000000 ____D C:\Windows\system32\MRT
2016-11-16 17:04 - 2016-05-29 11:29 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-09 09:17 - 2016-08-15 16:51 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2016-12-08 02:59 - 2016-12-08 02:59 - 7310848 _____ () C:\Users\Owner\AppData\Roaming\agent.dat
2016-12-08 02:58 - 2016-12-08 02:58 - 0140288 _____ () C:\Users\Owner\AppData\Roaming\Installer.dat
2016-12-08 02:59 - 2016-12-08 02:59 - 0018432 _____ () C:\Users\Owner\AppData\Roaming\Main.dat
2016-12-08 02:51 - 2016-12-08 02:51 - 0000003 _____ () C:\Users\Owner\AppData\Local\run1.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-07 02:05

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Owner (09-12-2016 13:49:31)
Running from C:\Users\Owner\Desktop
Windows 8.1 (Update) (X64) (2016-05-07 20:02:51)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1984768383-2945694233-2252105598-500 - Administrator - Disabled)
Guest (S-1-5-21-1984768383-2945694233-2252105598-501 - Limited - Disabled)
Owner (S-1-5-21-1984768383-2945694233-2252105598-1002 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E0F06755100}) (Version: 15.006.30244 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{A3B31167-C1B8-416E-35E6-8966F355418C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4503 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3618 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.00.100 - Nuance Communications Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{0F475378-05E5-453D-99B3-CFB58218D5E9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{2C395A31-8A70-4C2E-893F-25CBF37394CC}) (Version: 7.4.50.10 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Malwarebytes version 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7426.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29074 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7171 - Realtek Semiconductor Corp.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.6.2 - Synaptics Incorporated)
SyncFileSetup (x86) (x32 Version: 1.2.5793.19891 - Western Digital Technologies, Inc) Hidden
vShare Helper (HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\vShare Helper) (Version: 1.1.5.3 - vShare.com Co.,LTD)
WD Access (HKLM-x32\...\{79f4d6a1-f721-43f9-8e15-19129edd8f19}) (Version: 1.1.5767.15076 - Western Digital Technologies, Inc.)
WD Access (x32 Version: 1.1.5767.15076 - Western Digital Technologies, Inc) Hidden
WD Sync (HKLM-x32\...\{f9386239-2d5b-4e8a-aec6-156c568155ec}) (Version: 1.2.5793.19891 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C0AFE69-CBEC-4B1B-BB10-1B52601155C5} - System32\Tasks\{3642E9CF-9229-4600-8FDA-2EFF27B0942C} => pcalua.exe -a C:\Users\Owner\AppData\Local\uninstallro.exe
Task: {107AD98D-398D-4B3F-B8A9-9012832AF621} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-07] (Synaptics Incorporated)
Task: {1AF79A0E-82C3-43B0-B7D7-4DBCEE8D271F} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-12-17] (CyberLink Corp.)
Task: {1CCF0303-2440-4B51-A8B2-436E7401FEAE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-12-16] (Hewlett-Packard Company)
Task: {1FB480B9-CD02-465F-A9D5-0F7B39026202} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {22443467-488E-4D81-BFB7-4FB11557BBD0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation)
Task: {27C0A64C-5098-4265-B2B5-5EF06A1C0B16} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {32561B9C-20BA-44D7-A678-502563E8BD10} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {3AF11470-D4A0-49CB-9FB5-0ADD62AF8642} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {4BB866E7-EF6F-43BB-87F2-F77CBA6FB163} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-12-16] (Hewlett-Packard Company)
Task: {5020EDD4-5533-463A-B48E-2942D1D9497E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {5770EB8F-26F2-405D-856A-705000B2253A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-16] (Dropbox, Inc.)
Task: {596BD565-EB0A-4160-887C-DFA4F858D072} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-16] (Dropbox, Inc.)
Task: {75ABC42D-8B96-46AC-8EF1-AD17F9401172} - System32\Tasks\SUPERAntiSpyware Scheduled Task 9e88b202-93b7-4d8f-baa9-5d103a1f07d5 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {903CCA55-9CB5-45AC-9F84-E672DE5C88D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {AA521709-0CAD-4B4B-A4E0-9D8081FE05CF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {BCDFEAAF-48F5-4670-9AA1-55159AFE8120} - System32\Tasks\AdobeAAMUpdater-1.0-Smith-PC-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {CD793485-2329-44B8-A2C0-63EAE70D2BAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {D13C9BBA-8A25-4A7B-96A7-21ACBDA80770} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {DE87D587-BE9D-43C4-B5FF-13876A6EE1D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-29] (Google Inc.)
Task: {DFB47F9D-6162-46A3-A38C-E0EB7F2FE586} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-29] (Google Inc.)
Task: {E29A640A-DD57-45D4-A39D-1B568D7D8CE5} - System32\Tasks\SUPERAntiSpyware Scheduled Task 7cc9fbc5-e185-437c-8b69-3724f3b45856 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {EDC5844A-1CA8-4F80-8A20-C1DE11C6A4FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {F18A7749-9AA2-4E4A-84D7-98EDDC6ED8E7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-21] (Piriform Ltd)
Task: {F9992C12-3ADF-4C3F-BC24-5AB1A54BAE02} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7cc9fbc5-e185-437c-8b69-3724f3b45856.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9e88b202-93b7-4d8f-baa9-5d103a1f07d5.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Owner\Desktop\WDMyCloud - Shortcut.lnk -> hxxp://10.0.0.10

==================== Loaded Modules (Whitelisted) ==============

2013-10-14 14:23 - 2013-10-14 14:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 14:24 - 2013-10-14 14:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 14:25 - 2013-10-14 14:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 14:35 - 2013-10-14 14:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 14:35 - 2013-10-14 14:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-12-11 17:11 - 2013-12-11 17:11 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-09 11:05 - 2016-11-29 06:27 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-12-09 11:05 - 2016-11-29 06:27 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-09 11:05 - 2016-11-29 06:27 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-28 11:40 - 2016-08-28 11:40 - 01864384 _____ () C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2013-10-14 14:30 - 2013-10-14 14:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2016-01-06 11:41 - 2016-01-06 11:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-12-09 11:05 - 2016-11-08 09:46 - 00693248 _____ () C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [132]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\sharepoint.com -> hxxps://mailirsc-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2016-12-08 02:51 - 00001046 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com
162.222.193.86       aoaomo.tremorhub.com
162.222.193.86       www.howcast.com
162.222.193.86       howcast.com
192.192.3.8       www.virustotal.com
192.192.3.8       virustotal.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "WDAppManager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{107B422A-D0AB-449F-A1AA-C817425F30A4}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ED88D1C7-C270-4D46-A4EF-5097B952B6ED}] => LPort=2869
FirewallRules: [{BFE52D7C-AE3A-4CFA-ABF5-CC7C43499C2F}] => LPort=1900
FirewallRules: [{663CF732-DD41-47C7-99BA-F0DA231DC35A}] => C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{D0965732-E040-4205-96DF-71DE67C04772}] => C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{2AFC2523-92B4-4881-A64B-37B3DF250EE3}] => %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{51C2F6A7-7307-4A96-A673-321E57FD7959}] => %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{BDEF92DD-2FEF-4BE2-8DBB-7082997619B0}] => %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{B15A4410-322D-44D8-BFE1-7F9FD7F0CC32}] => %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{D962882F-3580-435D-AF20-28684EE66874}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5B7927E7-8C97-4A5F-9FBF-2364891B75A7}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0BE510EE-C771-4B21-9EED-50215D0A5401}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F4578446-9999-4156-9C05-BB05CC6611CF}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BDE5C514-3F67-4F99-A26D-6F74ADA16B60}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4A023536-259E-4535-A346-29A1351C2882}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{49F45BF9-629E-4634-87FF-0206D8FD9562}] => C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{077D3B58-EBA6-4F9A-924B-38C6C73B77DC}] => C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{98CF36DD-002C-47D7-A6F3-8C22FA4848CF}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A102E186-3B3F-4C3E-87B0-B8C629C17894}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E290C894-FE29-48CD-85A6-051DB04E3913}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{ACB75E4F-A7CA-4AD4-A674-EC4D48074A29}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7A628478-0B7F-45F1-9DAF-B151105148E2}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{30F1077D-3FB0-42AF-B78E-6239A4FD0032}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6DB66054-D168-449B-8350-0C4A32EC1839}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E24190F6-F5ED-4A01-B9FD-05363F2FF108}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{9DC07A29-9B73-4858-80CC-9195BD9A9A57}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{BB396CE8-D628-4D41-88F0-AFEFA86700BB}] => C:\Windows\system32\rundll32.exe
FirewallRules: [{15917833-B7A8-4389-927C-B8A58886AFC7}] => C:\Users\Owner\AppData\Local\ddnow.exe
FirewallRules: [{F690E5B5-DE78-4E87-9380-E84090FCDB0A}] => C:\Users\Owner\AppData\Local\Temp\installer1.exe
FirewallRules: [{97F46F78-E874-42D0-A9C7-09F0C475D080}] => C:\Users\Owner\AppData\Local\29924446.exe
FirewallRules: [{F523302B-DA30-4609-8E55-12024C57BEAD}] => C:\Program Files (x86)\Undoes\low.exe
FirewallRules: [{4DFCDF10-4134-4F5C-9880-68BA6AF281DA}] => C:\Program Files (x86)\Hamon\low.exe

==================== Restore Points =========================

29-11-2016 14:29:18 Scheduled Checkpoint
07-12-2016 02:47:38 Scheduled Checkpoint
08-12-2016 09:15:45 Removed Traffic Exchange
09-12-2016 12:12:51 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2016 01:17:18 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Owner\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/09/2016 01:16:10 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/09/2016 12:07:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Owner\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/09/2016 12:05:10 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/09/2016 11:38:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Owner\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/09/2016 11:36:32 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/09/2016 11:33:18 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Error: (12/09/2016 11:32:20 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/09/2016 11:32:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (12/09/2016 11:17:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

System errors:
=============
Error: (12/09/2016 01:09:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/09/2016 01:09:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/09/2016 01:09:39 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/09/2016 01:09:39 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/09/2016 01:09:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (12/09/2016 12:03:11 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (12/09/2016 12:02:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/09/2016 12:02:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/09/2016 12:02:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/09/2016 12:02:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

==================== Memory info ===========================

Processor: AMD A10-5750M APU with Radeon™ HD Graphics
Percentage of memory in use: 38%
Total physical RAM: 5338.26 MB
Available physical RAM: 3277.68 MB
Total Virtual: 6234.26 MB
Available Virtual: 4221.53 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:902.06 GB) (Free:752.53 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:28.68 GB) (Free:3.04 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 99C3433D)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Thank you.

Take a break now. I need time to review the logs.

Get Notepad ready we will need it.

I go through the logs pull out the remaining left over malware, you copy the text to notepad, save as a fixlist, and run frst

Detail instructions will follow.

Thanks
Joe
  • 0

#15
christiety03

christiety03

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Ok, Thank you. I will be waiting for your next reply.


  • 0






Similar Topics


Also tagged with one or more of these keywords: virus, malware, spyware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP