Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pro PC Cleaner, Optimizer Pro, among others apparently


  • This topic is locked This topic is locked
45 replies to this topic

#1 LimeGreene

LimeGreene

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 20 May 2015 - 01:10 PM

I'm working on cleaning up a friend's laptop. I have got it 95% clean, but there are a couple of programs that won't uninstall. Usually I can delete them manually, but I've had trouble with that this time. I ran malware bytes first and seem to have removed most if not all of what it can detect at the moment. I also ran FARBAR and scanned with AdwCleaner. I would have simply hit clean on AdwCleaner, but there were an awful lot of registry entries and did not want to risk losing something vital. Here are the logs for both:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-05-2015
Ran by Don jar at 2015-05-20 06:02:43
Running from F:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3014910660-1131023439-13105803-500 - Administrator - Disabled)
Al (S-1-5-21-3014910660-1131023439-13105803-1002 - Administrator - Enabled) => C:\Users\Al
Don jar (S-1-5-21-3014910660-1131023439-13105803-1004 - Administrator - Enabled) => C:\Users\Don jar
Guest (S-1-5-21-3014910660-1131023439-13105803-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3014910660-1131023439-13105803-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{63ADEC24-A374-80A8-E89B-BE401C787F75}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version:  - )
AOL Toolbar (HKU\S-1-5-21-3014910660-1131023439-13105803-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\AOL Toolbar) (Version:  - )
AOL Toolbar (HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\AOL Toolbar) (Version:  - )
AOL Toolbar (HKU\S-1-5-21-3014910660-1131023439-13105803-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\AOL Toolbar) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.0 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
ClearCanvas SDK 2.0 SP1 (HKLM-x32\...\ClearCanvas SDK) (Version: 2.0 SP1 - ClearCanvas Inc)
ClearCanvas Workstation v7.1 Personal SP1 (HKLM\...\ClearCanvas Workstation Personal) (Version: 7.1 - ClearCanvas Inc)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Define Ext (HKU\S-1-5-21-3014910660-1131023439-13105803-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Define Ext) (Version: 8 - DefineExt.com) <==== ATTENTION
Definition Files (HKLM-x32\...\{D23D3D44-B021-4A21-BC55-3E212C7D8B2D}) (Version: 1.1.10 - DVTk)
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
DVTk DICOM Compare (HKLM-x32\...\{AC6ACC16-A85B-473E-ABAE-628750B9DD8B}) (Version: 3.0.3 - DVTk)
DVTk DICOM Editor (HKLM-x32\...\{2E5B8004-BC49-4FC9-8568-83F3DDE95FB4}) (Version: 3.2.6 - DVTk)
DVTk DICOM Network Analyzer (HKLM-x32\...\{C26644B3-3ADD-4A06-BFA2-DD562E4EE156}) (Version: 3.3.2 - DVTk)
DVTk DICOM Validation Tool (HKLM-x32\...\{7A7B4164-AFC7-4E7D-B54B-7EE5396D4F1E}) (Version: 2.6.8 - DVTk)
emgucv-windows-universal-gpu 2.4.9.1847 (HKLM-x32\...\emgucv-windows-universal-gpu 2.4.9.1847) (Version: 2.4.9.1847 - Emgu)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{32136776-FE3F-453D-80DA-CDD993BDB2A3}) (Version: 11.1.20810.00 - Microsoft Corporation)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
GDCM 2.2 (HKLM-x32\...\GDCM 2.2) (Version: 2.2.4 - GDCM)
GitHub (HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\5f7eb300e2ea4ebf) (Version: 1.0.52.0 - GitHub, Inc.)
GitHub (HKU\S-1-5-21-3014910660-1131023439-13105803-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\5f7eb300e2ea4ebf) (Version: 1.0.52.0 - GitHub, Inc.)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{D23CA718-0356-41F2-8E6A-B5C6CD383EF7}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
ImageJ 1.46r (HKLM\...\ImageJ_is1) (Version:  - NIH)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
LEADTOOLS Main EVAL 18 (HKLM-x32\...\{1111511B-A89A-4907-A9D4-BB302F744CDA}) (Version: 18 - LEAD Technologies, Inc.)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MATLAB R2011a Student Version (HKLM-x32\...\MatlabR2011a) (Version: 7.12 - The MathWorks, Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SharePoint Client Runtime (HKLM\...\{90140000-1013-0409-1000-0000000FF1CE}) (Version: 14.0.4763.1041 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows 8 - ENU (HKLM-x32\...\{b6391d7a-479c-494c-a76f-cad96a8a73ac}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.6.0.27 - Symantec Corporation)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.3.1.7 - PCUtilities Software Limited) <==== ATTENTION
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Price Check by AOL (HKLM-x32\...\Price Check by AOL) (Version: 1.11.2.1 - AOL Inc.)
Pro PC Cleaner (HKLM-x32\...\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}) (Version: 2.5.5 - Pro PC Cleaner)
Python 3.2 (64-bit) (HKLM\...\{b2042d5e-986d-44ec-aee3-afe4108ccc94}) (Version: 3.2.150 - Python Software Foundation)
Python 3.4.1 (64-bit) (HKLM\...\{d54842cb-f761-30ba-881f-1ff821dc44df}) (Version: 3.4.1150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Torch (HKU\S-1-5-21-3014910660-1131023439-13105803-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Torch) (Version: 25.0.0.3359 - Torch Media Inc.) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Viber (HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Viber) (Version: 4.4.0.134678 - Viber Media Inc)
Viber (HKU\S-1-5-21-3014910660-1131023439-13105803-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Viber) (Version: 4.4.0.134678 - Viber Media Inc)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

05-05-2015 10:33:19 Windows Update
08-05-2015 03:51:29 Restore Operation
08-05-2015 03:59:26 Restore Operation
08-05-2015 12:29:40 01-01-2015
08-05-2015 12:55:14 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2014-11-14 09:13 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0274F64C-0F77-429A-8344-20ABB2E239AB} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {156E68FC-8DCC-4AC5-B2B3-9FB00E70596C} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe [2014-07-14] () <==== ATTENTION
Task: {17161FAF-81F0-4AA4-A574-E940425E49CC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {186651F3-EC11-48D5-A352-1C9D3304D381} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-04-14] (Hewlett-Packard)
Task: {1CAA5E40-BB68-4FDC-BE44-A5ED165B6624} - \avaavaevy No Task File <==== ATTENTION
Task: {1E80C740-6D03-4020-9208-C086BC54215F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04] (Google Inc.)
Task: {1EF2E5B5-5B46-453C-9862-0CDC7DE97545} - \ec88b310-283a-49ba-8f48-ddf960946730-7 No Task File <==== ATTENTION
Task: {27E1953D-0946-4C3D-8460-72A3E00E4BA7} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3014910660-1131023439-13105803-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {29903F01-DD8B-47BB-9AA5-F76AE584E8BA} - System32\Tasks\DriverMgr => C:\Users\Don jar\AppData\Roaming\jellylam\rinti.exe
Task: {2C226E17-D2CC-4B41-B12C-9C7CC183A44A} - System32\Tasks\Installer_geforce => C:\Users\Don jar\AppData\Local\Installer\Installgeforce_13855\DCytdkietut_tutdk_setup.exe [2015-05-12] ()
Task: {2E76EC6F-9134-4254-A162-1AF643B147D1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {2FA469EB-AEC7-41DA-B4D0-9AD315C52A59} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04] (Google Inc.)
Task: {3887F5D7-5DAB-44D0-81B8-8991C590110D} - System32\Tasks\YRORXaf => C:\Users\Don jar\AppData\Roaming\YRORXaf.exe [2015-04-20] () <==== ATTENTION
Task: {3BD84F06-110B-49E8-AE60-39E1CA4A7DFF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {3CEB581D-E903-4D1D-9248-7DB90DC3357A} - \ec88b310-283a-49ba-8f48-ddf960946730-6 No Task File <==== ATTENTION
Task: {3D6100E1-2C67-4D9C-88C0-CCBF18F1685A} - \Runner IC No Task File <==== ATTENTION
Task: {3DD51972-B301-40FC-940C-8B6EB3327129} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {400A4604-516B-4393-937A-A23598A2DF9B} - \ec88b310-283a-49ba-8f48-ddf960946730-5_user No Task File <==== ATTENTION
Task: {44ABF6C9-8759-47D9-824E-055E8B9A6825} - \Microsoft\Windows\Maintenance\Update IC No Task File <==== ATTENTION
Task: {47BD9575-E487-4EDD-909A-1D1895247596} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3014910660-1131023439-13105803-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {4A58DF3B-E370-476A-9980-76E58F40C871} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4E7D827B-C22A-430F-B6BF-90A8754875AB} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.79\OptProLauncher.exe [2015-04-08] () <==== ATTENTION
Task: {5069719B-1001-47D7-93D0-A2DE44151959} - System32\Tasks\Convertor => C:\Users\Don jar\AppData\Roaming\Convertor\Convertor.exe [2015-05-12] ()
Task: {51F2DACB-9458-47AC-88BD-3D8A0C2DB1D0} - System32\Tasks\{74D68A33-85F6-4E3F-A53A-F8CF5382B326} => pcalua.exe -a "C:\Program Files (x86)\Optimizer Pro 3.79\unins000.exe" -c /VERYSILENT
Task: {54142CF2-C32B-415C-90F4-D63CBACDDC95} - System32\Tasks\4802 => Wscript.exe C:\Users\DONJAR~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {5821E818-AA94-4001-B2D1-B218711039EB} - System32\Tasks\WinKit => C:\Users\Don jar\AppData\Roaming\WinKit\Updater.exe
Task: {648B68FF-C2E2-4759-9983-C9725E98A48E} - System32\Tasks\{6A75455C-1015-4C3E-A357-2CE462FCA593} => pcalua.exe -a C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe -c /remove /q0
Task: {652F9A93-227C-4503-852A-C98B036DC168} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {66E7CC55-BF06-45EE-BE7B-2F7A6215EDB6} - System32\Tasks\Winsta Update => C:\Users\Don jar\AppData\Roaming\Winsta\Winsta.exe
Task: {67DB85DA-4F3D-4BEC-93CA-CF73F487A210} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {6BBD2703-5B3C-4D30-B074-FD990D569328} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {6CFF2523-ED43-4256-91F0-470D894F7D40} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2014-07-14] (Pro PC Cleaner) <==== ATTENTION
Task: {7301F8A1-84ED-452F-8988-4F1674EABFB0} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: {760BCD0C-BABD-4F8B-8120-6F17C8D4FA5A} - System32\Tasks\SPUVG => C:\ProgramData\634af84c257e446593c8317e01716daf\634af84c257e446593c8317e01716daf.exe [2015-04-23] ()
Task: {7F3FD28A-08C4-43E7-B43E-F874403B4838} - System32\Tasks\Installer_shopperpro => C:\Users\Don jar\AppData\Local\Installer\Installshopperpro_13855\DCytdkietut_tutdk_setup.exe [2015-05-12] () <==== ATTENTION
Task: {80E6F9EA-EAD1-4D46-92FA-5D8A655E7B68} - \ec88b310-283a-49ba-8f48-ddf960946730-1-6 No Task File <==== ATTENTION
Task: {812F2577-B3BF-4073-9A98-3941DBF0BA67} - \ec88b310-283a-49ba-8f48-ddf960946730-10_user No Task File <==== ATTENTION
Task: {835C0D88-C91A-40E7-BC4A-D6119C275D99} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {89154BD1-47E1-4ABC-B017-80A5B62A6FAD} - \ec88b310-283a-49ba-8f48-ddf960946730-3 No Task File <==== ATTENTION
Task: {92C49F25-802F-44AD-840D-36F9A1B38348} - System32\Tasks\tBWYNuSb4heDb4Ec => C:\Users\Don jar\AppData\Roaming\tBWYNuSb4heDb4Ec.exe [2015-04-20] () <==== ATTENTION
Task: {93BCBD40-F64D-432B-B635-ECD8B39C7536} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {95C2439F-0F58-4282-BC9E-EE1C2DA05F2C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {9748257F-1EA8-4795-9C15-7E9DF9CF997F} - \ec88b310-283a-49ba-8f48-ddf960946730-1-7 No Task File <==== ATTENTION
Task: {9942874D-B523-418F-8C1A-4B960F826CE0} - System32\Tasks\Inst_Rep => C:\Users\Don jar\AppData\Local\Installer\Install_14285\DCytdkietut_tutdk_setup.exe [2015-05-12] ()
Task: {9E597DE0-0BFF-4D67-8EFF-7D8C9C4B075B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {A216000C-66D3-4E66-8A6E-D98AB5762D3C} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {A5C9E74E-3B3F-4017-9D88-63BF4BE8BE5B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {ABC43152-9063-4DAB-AAAC-2FE725F46A23} - \avabvyxvdy No Task File <==== ATTENTION
Task: {ACCF12FE-3F11-46B6-9653-2E829969BFFF} - System32\Tasks\seajybw => C:\Users\Don jar\AppData\Roaming\seajybw.exe [2015-04-20] () <==== ATTENTION
Task: {C065DB66-3E23-4C5F-B77F-DCDED6651AED} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {C99719B4-7E0F-4D2F-82BC-66040CA76DEE} - System32\Tasks\SMWUpd => C:\Program Files\Common Files\Goobzo\GBUpdate\updater.exe <==== ATTENTION
Task: {CDBA6858-2F33-4A9F-8328-B63F38CCDB86} - \ec88b310-283a-49ba-8f48-ddf960946730-5 No Task File <==== ATTENTION
Task: {CE48689A-3AF2-400C-A6C0-582D572A91A0} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {D5E012B0-E17E-4CD2-AFB6-DCC36C5504D9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {D82E074F-7960-415C-8420-37988EEEF7AE} - \SMW_UpdateTask_Time_3731343435333631312d344a414155342a2a236c6c5a No Task File <==== ATTENTION
Task: {D939BEFE-2DD7-4C94-8687-D18F11C60B10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Pending HPSA Messages Reminder => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_toastNotify.exe [2014-10-21] (Hewlett-Packard)
Task: {DA0B15B9-D796-478A-ACC8-A89046070C98} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {E4FF68A6-3EEB-4539-B302-C5655F703DB7} - System32\Tasks\cLlbOgky8LYQzi => C:\Users\Don jar\AppData\Roaming\cLlbOgky8LYQzi.exe [2015-04-20] () <==== ATTENTION
Task: {E5760AC7-B955-460B-906D-00A1E08D839C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe [2014-12-06] (Symantec Corporation)
Task: {F0E09B09-C2E2-4BFE-B2B9-3264F3759177} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {F7876E5D-2BBB-40A5-9D8D-15125609480E} - \ec88b310-283a-49ba-8f48-ddf960946730-11 No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\cLlbOgky8LYQzi.job => C:\Users\Don jar\AppData\Roaming\cLlbOgky8LYQzi.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\seajybw.job => C:\Users\Don jar\AppData\Roaming\seajybw.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SMW_UpdateTask_Time_3731343435333631312d344a414155342a2a236c6c5a.job => C:\ProgramData\SearchModule\smhe.js smu.exe
Task: C:\WINDOWS\Tasks\tBWYNuSb4heDb4Ec.job => C:\Users\Don jar\AppData\Roaming\tBWYNuSb4heDb4Ec.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Ws2tp6KnecTD1Z6kFk5NXwNTI0t.job => C:\Users\Don jar\AppData\Roaming\Ws2tp6KnecTD1Z6kFk5NXwNTI0t.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\YRORXaf.job => C:\Users\Don jar\AppData\Roaming\YRORXaf.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3014910660-1131023439-13105803-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
HKU\S-1-5-21-3014910660-1131023439-13105803-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_2C911586514EF5679BBFB67D4C954E36"
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\StartupApproved\Run: => "Optimizer Pro"
HKU\S-1-5-21-3014910660-1131023439-13105803-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "hqghumeaylnlf.lnk"
HKU\S-1-5-21-3014910660-1131023439-13105803-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_2C911586514EF5679BBFB67D4C954E36"
HKU\S-1-5-21-3014910660-1131023439-13105803-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Optimizer Pro"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{4E7DD041-D16E-4B4C-A525-4BFED2A1F754}C:\users\don jar\appdata\local\torch\application\torch.exe] => (Block) C:\users\don jar\appdata\local\torch\application\torch.exe
FirewallRules: [TCP Query User{31C20DCB-C3BC-4176-A39D-66AC5E017F81}C:\users\don jar\appdata\local\torch\application\torch.exe] => (Block) C:\users\don jar\appdata\local\torch\application\torch.exe
FirewallRules: [{32670CBC-4786-4E34-9C60-172F8FC97296}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{87BDA44B-E9D7-4424-9466-673B26C96CDD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{51B7975E-A316-4349-BCFE-D410A7B97215}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{296BD430-6612-4845-883E-2C4A3A158428}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{E2C1F8E9-B5DF-48DD-9C78-726333A7031D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{DCE91220-0BE4-4EDD-91CA-9597503A1930}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{5093C123-0B51-4FD7-9C78-F30087AA3CD1}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{FB2D6A38-D9F2-46A6-B09D-300514249195}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{794FA387-1B03-4690-89A5-EE15CB0CC935}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E02BF3FD-FEA5-4F3E-9AAB-8439261A467D}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{DB1B9F45-89A2-401D-AE46-41AE61315477}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\VSWinExpress.exe
FirewallRules: [UDP Query User{289C5D0B-495A-4FD3-893E-0BD6A87A8F54}C:\program files\imagej\jre\bin\javaw.exe] => (Block) C:\program files\imagej\jre\bin\javaw.exe
FirewallRules: [TCP Query User{91550EB4-9EC5-47E3-9F02-CBF66DFC6F2E}C:\program files\imagej\jre\bin\javaw.exe] => (Block) C:\program files\imagej\jre\bin\javaw.exe
FirewallRules: [UDP Query User{410799CE-9A53-41FC-8B5E-361313577371}C:\program files\imagej\jre\bin\javaw.exe] => (Allow) C:\program files\imagej\jre\bin\javaw.exe
FirewallRules: [TCP Query User{BE82B833-DE9B-46EF-AEBB-013E0C9FD1FE}C:\program files\imagej\jre\bin\javaw.exe] => (Allow) C:\program files\imagej\jre\bin\javaw.exe
FirewallRules: [{67ECE87C-A172-4B1E-9875-984298067881}] => (Allow) C:\Users\Don jar\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe
FirewallRules: [{67984994-4A2A-4F11-B54B-C6136B23D46F}] => (Allow) C:\Windows\system32\dleacoms.exe
FirewallRules: [{505203DC-D379-40CD-A612-D7DBE7B66B86}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2BBD93B9-1ABD-497E-8927-EB160AA013DC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B8656BEB-6ED4-4A8F-B909-F125EBEE4689}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{85A6B458-361D-41D0-8D7D-810B17B8FDC1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9714E5E9-1FC3-4D07-8857-4AFFA125A334}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{51D9E665-683E-4856-ADC8-D9292260C609}] => (Allow) LPort=1900
FirewallRules: [{6B288D59-35D7-4560-8063-5E2D274490CA}] => (Allow) LPort=2869
FirewallRules: [{F567D314-85D4-42BF-9EEB-A84F29E00BEE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{855F08EE-1F16-4FA9-BD36-792976975AE4}] => (Allow) C:\Program Files (x86)\Bench\Proxy\proc.exe
FirewallRules: [{31D39F57-34BC-49BB-A1B3-12997C686034}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe
FirewallRules: [{0E2EB0A0-E6B1-424D-9335-40CC851143F3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{A56CA6C8-AFF6-4305-AD4E-07279EE09A02}C:\users\don jar\appdata\local\torch\plugins\hola\hola_plugin_x64.exe] => (Block) C:\users\don jar\appdata\local\torch\plugins\hola\hola_plugin_x64.exe
FirewallRules: [UDP Query User{E067EEF6-42EA-414F-B8F1-988999B3451A}C:\users\don jar\appdata\local\torch\plugins\hola\hola_plugin_x64.exe] => (Block) C:\users\don jar\appdata\local\torch\plugins\hola\hola_plugin_x64.exe
FirewallRules: [TCP Query User{59981311-5BDA-4409-9A0A-04ABA6B11C9D}C:\users\don jar\appdata\local\torch\application\torch.exe] => (Block) C:\users\don jar\appdata\local\torch\application\torch.exe
FirewallRules: [UDP Query User{D95D1CE4-EC8B-4083-B9B8-ACC40B6C9069}C:\users\don jar\appdata\local\torch\application\torch.exe] => (Block) C:\users\don jar\appdata\local\torch\application\torch.exe
FirewallRules: [{19EB0AAE-14D3-40D4-8E47-0E86912BEE1A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A6883D06-D5EB-40C9-94D5-8CD28E067A87}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{816F2763-F282-490E-8C08-725EE7F76135}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2015 06:02:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/20/2015 06:02:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/20/2015 05:09:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/20/2015 05:09:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/20/2015 04:01:38 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/20/2015 04:01:38 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/18/2015 04:56:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/18/2015 04:56:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/18/2015 03:19:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/18/2015 03:13:55 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (05/20/2015 06:02:44 AM) (Source: DCOM) (EventID: 10005) (User: Alstation)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/20/2015 06:02:44 AM) (Source: DCOM) (EventID: 10005) (User: Alstation)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/20/2015 06:00:07 AM) (Source: DCOM) (EventID: 10005) (User: Alstation)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/20/2015 06:00:07 AM) (Source: DCOM) (EventID: 10005) (User: Alstation)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/20/2015 06:00:07 AM) (Source: DCOM) (EventID: 10005) (User: Alstation)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/20/2015 06:00:01 AM) (Source: DCOM) (EventID: 10005) (User: Alstation)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/20/2015 06:00:01 AM) (Source: DCOM) (EventID: 10005) (User: Alstation)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/20/2015 06:00:01 AM) (Source: DCOM) (EventID: 10005) (User: Alstation)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/20/2015 06:00:01 AM) (Source: DCOM) (EventID: 10005) (User: Alstation)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/20/2015 06:00:01 AM) (Source: DCOM) (EventID: 10005) (User: Alstation)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 28%
Total physical RAM: 3682.26 MB
Available physical RAM: 2625.04 MB
Total Pagefile: 4514.26 MB
Available Pagefile: 3540.88 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:276.36 GB) (Free:189.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.52 GB) (Free:2.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Mitra) (CDROM) (Total:0.03 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:7.39 GB) (Free:7.2 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: C2C9F703)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

And for AdwCleaner:

 

# AdwCleaner v4.204 - Logfile created 20/05/2015 at 06:06:04
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Don jar - ALSTATION
# Running from : F:\adwcleaner_4.204.exe
# Option : Scan

***** [ Services ] *****

Service Found : netfilter64
Service Found : YahooAUService
Service Found : CoupoonService64
Service Found : innfd_1_10_0_14

***** [ Files / Folders ] *****

File Found : C:\Program Files\Common Files\System\SysMenu.dll
File Found : C:\Program Files\Common Files\System\SysMenu64.dll
File Found : C:\Users\Al\Desktop\PepperZip.lnk
File Found : C:\Users\Don jar\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js
File Found : C:\WINDOWS\Reimage.ini
File Found : C:\WINDOWS\System32\29xyOff.ini
File Found : C:\WINDOWS\System32\drivers\netfilter64.sys
File Found : C:\WINDOWS\System32\drivers\scjrtr.sys
File Found : C:\WINDOWS\System32\drivers\SPPD.sys
File Found : C:\WINDOWS\System32\Gambali64.dll
File Found : C:\WINDOWS\System32\scxy64.dll
File Found : C:\WINDOWS\SysWOW64\29xyOff.ini
File Found : C:\WINDOWS\SysWOW64\Gambali.dll
File Found : C:\WINDOWS\SysWOW64\scxy.dll
Folder Found : C:\Program Files (x86)\AOL Toolbar
Folder Found : C:\Program Files (x86)\AVG Security Toolbar
Folder Found : C:\Program Files (x86)\Bench
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Convertor
Folder Found : C:\Program Files (x86)\coupoon
Folder Found : C:\Program Files (x86)\Coupoon
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\Optimizer Pro 3.79
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\Run_Dregol
Folder Found : C:\Program Files (x86)\tuguu sl
Folder Found : C:\Program Files (x86)\Winsta
Folder Found : C:\Program Files (x86)\Zoom Downloader
Folder Found : C:\Program Files\Coupoon
Folder Found : C:\Program Files\coupoon
Folder Found : C:\ProgramData\{92b63194-ec53-2f78-92b6-63194ec5c653}
Folder Found : C:\ProgramData\{d6700cc6-1689-4a8e-d670-00cc61683318}
Folder Found : C:\ProgramData\484c88ed00005f64
Folder Found : C:\ProgramData\AOL Toolbar
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Found : C:\ProgramData\RightClick
Folder Found : C:\ProgramData\SearchModulePlus
Folder Found : C:\ProgramData\SoftSafe
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\Users\Don jar\AppData\Local\12796BCE-1426123263-9D39-F953-74FFC26B80C5
Folder Found : C:\Users\Don jar\AppData\Local\12796BCE-1429872190-9D39-F953-74FFC26B80C5
Folder Found : C:\Users\Don jar\AppData\Local\12796BCE-1431056029-9D39-F953-74FFC26B80C5
Folder Found : C:\Users\Don jar\AppData\Local\AOL Toolbar
Folder Found : C:\Users\Don jar\AppData\Local\BrowserHelper
Folder Found : C:\Users\Don jar\AppData\Local\Conduit
Folder Found : C:\Users\Don jar\AppData\Local\DefineExt
Folder Found : C:\Users\Don jar\AppData\Local\Games Bot
Folder Found : C:\Users\Don jar\AppData\Local\globalUpdate
Folder Found : C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc
Folder Found : C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko
Folder Found : C:\Users\Don jar\AppData\Local\SwvUpdater
Folder Found : C:\Users\Don jar\AppData\Local\Zoom_Downloader
Folder Found : C:\Users\Don jar\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Found : C:\Users\Don jar\AppData\LocalLow\Browse2Save
Folder Found : C:\Users\Don jar\AppData\LocalLow\Conduit
Folder Found : C:\Users\Don jar\AppData\LocalLow\visi_coupon
Folder Found : C:\Users\Don jar\AppData\LocalLow\WebProtector
Folder Found : C:\Users\Don jar\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Don jar\AppData\LocalLow\YahooCouponAddOn
Folder Found : C:\Users\Don jar\AppData\Roaming\Convertor
Folder Found : C:\Users\Don jar\AppData\Roaming\Max Computer Cleaner
Folder Found : C:\Users\Don jar\AppData\Roaming\NCdownloader
Folder Found : C:\Users\Don jar\AppData\Roaming\Run_Dregol
Folder Found : C:\Users\Don jar\AppData\Roaming\Store
Folder Found : C:\Users\Don jar\AppData\Roaming\WebExtend
Folder Found : C:\Users\Don jar\AppData\Roaming\Winsta
Folder Found : C:\Users\Don jar\AppData\Roaming\WTools
Folder Found : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\SearchProtect

***** [ Scheduled tasks ] *****

Task Found : Convertor
Task Found : Crossbrowse
Task Found : globalUpdateUpdateTaskMachineCore
Task Found : globalUpdateUpdateTaskMachineUA
Task Found : Inst_Rep
Task Found : LaunchSignup
Task Found : Optimizer Pro Schedule
Task Found : WinKit
Task Found : LaunchPreSignup
Task Found : avabvyxvdy
Task Found : Winsta Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:63868;hxxps=127.0.0.1:63868
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\ArenaHD
Key Found : HKCU\Software\Classes\PepperZip
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cores
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Crossbrowse
Key Found : HKCU\Software\Define Ext
Key Found : HKCU\Software\GAMESDESKTOP
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Google\Chrome\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko
Key Found : HKCU\Software\HighDefAction
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3AF89E67-E2A8-4CA4-BEB6-FCB21AC896A3}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A19A3D5-DEBA-4C7F-AB9C-70182814A2A7}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\Reimage
Key Found : HKCU\Software\SearchModulePlus
Key Found : HKCU\Software\Store
Key Found : HKCU\Software\Super Optimizer
Key Found : HKCU\Software\torch
Key Found : HKCU\Software\UpdateFiles
Key Found : HKCU\Software\WTools
Key Found : HKCU\Software\YorkNewCin
Key Found : [x64] HKCU\Software\ArenaHD
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Cores
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\Crossbrowse
Key Found : [x64] HKCU\Software\Define Ext
Key Found : [x64] HKCU\Software\GAMESDESKTOP
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\HighDefAction
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3AF89E67-E2A8-4CA4-BEB6-FCB21AC896A3}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A19A3D5-DEBA-4C7F-AB9C-70182814A2A7}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\Reimage
Key Found : [x64] HKCU\Software\SearchModulePlus
Key Found : [x64] HKCU\Software\Store
Key Found : [x64] HKCU\Software\Super Optimizer
Key Found : [x64] HKCU\Software\torch
Key Found : [x64] HKCU\Software\UpdateFiles
Key Found : [x64] HKCU\Software\WTools
Key Found : [x64] HKCU\Software\YorkNewCin
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\78dedea9-429b-e3da-bb8d-fb2336852f5f
Key Found : HKLM\SOFTWARE\ArenaHD
Key Found : HKLM\SOFTWARE\b7bd590d-c0b5-497b-a1b4-10b6301f4944
Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\4270603C7CA6FEB45B61F4B6D10988D7
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\4270603C7CA6FEB45B61F4B6D10988D7
Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287819
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\coupoon
Key Found : HKLM\SOFTWARE\Coupoon
Key Found : HKLM\SOFTWARE\Crossbrowse
Key Found : HKLM\SOFTWARE\dd37c962-12ae-494c-aec5-25a6dd56e998
Key Found : HKLM\SOFTWARE\Define Ext
Key Found : HKLM\SOFTWARE\firstsearch
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\SOFTWARE\HighDefAction
Key Found : HKLM\SOFTWARE\LookSafe
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404C-B74F-50526718257D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A7B4164-AFC7-4E7D-B54B-7EE5396D4F1E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKLM\SOFTWARE\ORBTR
Key Found : HKLM\SOFTWARE\SearchModule
Key Found : HKLM\SOFTWARE\SProtector
Key Found : HKLM\SOFTWARE\torch
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\WebProtector
Key Found : HKLM\SOFTWARE\weDownload
Key Found : HKLM\SOFTWARE\YorkNewCin
Key Found : [x64] HKLM\SOFTWARE\ArenaHD
Key Found : [x64] HKLM\SOFTWARE\BubbleSound
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{04C7D782-D896-4B7C-8216-5A7AE5DC7736}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31AA0616-1339-48A7-9AC1-6129D6B4A1FE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5C37FA58-CD9E-42FD-B395-FDA1A84C4369}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7787831C-551E-4FF5-9C6A-A5684183EB3F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9DAD1C60-3749-44D6-86B6-A5F5C573C350}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A6EE8EFB-0085-4B8A-871F-96DF2BC0D180}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AD8140BF-6355-4051-A0B1-2E69C0FF765C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2572374-DE97-4360-8F70-C7C4B281EA9E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B4D03774-A43E-4A12-94F2-2AEF5AC4E945}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D3FC56E7-BB9F-4281-B8BE-5CFF5F65C1DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D7D7E6DA-A99C-4E09-BDCC-4509E669A95C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EDA21FDA-6107-43FA-A938-959955ADF842}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCF8D7AC-579A-4023-94C9-F15342FACBBA}
Key Found : [x64] HKLM\SOFTWARE\coupoon
Key Found : [x64] HKLM\SOFTWARE\Coupoon
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc
Key Found : [x64] HKLM\SOFTWARE\HighDefAction
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404C-B74F-50526718257D}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4270603C7CA6FEB45B61F4B6D10988D7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : [x64] HKLM\SOFTWARE\Reimage
Key Found : [x64] HKLM\SOFTWARE\SearchModule
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Key Found : [x64] HKLM\SOFTWARE\WebBar
Key Found : [x64] HKLM\SOFTWARE\YorkNewCin
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DownloadManager]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Value Found : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://tikotin.com

-\\ Mozilla Firefox v


-\\ Google Chrome v42.0.2311.135

[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ch-webpickaol-chromesbox-en-us&tb_uuid=20120510100428299&tb_oid=10-05-2012&tb_mrud=10-05-2012
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www-searching.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}&s=F4Uzbuzdk00CN1,ef599be9-b90d-4e03-921e-c16c8e4fea39,
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3334303&octid=EB_ORIGINAL_CTID&ISID=MC057788D-4877-4320-977C-E9547FD17DFB&SearchSource=58&CUI=&UM=8&UP=SPD8C54462-089E-4BFB-A90F-BAA3888448D8&D=051315&q={searchTerms}&SSPV=
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : kfecnpmgnlnbmipaogfhoacoioifjgko
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : bejnhdlplbjhffionohbdnpcbobfejcc
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3334303&octid=EB_ORIGINAL_CTID&ISID=MC057788D-4877-4320-977C-E9547FD17DFB&SearchSource=55&CUI=&UM=8&UP=SPD8C54462-089E-4BFB-A90F-BAA3888448D8&D=051315&SSPV=
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : hxxp://www.trovi.com/?gd=&ctid=CT3334303&octid=EB_ORIGINAL_CTID&ISID=MC057788D-4877-4320-977C-E9547FD17DFB&SearchSource=55&CUI=&UM=8&UP=SPD8C54462-089E-4BFB-A90F-BAA3888448D8&D=051315&SSPV=
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Default_Search_Provider_Data] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3334303&octid=EB_ORIGINAL_CTID&ISID=MC057788D-4877-4320-977C-E9547FD17DFB&SearchSource=58&CUI=&UM=8&UP=SPD8C54462-089E-4BFB-A90F-BAA3888448D8&D=051315&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [29124 bytes] - [20/05/2015 04:01:41]
AdwCleaner[R1].txt - [28740 bytes] - [20/05/2015 06:06:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [28800 bytes] ##########
 

 

 



BC AdBot (Login to Remove)

 


#2 LimeGreene

LimeGreene
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 20 May 2015 - 01:41 PM

If I've exposed any info you consider sensitive, please let me know.



#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:22 PM

Posted 20 May 2015 - 03:23 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
The FRST.txt is missing. Please re-run FRST.

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 LimeGreene

LimeGreene
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 20 May 2015 - 11:09 PM

I posted the FRST scan in my first reply. I'm posting it here again, making sure I used administrator level execution in this second scan.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Don jar (administrator) on ALSTATION on 21-05-2015 00:02:19
Running from F:\
Loaded Profiles: Don jar (Available profiles: Al & Don jar)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-29] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Zoom Downloader Uninstall] => cmd /C rd /Q /S "C:\Program Files (x86)\Zoom Downloader"
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [GoogleChromeAutoLaunch_2C911586514EF5679BBFB67D4C954E36] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-27] (Google Inc.)
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [DownloadManager] => "C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe" /as
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-07-11] (Google Inc.)
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [Viber] => C:\Users\Don jar\AppData\Local\Viber\Viber.exe [936656 2014-10-20] ()
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.79\OptProLauncher.exe [148008 2015-04-08] ()
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\MountPoints2: E - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\media/index.htm
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\MountPoints2: {5d6ed02c-ef1f-11e1-be71-806e6f6e6963} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\media/index.htm
Startup: C:\Users\Don jar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-14]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{92b63194-ec53-2f78-92b6-63194ec5c653}\hqghumeaylnlf.exe (Super PC Tools Ltd)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:63868;https=127.0.0.1:63868
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tikotin.com
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT13/1
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKLM-x32 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
URLSearchHook: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
URLSearchHook: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_40_ie&cd=2XzuyEtN2Y1L1Qzu0Czz0C0B0BzztDtDzytAyByBtAyEyD0FtN0D0Tzu0StCtDtDyDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDtD0EzyyCtByCyBtGyB0DtCzztG0A0AyC0DtG0B0D0FtBtGyByCtCtA0E0CtAyDyE0B0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AtA0F0DyC0AyDtGyC0BtCyCtGyE0FtCyDtG0B0EyBzztG0C0FyD0B0AyByEtD0CtAzz0D2Q&cr=1274576162&ir=
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=webpickaol-ie&s_qt=sb&tb_uuid=20130205101400406&tb_oid=05-02-2013
&tb_mrud=05-02-2013

SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3326306&octid=EB_ORIGINAL_CTID&ISID=M9312B3A3-89EA-4E98-BC5E-AD61B7054055&SearchSource=58&CUI=&UM=8&UP=SPFAF02F01-1D15-4EF8-9DA9-FFBD953596F5&q={searchTerms}&D=031215&SSPV=
SearchScopes: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3326306&octid=EB_ORIGINAL_CTID&ISID=M9312B3A3-89EA-4E98-BC5E-AD61B7054055&SearchSource=58&CUI=&UM=8&UP=SPFAF02F01-1D15-4EF8-9DA9-FFBD953596F5&q={searchTerms}&D=031215&SSPV=
SearchScopes: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> {3AF89E67-E2A8-4CA4-BEB6-FCB21AC896A3} URL = http://search.conduit.com/Results.aspx?ctid=CT3300032&SearchSource=45&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=webpickaol-ie&s_qt=sb&tb_uuid=20130205101400406&tb_oid=05-02-2013
&tb_mrud=05-02-2013

SearchScopes: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> {6A19A3D5-DEBA-4C7F-AB9C-70182814A2A7} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN39809364871265927&UM=2&SSPV=TB_C3
SearchScopes: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_40_ie&cd=2XzuyEtN2Y1L1Qzu0Czz0C0B0BzztDtDzytAyByBtAyEyD0FtN0D0Tzu0StCtDtDyDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyDtD0EzyyCtByCyBtGyB0DtCzztG0A0AyC0DtG0B0D0FtBtGyByCtCtA0E0CtAyDyE0B0B0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0AtA0F0DyC0AyDtGyC0BtCyCtGyE0FtCyDtG0B0EyBzztG0C0FyD0B0AyByEtD0CtAzz0D2Q&cr=1274576162&ir=
SearchScopes: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: No Name -> {5081D2D4-1637-404c-B74F-50526718257D} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Users\Don jar\Desktop\bin\ssv.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Users\Don jar\Desktop\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2015-01-19] (Yahoo! Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll [2012-12-18] (AOL Inc.)
BHO-x32: No Name -> {5081D2D4-1637-404c-B74F-50526718257D} ->  No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Price Check by AOL -> {D25B97E9-62B2-40CE-BECF-E43A7B879072} -> C:\Program Files (x86)\Price Check by AOL\aolpricecheck.dll [2012-09-04] (AOL Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll [2012-12-18] (AOL Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2015-01-19] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
Toolbar: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> No Name - {00000000-0000-0000-0000-000000000000} -  No File
Toolbar: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Users\Don jar\Desktop\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Users\Don jar\Desktop\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-07-11]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3334303&octid=EB_ORIGINAL_CTID&ISID=MC057788D-4877-4320-977C-E9547FD17DFB&SearchSource=55&CUI=&UM=8&UP=SPD8C54462-089E-4BFB-A90F-BAA3888448D8&D=051315&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3334303&octid=EB_ORIGINAL_CTID&ISID=MC057788D-4877-4320-977C-E9547FD17DFB&SearchSource=55&CUI=&UM=8&UP=SPD8C54462-089E-4BFB-A90F-BAA3888448D8&D=051315&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&ctid=CT3334303&octid=EB_ORIGINAL_CTID&ISID=MC057788D-4877-4320-977C-E9547FD17DFB&SearchSource=58&CUI=&UM=8&UP=SPD8C54462-089E-4BFB-A90F-BAA3888448D8&D=051315&q={searchTerms}&SSPV=
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3334303&octid=EB_ORIGINAL_CTID&ISID=MC057788D-4877-4320-977C-E9547FD17DFB&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=8&UP=SPD8C54462-089E-4BFB-A90F-BAA3888448D8&SAT=CNTS&D=051315
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-13]
CHR Extension: (Google Docs) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-13]
CHR Extension: (Google Drive) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-05-13]
CHR Extension: (YouTube) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-13]
CHR Extension: (Google Search) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-13]
CHR Extension: (Google Sheets) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-13]
CHR Extension: (Bookmark Manager) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (RealDownloader) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-05-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-13]
CHR Extension: (WebProtector) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko [2015-05-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-13]
CHR Extension: (Google Wallet) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-15]
CHR Extension: (Gmail) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3014910660-1131023439-13105803-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\DONJAR~1\AppData\Local\Google\Drive\APDFLL~1.CRX [2013-06-22]
CHR HKU\S-1-5-21-3014910660-1131023439-13105803-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3014910660-1131023439-13105803-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2013-03-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S2 bexoruqe; C:\Users\Don jar\AppData\Roaming\12796BCE-1429872125-9D39-F953-74FFC26B80C5\nsw1961.tmp [163840 2015-05-12] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
S2 ClearCanvas Workstation ShredHost Service; C:\Program Files\ClearCanvas\ClearCanvas Workstation\ClearCanvas.Server.ShredHostService.exe [9216 2013-03-19] (ClearCanvas Inc.) [File not signed]
S2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-02] ()
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S2 mojufili; C:\Users\Don jar\AppData\Roaming\12796BCE-1429872125-9D39-F953-74FFC26B80C5\jnsy4005.tmp [122368 2015-04-24] () [File not signed]
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [59496 2015-04-07] (Ninja Soft Inc.)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-05-12] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-28] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 corozylo; C:\Users\Don jar\AppData\Roaming\VOPackage\JOSrv.exe [X]
S2 ryqofisu; C:\Users\Don jar\AppData\Roaming\VOPackage\nsoFA91.tmpfs [X]
S2 Util PathMaxx; "C:\Program Files (x86)\PathMaxx\bin\utilPathMaxx.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-11-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-04-27] (Symantec Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2015-04-02] (NetFilterSDK.com)
S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-10] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-10] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 06:00 - 2015-05-21 00:02 - 00000000 ____D () C:\FRST
2015-05-20 04:01 - 2015-05-20 06:07 - 00000000 ____D () C:\AdwCleaner
2015-05-18 04:50 - 2015-05-18 04:50 - 00002116 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-18 02:04 - 2015-05-18 02:04 - 00386293 _____ () C:\MBAM quarantine file.txt
2015-05-18 00:46 - 2015-05-20 05:23 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 00:45 - 2015-05-18 00:45 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-18 00:45 - 2015-05-18 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-18 00:45 - 2015-05-18 00:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-18 00:45 - 2015-05-18 00:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-18 00:45 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-18 00:45 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-18 00:45 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-17 15:55 - 2015-05-17 15:55 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-17 15:55 - 2015-05-17 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-17 15:55 - 2015-05-17 15:55 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-17 15:53 - 2015-05-16 19:08 - 06480808 _____ (Piriform Ltd) C:\Users\Don jar\Desktop\ccsetup505.exe
2015-05-16 03:03 - 2015-05-16 03:03 - 00001054 _____ () C:\WINDOWS\Tasks\Ws2tp6KnecTD1Z6kFk5NXwNTI0t.job
2015-05-15 01:41 - 2015-05-15 01:41 - 00000436 _____ () C:\WINDOWS\Tasks\SMW_UpdateTask_Time_3731343435333631312d344a414155342a2a236c6c5a.job
2015-05-15 01:40 - 2015-05-15 01:40 - 00022512 _____ () C:\WINDOWS\system32\Drivers\SPPD.sys
2015-05-15 01:38 - 2015-05-15 01:38 - 00000000 ____D () C:\WINDOWS\pss
2015-05-15 00:55 - 2015-05-15 00:55 - 00004084 _____ () C:\WINDOWS\System32\Tasks\Crossbrowse
2015-05-13 11:57 - 2015-05-13 12:04 - 01306301 _____ () C:\Users\Don jar\Downloads\Unconfirmed 443568.crdownload
2015-05-13 03:47 - 2015-05-15 00:37 - 00001014 _____ () C:\WINDOWS\Tasks\seajybw.job
2015-05-13 03:47 - 2015-05-13 03:47 - 00004028 _____ () C:\WINDOWS\System32\Tasks\seajybw
2015-05-13 03:12 - 2015-05-13 03:47 - 00000621 _____ () C:\WINDOWS\wininit.ini
2015-05-12 11:49 - 2015-05-12 11:49 - 00725168 _____ (Application Installer ) C:\Users\Don jar\Downloads\Unconfirmed 393537.crdownload
2015-05-12 11:32 - 2015-05-15 00:37 - 00001032 _____ () C:\WINDOWS\Tasks\tBWYNuSb4heDb4Ec.job
2015-05-12 11:32 - 2015-05-12 11:32 - 00004044 _____ () C:\WINDOWS\System32\Tasks\tBWYNuSb4heDb4Ec
2015-05-12 10:57 - 2015-05-12 10:57 - 00000000 ____D () C:\Program Files\Coupoon
2015-05-12 09:40 - 2015-05-12 09:40 - 00003598 _____ () C:\WINDOWS\System32\Tasks\SMWUpd
2015-05-12 09:40 - 2015-05-12 09:40 - 00003404 _____ () C:\WINDOWS\System32\Tasks\Installer_shopperpro
2015-05-12 09:40 - 2015-05-12 09:40 - 00003392 _____ () C:\WINDOWS\System32\Tasks\Installer_geforce
2015-05-12 09:39 - 2015-05-12 09:39 - 00003548 _____ () C:\WINDOWS\System32\Tasks\Inst_Rep
2015-05-12 09:37 - 2015-05-15 00:37 - 00001028 _____ () C:\WINDOWS\Tasks\cLlbOgky8LYQzi.job
2015-05-12 09:37 - 2015-05-12 09:37 - 00004042 _____ () C:\WINDOWS\System32\Tasks\cLlbOgky8LYQzi
2015-05-12 09:35 - 2015-05-12 09:35 - 00000000 ____D () C:\Program Files (x86)\c33670e1-3a38-4032-8ad8-68dcc99ef6cd
2015-05-12 09:34 - 2015-05-15 01:41 - 00000000 ____D () C:\ProgramData\abc
2015-05-12 09:31 - 2015-05-12 09:31 - 00000000 _____ () C:\WINDOWS\SysWOW64\Number of results
2015-05-12 01:55 - 2015-05-12 01:56 - 00725168 _____ (Application Installer ) C:\Users\Don jar\Downloads\Unconfirmed 424317.crdownload
2015-05-11 13:12 - 2015-05-11 13:13 - 00725168 _____ (Application Installer ) C:\Users\Don jar\Downloads\Unconfirmed 865478.crdownload
2015-05-11 12:31 - 2015-05-11 12:32 - 00725168 _____ (Application Installer ) C:\Users\Don jar\Downloads\Unconfirmed 598689.crdownload
2015-05-10 12:22 - 2015-05-10 12:22 - 00726600 _____ (Software Application Web ) C:\Users\Don jar\Downloads\Unconfirmed 206211.crdownload
2015-05-10 11:14 - 2015-05-10 11:15 - 00726600 _____ (Software Application Web ) C:\Users\Don jar\Downloads\Unconfirmed 349292.crdownload
2015-05-10 06:19 - 2015-05-10 06:20 - 00726600 _____ (Software Application Web ) C:\Users\Don jar\Downloads\Unconfirmed 617955.crdownload
2015-05-09 17:32 - 2015-05-09 17:32 - 00880208 _____ (Google Inc.) C:\Users\Don jar\Downloads\ChromeSetup (1).exe
2015-05-09 01:26 - 2015-05-09 01:26 - 00880208 _____ (Google Inc.) C:\Users\Don jar\Downloads\ChromeSetup.exe
2015-05-08 11:47 - 2015-05-15 01:19 - 00000112 _____ () C:\ProgramData\V4RAOCJ.dat
2015-05-08 11:36 - 2015-05-13 12:29 - 00000000 ____D () C:\Program Files (x86)\Coupoon
2015-05-08 04:13 - 2015-05-08 04:13 - 00000000 ____D () C:\Users\Don jar\AppData\Roaming\Max Computer Cleaner
2015-05-08 04:05 - 2015-05-08 04:05 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-08 03:54 - 2015-05-08 03:54 - 00000000 ____D () C:\Users\Don jar\AppData\Roaming\Run_dregol
2015-05-08 03:53 - 2015-05-08 03:54 - 00000000 ____D () C:\Program Files (x86)\Run_Dregol
2015-05-08 03:33 - 2015-05-08 03:34 - 00000000 ____D () C:\Users\Don jar\AppData\Local\12796BCE-1431056029-9D39-F953-74FFC26B80C5
2015-05-08 03:30 - 2015-05-08 14:56 - 00000000 ____D () C:\Users\Don jar\AppData\Roaming\12796BCE-1431070224-9D39-F953-74FFC26B80C5
2015-05-07 01:38 - 2015-05-07 01:39 - 00000000 ____D () C:\Users\Don jar\AppData\Local\Games Bot
2015-05-04 10:22 - 2015-05-04 10:25 - 00022210 ____H () C:\Users\Don jar\Desktop\~WRL1739.tmp
2015-04-30 11:20 - 2015-04-30 11:20 - 00000000 ____D () C:\Users\Don jar\AppData\Local\BrowserHelper
2015-04-30 11:07 - 2015-05-08 15:04 - 00000000 ____D () C:\ProgramData\SearchModulePlus
2015-04-30 11:06 - 2015-04-30 11:06 - 00000000 ____D () C:\Users\Don jar\AppData\Local\CrashRpt
2015-04-29 12:16 - 2015-05-18 02:00 - 00000000 ____D () C:\Users\Don jar\AppData\Roaming\Winsta
2015-04-29 12:16 - 2015-05-18 02:00 - 00000000 ____D () C:\Users\Don jar\AppData\Roaming\jellylam
2015-04-29 12:16 - 2015-05-12 11:51 - 00003246 _____ () C:\WINDOWS\System32\Tasks\DriverMgr
2015-04-29 12:16 - 2015-05-12 11:50 - 00000000 ____D () C:\Users\Don jar\AppData\Roaming\Convertor
2015-04-28 01:55 - 2015-05-08 15:05 - 00000000 ____D () C:\Users\Don jar\AppData\Local\Pro_PC_Cleaner
2015-04-28 01:55 - 2015-04-28 01:55 - 00003466 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Popup
2015-04-28 01:55 - 2015-04-28 01:55 - 00003202 _____ () C:\WINDOWS\System32\Tasks\ProPCCleaner_Start
2015-04-28 01:54 - 2015-05-08 15:04 - 00000000 ____D () C:\Program Files (x86)\Pro PC Cleaner
2015-04-28 01:54 - 2015-04-28 01:54 - 00000000 ____D () C:\Users\Don jar\Documents\ProPCCleaner
2015-04-28 01:53 - 2015-05-08 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
2015-04-28 01:51 - 2015-05-08 14:28 - 00000000 ____D () C:\Users\Don jar\AppData\Roaming\Pro PC Cleaner
2015-04-28 01:50 - 2015-05-12 11:51 - 00003782 _____ () C:\WINDOWS\System32\Tasks\Convertor
2015-04-28 01:50 - 2015-05-12 11:51 - 00003298 _____ () C:\WINDOWS\System32\Tasks\Winsta Update
2015-04-28 01:50 - 2015-05-12 11:51 - 00003240 _____ () C:\WINDOWS\System32\Tasks\WinKit
2015-04-28 01:50 - 2015-05-08 15:35 - 00000000 ____D () C:\Users\Don jar\AppData\Roaming\PDFConvert
2015-04-28 01:50 - 2015-05-08 15:04 - 00000000 ____D () C:\Program Files (x86)\Convertor
2015-04-28 01:50 - 2015-05-08 13:54 - 00000000 ____D () C:\Program Files (x86)\Winsta
2015-04-26 21:53 - 2015-04-26 21:53 - 00003142 _____ () C:\WINDOWS\System32\Tasks\{74D68A33-85F6-4E3F-A53A-F8CF5382B326}
2015-04-26 21:50 - 2015-04-26 21:50 - 00000000 ____D () C:\Program Files (x86)\predm
2015-04-26 21:34 - 2015-04-26 21:35 - 01103080 _____ (Installer Setup) C:\Users\Don jar\Downloads\Setup (3).exe
2015-04-26 21:33 - 2015-04-26 21:34 - 01103080 _____ (Installer Setup) C:\Users\Don jar\Downloads\Setup (2).exe
2015-04-26 12:53 - 2015-04-26 12:53 - 00000000 ____D () C:\Users\Don jar\AppData\Roaming\WebExtend
2015-04-26 02:38 - 2015-05-08 15:35 - 00000000 ____D () C:\Users\Don jar\Downloads\Black Asian Dating Site, Black Asian Singles, Black Asian Personals at PerfectMatch.com_files
2015-04-26 02:38 - 2015-04-26 02:38 - 00070009 _____ () C:\Users\Don jar\Downloads\Black Asian Dating Site, Black Asian Singles, Black Asian Personals at PerfectMatch.com.html
2015-04-26 00:57 - 2015-05-08 15:04 - 00000000 ____D () C:\Program Files (x86)\Ninja Loader
2015-04-26 00:57 - 2015-05-08 13:55 - 00000000 ____D () C:\Users\Don jar\AppData\Local\Ninja Loader
2015-04-25 00:55 - 2015-04-25 00:55 - 00003990 _____ () C:\WINDOWS\System32\Tasks\LaunchPreSignup
2015-04-24 11:26 - 2015-04-24 11:38 - 00000137 _____ () C:\WINDOWS\Reimage.ini
2015-04-24 10:54 - 2015-05-15 00:37 - 00001014 _____ () C:\WINDOWS\Tasks\YRORXaf.job
2015-04-24 10:54 - 2015-04-24 10:54 - 00004026 _____ () C:\WINDOWS\System32\Tasks\YRORXaf
2015-04-24 10:53 - 2015-04-30 11:11 - 00000045 _____ () C:\user.js
2015-04-24 10:53 - 2015-04-24 10:53 - 00003568 _____ () C:\WINDOWS\System32\Tasks\SPUVG
2015-04-24 10:53 - 2015-04-23 07:36 - 00409392 _____ (Gambali OEM Software) C:\WINDOWS\system32\Gambali64.dll
2015-04-24 10:53 - 2015-04-23 07:36 - 00341800 _____ (Gambali OEM Software) C:\WINDOWS\SysWOW64\Gambali.dll
2015-04-24 10:52 - 2015-05-08 15:04 - 00000000 ____D () C:\ProgramData\634af84c257e446593c8317e01716daf
2015-04-24 10:52 - 2015-04-24 10:52 - 00000000 ____D () C:\ProgramData\6e393ce3ffe841018f51c4c655d01187
2015-04-24 10:43 - 2015-05-08 15:04 - 00000000 ____D () C:\Users\Don jar\AppData\Local\12796BCE-1429872190-9D39-F953-74FFC26B80C5
2015-04-24 10:42 - 2015-05-12 12:57 - 00000000 ____D () C:\Users\Don jar\AppData\Roaming\12796BCE-1429872125-9D39-F953-74FFC26B80C5

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 14:28 - 2012-08-25 20:15 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2015-05-20 14:27 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-20 06:02 - 2014-09-24 03:15 - 00006842 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-20 05:06 - 2014-10-28 12:48 - 00000000 ____D () C:\Users\Don jar
2015-05-20 04:14 - 2013-06-18 23:09 - 00000000 ____D () C:\Users\Don jar\Documents\Visual Studio 2010
2015-05-18 05:00 - 2013-07-10 10:33 - 00000000 ____D () C:\Program Files (x86)\Zoom Downloader
2015-05-18 04:51 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-18 04:50 - 2012-12-04 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-18 03:07 - 2013-08-22 10:44 - 00485424 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-18 02:00 - 2015-03-12 01:14 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-05-18 02:00 - 2014-11-13 10:02 - 00000000 ____D () C:\Program Files (x86)\Bench
2015-05-18 02:00 - 2013-04-01 23:18 - 00000000 ____D () C:\Program Files (x86)\Tuguu SL
2015-05-18 00:51 - 2013-02-05 11:13 - 00000000 ____D () C:\Program Files (x86)\AOL Toolbar
2015-05-17 16:15 - 2014-10-28 16:18 - 00000000 ___DC () C:\WINDOWS\Panther
2015-05-17 16:15 - 2012-11-28 20:28 - 00000000 ____D () C:\Users\Don jar\AppData\Local\CrashDumps
2015-05-15 01:40 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-15 01:28 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-15 01:23 - 2012-12-04 19:18 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-15 01:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-15 00:59 - 2012-11-27 22:30 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3014910660-1131023439-13105803-1004
2015-05-15 00:47 - 2014-12-07 19:22 - 00000000 ____D () C:\Users\Don jar\AppData\Roaming\ViberPC
2015-05-15 00:44 - 2014-12-07 19:17 - 00000000 ____D () C:\Users\Don jar\AppData\Local\Viber
2015-05-15 00:44 - 2013-06-22 21:04 - 00000000 ___RD () C:\Users\Don jar\Google Drive
2015-05-15 00:37 - 2015-03-12 01:31 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-15 00:37 - 2012-12-04 19:18 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-13 13:29 - 2012-12-04 21:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 13:20 - 2013-11-19 12:50 - 00000000 ____D () C:\Users\Don jar\Desktop\New folder
2015-05-13 12:25 - 2013-07-23 20:07 - 00000000 ____D () C:\Users\Don jar\Desktop\New folder (5)
2015-05-12 11:51 - 2014-11-13 10:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-05-12 01:59 - 2013-01-04 22:20 - 00000000 ____D () C:\Users\Don jar\Documents\DateHookup.com - Search For Singles_files
2015-05-09 22:39 - 2014-11-14 12:18 - 00000000 ___HD () C:\Users\Public\Temp
2015-05-09 21:58 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-09 17:51 - 2013-06-22 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-08 15:41 - 2014-10-28 12:48 - 00000000 ____D () C:\Users\Al
2015-05-08 15:39 - 2014-12-13 01:55 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-05-08 15:39 - 2014-09-24 05:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-05-08 15:39 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-05-08 15:39 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-05-08 15:39 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-08 15:39 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-08 15:39 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2015-05-08 15:39 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-05-08 15:39 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-05-08 15:39 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-05-08 15:36 - 2015-04-04 23:07 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-08 15:36 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2015-05-08 15:36 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-05-08 15:36 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-08 15:36 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-05-08 15:36 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-05-08 15:04 - 2015-04-18 10:17 - 00000000 ____D () C:\ProgramData\{92b63194-ec53-2f78-92b6-63194ec5c653}
2015-05-08 15:04 - 2015-04-14 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-05-08 15:04 - 2015-04-14 13:06 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.79
2015-05-08 15:04 - 2015-04-14 13:05 - 00000000 ____D () C:\ProgramData\{d6700cc6-1689-4a8e-d670-00cc61683318}
2015-05-08 15:04 - 2014-10-28 12:26 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-08 15:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-08 15:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-05-08 15:04 - 2012-08-25 20:15 - 00000000 ____D () C:\ProgramData\Norton
2015-05-08 14:34 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\registration
2015-05-08 14:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-05-05 09:53 - 2012-12-01 05:42 - 00000000 ____D () C:\Users\Don jar\Documents\MATLAB
2015-05-03 01:48 - 2013-09-23 19:18 - 00000000 ____D () C:\WINDOWS\system32\MRT

==================== Files in the root of some directories =======

2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Don jar\AppData\Roaming\cLlbOgky8LYQzi
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Don jar\AppData\Roaming\cLlbOgky8LYQzi.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Don jar\AppData\Roaming\seajybw
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Don jar\AppData\Roaming\seajybw.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Don jar\AppData\Roaming\tBWYNuSb4heDb4Ec
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Don jar\AppData\Roaming\tBWYNuSb4heDb4Ec.exe
2014-10-01 13:02 - 2014-10-01 13:02 - 0000046 _____ () C:\Users\Don jar\AppData\Roaming\WB.CFG
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Don jar\AppData\Roaming\Ws2tp6KnecTD1Z6kFk5NXwNTI0t
2015-04-20 10:05 - 2015-04-20 10:05 - 1579520 _____ () C:\Users\Don jar\AppData\Roaming\Ws2tp6KnecTD1Z6kFk5NXwNTI0t.exe
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Don jar\AppData\Roaming\YRORXaf
2015-04-20 09:45 - 2015-04-20 09:45 - 1579520 _____ () C:\Users\Don jar\AppData\Roaming\YRORXaf.exe
2014-01-28 00:06 - 2014-01-28 00:06 - 0004608 _____ () C:\Users\Don jar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-21 01:39 - 2015-03-11 09:57 - 0000175 _____ () C:\ProgramData\dlea.log
2012-12-01 07:12 - 2015-01-21 02:19 - 0063560 _____ () C:\ProgramData\dleaJSW.log
2012-12-01 06:58 - 2014-10-28 10:42 - 0018394 _____ () C:\ProgramData\dleascan.log
2012-12-11 15:03 - 2012-12-11 15:03 - 9068507 _____ () C:\ProgramData\SPL3A3B.tmp
2013-05-06 15:38 - 2013-05-06 15:38 - 7964593 _____ () C:\ProgramData\SPL6385.tmp
2012-12-01 07:38 - 2012-12-01 07:38 - 9065159 _____ () C:\ProgramData\SPL9428.tmp
2012-12-11 15:03 - 2012-12-11 15:03 - 2990772 _____ () C:\ProgramData\SPLB1AB.tmp
2012-12-01 07:29 - 2012-12-01 07:29 - 9057673 _____ () C:\ProgramData\SPLB4C2.tmp
2015-05-08 11:47 - 2015-05-15 01:19 - 0000112 _____ () C:\ProgramData\V4RAOCJ.dat

Files to move or delete:
====================
C:\ProgramData\V4RAOCJ.dat


Some content of TEMP:
====================
C:\Users\Don jar\AppData\Local\Temp\SEVINST64x86.EXE
C:\Users\Don jar\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_8103.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-09 23:39

==================== End Of Log ============================


Edited by LimeGreene, 21 May 2015 - 01:45 AM.


#5 LimeGreene

LimeGreene
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 21 May 2015 - 01:36 AM

Here, once again, is the log from AdwCleaner, this time executed with administrator permission. Again, I'd have hit 'clean' if not for all the registry keys it turned up and not wanting to delete anything vital.

 

# AdwCleaner v4.204 - Logfile created 21/05/2015 at 02:27:16
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Don jar - ALSTATION
# Running from : F:\adwcleaner_4.204.exe
# Option : Scan

***** [ Services ] *****

Service Found : netfilter64
Service Found : YahooAUService
Service Found : CoupoonService64
Service Found : innfd_1_10_0_14

***** [ Files / Folders ] *****

File Found : C:\Program Files\Common Files\System\SysMenu.dll
File Found : C:\Program Files\Common Files\System\SysMenu64.dll
File Found : C:\Users\Al\Desktop\PepperZip.lnk
File Found : C:\Users\Don jar\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js
File Found : C:\WINDOWS\Reimage.ini
File Found : C:\WINDOWS\System32\29xyOff.ini
File Found : C:\WINDOWS\System32\drivers\netfilter64.sys
File Found : C:\WINDOWS\System32\drivers\scjrtr.sys
File Found : C:\WINDOWS\System32\drivers\SPPD.sys
File Found : C:\WINDOWS\System32\Gambali64.dll
File Found : C:\WINDOWS\System32\scxy64.dll
File Found : C:\WINDOWS\SysWOW64\29xyOff.ini
File Found : C:\WINDOWS\SysWOW64\Gambali.dll
File Found : C:\WINDOWS\SysWOW64\scxy.dll
Folder Found : C:\Program Files (x86)\AOL Toolbar
Folder Found : C:\Program Files (x86)\AVG Security Toolbar
Folder Found : C:\Program Files (x86)\Bench
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Convertor
Folder Found : C:\Program Files (x86)\coupoon
Folder Found : C:\Program Files (x86)\Coupoon
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\Optimizer Pro 3.79
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\Run_Dregol
Folder Found : C:\Program Files (x86)\tuguu sl
Folder Found : C:\Program Files (x86)\Winsta
Folder Found : C:\Program Files (x86)\Zoom Downloader
Folder Found : C:\Program Files\Coupoon
Folder Found : C:\Program Files\coupoon
Folder Found : C:\ProgramData\{92b63194-ec53-2f78-92b6-63194ec5c653}
Folder Found : C:\ProgramData\{d6700cc6-1689-4a8e-d670-00cc61683318}
Folder Found : C:\ProgramData\484c88ed00005f64
Folder Found : C:\ProgramData\AOL Toolbar
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Found : C:\ProgramData\RightClick
Folder Found : C:\ProgramData\SearchModulePlus
Folder Found : C:\ProgramData\SoftSafe
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\Users\Don jar\AppData\Local\12796BCE-1426123263-9D39-F953-74FFC26B80C5
Folder Found : C:\Users\Don jar\AppData\Local\12796BCE-1429872190-9D39-F953-74FFC26B80C5
Folder Found : C:\Users\Don jar\AppData\Local\12796BCE-1431056029-9D39-F953-74FFC26B80C5
Folder Found : C:\Users\Don jar\AppData\Local\AOL Toolbar
Folder Found : C:\Users\Don jar\AppData\Local\BrowserHelper
Folder Found : C:\Users\Don jar\AppData\Local\Conduit
Folder Found : C:\Users\Don jar\AppData\Local\DefineExt
Folder Found : C:\Users\Don jar\AppData\Local\Games Bot
Folder Found : C:\Users\Don jar\AppData\Local\globalUpdate
Folder Found : C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc
Folder Found : C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko
Folder Found : C:\Users\Don jar\AppData\Local\SwvUpdater
Folder Found : C:\Users\Don jar\AppData\Local\Zoom_Downloader
Folder Found : C:\Users\Don jar\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Found : C:\Users\Don jar\AppData\LocalLow\Browse2Save
Folder Found : C:\Users\Don jar\AppData\LocalLow\Conduit
Folder Found : C:\Users\Don jar\AppData\LocalLow\visi_coupon
Folder Found : C:\Users\Don jar\AppData\LocalLow\WebProtector
Folder Found : C:\Users\Don jar\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Don jar\AppData\LocalLow\YahooCouponAddOn
Folder Found : C:\Users\Don jar\AppData\Roaming\Convertor
Folder Found : C:\Users\Don jar\AppData\Roaming\Max Computer Cleaner
Folder Found : C:\Users\Don jar\AppData\Roaming\NCdownloader
Folder Found : C:\Users\Don jar\AppData\Roaming\Run_Dregol
Folder Found : C:\Users\Don jar\AppData\Roaming\Store
Folder Found : C:\Users\Don jar\AppData\Roaming\WebExtend
Folder Found : C:\Users\Don jar\AppData\Roaming\Winsta
Folder Found : C:\Users\Don jar\AppData\Roaming\WTools
Folder Found : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\SearchProtect

***** [ Scheduled tasks ] *****

Task Found : Convertor
Task Found : Crossbrowse
Task Found : globalUpdateUpdateTaskMachineCore
Task Found : globalUpdateUpdateTaskMachineUA
Task Found : Inst_Rep
Task Found : LaunchSignup
Task Found : Optimizer Pro Schedule
Task Found : WinKit
Task Found : LaunchPreSignup
Task Found : avabvyxvdy
Task Found : Winsta Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:63868;hxxps=127.0.0.1:63868
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\ArenaHD
Key Found : HKCU\Software\Classes\PepperZip
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cores
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Crossbrowse
Key Found : HKCU\Software\Define Ext
Key Found : HKCU\Software\GAMESDESKTOP
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Google\Chrome\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko
Key Found : HKCU\Software\HighDefAction
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3AF89E67-E2A8-4CA4-BEB6-FCB21AC896A3}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A19A3D5-DEBA-4C7F-AB9C-70182814A2A7}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\Reimage
Key Found : HKCU\Software\SearchModulePlus
Key Found : HKCU\Software\Store
Key Found : HKCU\Software\Super Optimizer
Key Found : HKCU\Software\torch
Key Found : HKCU\Software\UpdateFiles
Key Found : HKCU\Software\WTools
Key Found : HKCU\Software\YorkNewCin
Key Found : [x64] HKCU\Software\ArenaHD
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Cores
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\Crossbrowse
Key Found : [x64] HKCU\Software\Define Ext
Key Found : [x64] HKCU\Software\GAMESDESKTOP
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\HighDefAction
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3AF89E67-E2A8-4CA4-BEB6-FCB21AC896A3}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A19A3D5-DEBA-4C7F-AB9C-70182814A2A7}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\Reimage
Key Found : [x64] HKCU\Software\SearchModulePlus
Key Found : [x64] HKCU\Software\Store
Key Found : [x64] HKCU\Software\Super Optimizer
Key Found : [x64] HKCU\Software\torch
Key Found : [x64] HKCU\Software\UpdateFiles
Key Found : [x64] HKCU\Software\WTools
Key Found : [x64] HKCU\Software\YorkNewCin
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\78dedea9-429b-e3da-bb8d-fb2336852f5f
Key Found : HKLM\SOFTWARE\ArenaHD
Key Found : HKLM\SOFTWARE\b7bd590d-c0b5-497b-a1b4-10b6301f4944
Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\4270603C7CA6FEB45B61F4B6D10988D7
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\4270603C7CA6FEB45B61F4B6D10988D7
Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287819
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Coupoon
Key Found : HKLM\SOFTWARE\coupoon
Key Found : HKLM\SOFTWARE\Crossbrowse
Key Found : HKLM\SOFTWARE\dd37c962-12ae-494c-aec5-25a6dd56e998
Key Found : HKLM\SOFTWARE\Define Ext
Key Found : HKLM\SOFTWARE\firstsearch
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\SOFTWARE\HighDefAction
Key Found : HKLM\SOFTWARE\LookSafe
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404C-B74F-50526718257D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A7B4164-AFC7-4E7D-B54B-7EE5396D4F1E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKLM\SOFTWARE\ORBTR
Key Found : HKLM\SOFTWARE\SearchModule
Key Found : HKLM\SOFTWARE\SProtector
Key Found : HKLM\SOFTWARE\torch
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\WebProtector
Key Found : HKLM\SOFTWARE\weDownload
Key Found : HKLM\SOFTWARE\YorkNewCin
Key Found : [x64] HKLM\SOFTWARE\ArenaHD
Key Found : [x64] HKLM\SOFTWARE\BubbleSound
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{04C7D782-D896-4B7C-8216-5A7AE5DC7736}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31AA0616-1339-48A7-9AC1-6129D6B4A1FE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5C37FA58-CD9E-42FD-B395-FDA1A84C4369}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7787831C-551E-4FF5-9C6A-A5684183EB3F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9DAD1C60-3749-44D6-86B6-A5F5C573C350}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A6EE8EFB-0085-4B8A-871F-96DF2BC0D180}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AD8140BF-6355-4051-A0B1-2E69C0FF765C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2572374-DE97-4360-8F70-C7C4B281EA9E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B4D03774-A43E-4A12-94F2-2AEF5AC4E945}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D3FC56E7-BB9F-4281-B8BE-5CFF5F65C1DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D7D7E6DA-A99C-4E09-BDCC-4509E669A95C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EDA21FDA-6107-43FA-A938-959955ADF842}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCF8D7AC-579A-4023-94C9-F15342FACBBA}
Key Found : [x64] HKLM\SOFTWARE\coupoon
Key Found : [x64] HKLM\SOFTWARE\Coupoon
Key Found : [x64] HKLM\SOFTWARE\HighDefAction
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404C-B74F-50526718257D}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4270603C7CA6FEB45B61F4B6D10988D7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : [x64] HKLM\SOFTWARE\Reimage
Key Found : [x64] HKLM\SOFTWARE\SearchModule
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Key Found : [x64] HKLM\SOFTWARE\WebBar
Key Found : [x64] HKLM\SOFTWARE\YorkNewCin
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DownloadManager]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Value Found : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://tikotin.com

-\\ Mozilla Firefox v


-\\ Google Chrome v42.0.2311.135

[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ch-webpickaol-chromesbox-en-us&tb_uuid=20120510100428299&tb_oid=10-05-2012&tb_mrud=10-05-2012
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www-searching.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}&s=F4Uzbuzdk00CN1,ef599be9-b90d-4e03-921e-c16c8e4fea39,
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3334303&octid=EB_ORIGINAL_CTID&ISID=MC057788D-4877-4320-977C-E9547FD17DFB&SearchSource=58&CUI=&UM=8&UP=SPD8C54462-089E-4BFB-A90F-BAA3888448D8&D=051315&q={searchTerms}&SSPV=
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : ogccgbmabaphcakpiclgcnmcnimhokcj
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : kfecnpmgnlnbmipaogfhoacoioifjgko
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : bejnhdlplbjhffionohbdnpcbobfejcc
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3334303&octid=EB_ORIGINAL_CTID&ISID=MC057788D-4877-4320-977C-E9547FD17DFB&SearchSource=55&CUI=&UM=8&UP=SPD8C54462-089E-4BFB-A90F-BAA3888448D8&D=051315&SSPV=
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : hxxp://www.trovi.com/?gd=&ctid=CT3334303&octid=EB_ORIGINAL_CTID&ISID=MC057788D-4877-4320-977C-E9547FD17DFB&SearchSource=55&CUI=&UM=8&UP=SPD8C54462-089E-4BFB-A90F-BAA3888448D8&D=051315&SSPV=
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Default_Search_Provider_Data] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3334303&octid=EB_ORIGINAL_CTID&ISID=MC057788D-4877-4320-977C-E9547FD17DFB&SearchSource=58&CUI=&UM=8&UP=SPD8C54462-089E-4BFB-A90F-BAA3888448D8&D=051315&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [29124 bytes] - [20/05/2015 04:01:41]
AdwCleaner[R1].txt - [29184 bytes] - [20/05/2015 06:06:04]
AdwCleaner[R2].txt - [28628 bytes] - [21/05/2015 02:27:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [28688 bytes] ##########
 



#6 LimeGreene

LimeGreene
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 21 May 2015 - 01:44 AM

Disregard.


Edited by LimeGreene, 21 May 2015 - 01:46 AM.


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:22 PM

Posted 21 May 2015 - 02:33 AM

 

Boot Mode: Safe Mode (minimal)

 

You have to boot in normal mode for the following steps!

 

Step 1

  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    Define Ext
    Download Updater
    globalupdate Helper
    Optimizer Pro v3.2
    Torch
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

Step 2

Scan with adwcleaner.png AdwCleaner (by Xplode).

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 3

v21logo.PNG

Scan with Malwarebytes Anti-Malware.

  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].

mbamv21.gif


Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 21 May 2015 - 02:36 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 LimeGreene

LimeGreene
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 22 May 2015 - 12:52 AM

This is the log from AdwCleaner:  I just realized I forgot to run as an admin. Hopefully this doesn't change the outcome too much.

 

# AdwCleaner v4.204 - Logfile created 22/05/2015 at 01:15:15
# Updated 12/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Don jar - ALSTATION
# Running from : F:\adwcleaner_4.204.exe
# Option : Scan

***** [ Services ] *****

Service Found : CltMngSvc
Service Found : consumerinput_update
Service Found : consumerinput_updatem
Service Found : netfilter64
Service Found : SPPD
Service Found : YahooAUService
Service Found : CoupoonService64
Service Found : innfd_1_10_0_13
Service Found : innfd_1_10_0_14

***** [ Files / Folders ] *****

File Found : C:\Program Files\Common Files\System\SysMenu.dll
File Found : C:\Program Files\Common Files\System\SysMenu64.dll
File Found : C:\Users\Al\Desktop\PepperZip.lnk
File Found : C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
File Found : C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
File Found : C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage
File Found : C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage-journal
File Found : C:\Users\Don jar\AppData\Roaming\Bubble Dock.boostrap.log
File Found : C:\Users\Don jar\AppData\Roaming\Bubble Dock.installation.log
File Found : C:\Users\Don jar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
File Found : C:\Users\Don jar\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js
File Found : C:\Users\Don jar\AppData\Roaming\Selection Tools.installation.log
File Found : C:\Users\Don jar\AppData\Roaming\WindApp.boostrap.log
File Found : C:\Users\Don jar\AppData\Roaming\WindApp.installation.log
File Found : C:\Users\Don jar\Desktop\Desktop Search.lnk
File Found : C:\Users\DONJAR~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
File Found : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Found : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
File Found : C:\WINDOWS\AppPatch\nbin\VC32Loader.dll
File Found : C:\WINDOWS\Reimage.ini
File Found : C:\WINDOWS\System32\29xyOff.ini
File Found : C:\WINDOWS\System32\drivers\innfd_1_10_0_13.sys
File Found : C:\WINDOWS\System32\drivers\netfilter64.sys
File Found : C:\WINDOWS\System32\drivers\scjrtr.sys
File Found : C:\WINDOWS\System32\Gambali64.dll
File Found : C:\WINDOWS\System32\scxy64.dll
File Found : C:\WINDOWS\SysWOW64\29xyOff.ini
File Found : C:\WINDOWS\SysWOW64\Gambali.dll
File Found : C:\WINDOWS\SysWOW64\scxy.dll
Folder Found : C:\Program Files (x86)\AOL Toolbar
Folder Found : C:\Program Files (x86)\AVG Security Toolbar
Folder Found : C:\Program Files (x86)\Bench
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Consumer Input
Folder Found : C:\Program Files (x86)\Convertor
Folder Found : C:\Program Files (x86)\Coupoon
Folder Found : C:\Program Files (x86)\coupoon
Folder Found : C:\Program Files (x86)\Crossbrowse
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\gmsd_us_608
Folder Found : C:\Program Files (x86)\Infonaut_1.10.0.13
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\Run_Dregol
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\tuguu sl
Folder Found : C:\Program Files (x86)\Winsta
Folder Found : C:\Program Files\Coupoon
Folder Found : C:\Program Files\coupoon
Folder Found : C:\ProgramData\{92b63194-ec53-2f78-92b6-63194ec5c653}
Folder Found : C:\ProgramData\{d6700cc6-1689-4a8e-d670-00cc61683318}
Folder Found : C:\ProgramData\484c88ed00005f64
Folder Found : C:\ProgramData\AOL Toolbar
Folder Found : C:\ProgramData\DesktopSearch
Folder Found : C:\ProgramData\FlashBeat
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Found : C:\ProgramData\RightClick
Folder Found : C:\ProgramData\SearchModulePlus
Folder Found : C:\ProgramData\SoftSafe
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\Users\Don jar\AppData\Local\12796BCE-1426123263-9D39-F953-74FFC26B80C5
Folder Found : C:\Users\Don jar\AppData\Local\12796BCE-1429872190-9D39-F953-74FFC26B80C5
Folder Found : C:\Users\Don jar\AppData\Local\12796BCE-1431056029-9D39-F953-74FFC26B80C5
Folder Found : C:\Users\Don jar\AppData\Local\AOL Toolbar
Folder Found : C:\Users\Don jar\AppData\Local\BrowserHelper
Folder Found : C:\Users\Don jar\AppData\Local\Conduit
Folder Found : C:\Users\Don jar\AppData\Local\Consumer Input
Folder Found : C:\Users\Don jar\AppData\Local\Crossbrowse
Folder Found : C:\Users\Don jar\AppData\Local\DefineExt
Folder Found : C:\Users\Don jar\AppData\Local\DesktopSearch
Folder Found : C:\Users\Don jar\AppData\Local\Games Bot
Folder Found : C:\Users\Don jar\AppData\Local\globalUpdate
Folder Found : C:\Users\Don jar\AppData\Local\gmsd_us_608
Folder Found : C:\Users\Don jar\AppData\Local\SearchProtect
Folder Found : C:\Users\Don jar\AppData\Local\SmartWeb
Folder Found : C:\Users\Don jar\AppData\Local\SwvUpdater
Folder Found : C:\Users\Don jar\AppData\Local\Zoom_Downloader
Folder Found : C:\Users\Don jar\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Found : C:\Users\Don jar\AppData\LocalLow\Browse2Save
Folder Found : C:\Users\Don jar\AppData\LocalLow\Conduit
Folder Found : C:\Users\Don jar\AppData\LocalLow\SmartWeb
Folder Found : C:\Users\Don jar\AppData\LocalLow\visi_coupon
Folder Found : C:\Users\Don jar\AppData\LocalLow\WebProtector
Folder Found : C:\Users\Don jar\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Don jar\AppData\LocalLow\YahooCouponAddOn
Folder Found : C:\Users\Don jar\AppData\Roaming\Convertor
Folder Found : C:\Users\Don jar\AppData\Roaming\Max Computer Cleaner
Folder Found : C:\Users\Don jar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock
Folder Found : C:\Users\Don jar\AppData\Roaming\NCdownloader
Folder Found : C:\Users\Don jar\AppData\Roaming\Nosibay
Folder Found : C:\Users\Don jar\AppData\Roaming\Run_Dregol
Folder Found : C:\Users\Don jar\AppData\Roaming\Store
Folder Found : C:\Users\Don jar\AppData\Roaming\WebExtend
Folder Found : C:\Users\Don jar\AppData\Roaming\Winsta
Folder Found : C:\Users\Don jar\AppData\Roaming\WTools
Folder Found : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\SearchProtect

***** [ Scheduled tasks ] *****

Task Found : ConsumerInputUpdateTaskMachineCore
Task Found : ConsumerInputUpdateTaskMachineUA
Task Found : Convertor
Task Found : Crossbrowse
Task Found : globalUpdateUpdateTaskMachineCore
Task Found : globalUpdateUpdateTaskMachineUA
Task Found : Inst_Rep
Task Found : LaunchSignup
Task Found : Optimizer Pro Schedule
Task Found : SmartWeb Upgrade Trigger Task
Task Found : WinKit
Task Found : WindApp Update
Task Found : Selection Tools Update
Task Found : LaunchPreSignup
Task Found : avabvyxvdy
Task Found : amiupdaterExd
Task Found : amiupdaterExi
Task Found : Winsta Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:63868;hxxps=127.0.0.1:63868
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Compete
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartWeb
Key Found : HKCU\Software\ArenaHD
Key Found : HKCU\Software\Classes\PepperZip
Key Found : HKCU\Software\Compete
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cores
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\CrossBrowser
Key Found : HKCU\Software\Define Ext
Key Found : HKCU\Software\GAMESDESKTOP
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Google\Chrome\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko
Key Found : HKCU\Software\HighDefAction
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3AF89E67-E2A8-4CA4-BEB6-FCB21AC896A3}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A19A3D5-DEBA-4C7F-AB9C-70182814A2A7}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bubble Dock
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Selection Tools
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\windapp
Key Found : HKCU\Software\Nosibay
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\Reimage
Key Found : HKCU\Software\SearchModulePlus
Key Found : HKCU\Software\Store
Key Found : HKCU\Software\Super Optimizer
Key Found : HKCU\Software\torch
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\UpdateFiles
Key Found : HKCU\Software\WTools
Key Found : HKCU\Software\YorkNewCin
Key Found : [x64] HKCU\Software\ArenaHD
Key Found : [x64] HKCU\Software\Compete
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Cores
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\CrossBrowser
Key Found : [x64] HKCU\Software\Define Ext
Key Found : [x64] HKCU\Software\GAMESDESKTOP
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\HighDefAction
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3AF89E67-E2A8-4CA4-BEB6-FCB21AC896A3}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A19A3D5-DEBA-4C7F-AB9C-70182814A2A7}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Nosibay
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\Reimage
Key Found : [x64] HKCU\Software\SearchModulePlus
Key Found : [x64] HKCU\Software\Store
Key Found : [x64] HKCU\Software\Super Optimizer
Key Found : [x64] HKCU\Software\torch
Key Found : [x64] HKCU\Software\Tutorials
Key Found : [x64] HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\UpdateFiles
Key Found : [x64] HKCU\Software\WTools
Key Found : [x64] HKCU\Software\YorkNewCin
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\78dedea9-429b-e3da-bb8d-fb2336852f5f
Key Found : HKLM\SOFTWARE\ArenaHD
Key Found : HKLM\SOFTWARE\b7bd590d-c0b5-497b-a1b4-10b6301f4944
Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287819
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Coupoon
Key Found : HKLM\SOFTWARE\coupoon
Key Found : HKLM\SOFTWARE\dd37c962-12ae-494c-aec5-25a6dd56e998
Key Found : HKLM\SOFTWARE\Define Ext
Key Found : HKLM\SOFTWARE\firstsearch
Key Found : HKLM\SOFTWARE\FlashBeat
Key Found : HKLM\SOFTWARE\GAMESDESKTOP
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\SOFTWARE\HighDefAction
Key Found : HKLM\SOFTWARE\Infonaut_1.10.0.13
Key Found : HKLM\SOFTWARE\LookSafe
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Found : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404C-B74F-50526718257D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7A7B4164-AFC7-4E7D-B54B-7EE5396D4F1E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopSearch
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashBeat
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_608_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Infonaut_1.10.0.13
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKLM\SOFTWARE\SearchModule
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : HKLM\SOFTWARE\SProtector
Key Found : HKLM\SOFTWARE\torch
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\WebProtector
Key Found : HKLM\SOFTWARE\weDownload
Key Found : HKLM\SOFTWARE\YorkNewCin
Key Found : [x64] HKLM\SOFTWARE\ArenaHD
Key Found : [x64] HKLM\SOFTWARE\BubbleSound
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{04C7D782-D896-4B7C-8216-5A7AE5DC7736}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31AA0616-1339-48A7-9AC1-6129D6B4A1FE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5C37FA58-CD9E-42FD-B395-FDA1A84C4369}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7787831C-551E-4FF5-9C6A-A5684183EB3F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9DAD1C60-3749-44D6-86B6-A5F5C573C350}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A6EE8EFB-0085-4B8A-871F-96DF2BC0D180}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AD8140BF-6355-4051-A0B1-2E69C0FF765C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2572374-DE97-4360-8F70-C7C4B281EA9E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B4D03774-A43E-4A12-94F2-2AEF5AC4E945}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D3FC56E7-BB9F-4281-B8BE-5CFF5F65C1DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D7D7E6DA-A99C-4E09-BDCC-4509E669A95C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EDA21FDA-6107-43FA-A938-959955ADF842}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCF8D7AC-579A-4023-94C9-F15342FACBBA}
Key Found : [x64] HKLM\SOFTWARE\Coupoon
Key Found : [x64] HKLM\SOFTWARE\coupoon
Key Found : [x64] HKLM\SOFTWARE\FlashBeat
Key Found : [x64] HKLM\SOFTWARE\HighDefAction
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404C-B74F-50526718257D}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4270603C7CA6FEB45B61F4B6D10988D7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : [x64] HKLM\SOFTWARE\Reimage
Key Found : [x64] HKLM\SOFTWARE\SearchModule
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Key Found : [x64] HKLM\SOFTWARE\WebBar
Key Found : [x64] HKLM\SOFTWARE\YorkNewCin
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Bubble Dock]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DesktopSearch]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DownloadManager]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Selection Tools]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WindApp]
Value Found : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [ConsumerInput@Compete]
Value Found : HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [CRSBRWSHTML]
Value Found : HKLM\SOFTWARE\Classes\.html\OpenWithProgids [CRSBRWSHTML]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_us_608]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SmartWeb]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [YTDownloader]
Value Found : HKLM\SOFTWARE\RegisteredApplications [Crossbrowse]
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M658D866C-1AA4-46DC-AC79-FA61981518E6&SearchSource=55&CUI=&UM=8&UP=SP52452AB7-B7ED-4C25-9701-084B8FACC3D0&D=052115&SSPV=SP22340TB_sp_ie
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://tikotin.com

-\\ Mozilla Firefox v


-\\ Google Chrome v43.0.2357.65

[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ch-webpickaol-chromesbox-en-us&tb_uuid=20120510100428299&tb_oid=10-05-2012&tb_mrud=10-05-2012
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www-searching.com/search.aspx?site=shdefault&pid=s&shr=d&q={searchTerms}&s=F4Uzbuzdk00CN1,ef599be9-b90d-4e03-921e-c16c8e4fea39,
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3334303&octid=EB_ORIGINAL_CTID&ISID=MC057788D-4877-4320-977C-E9547FD17DFB&SearchSource=58&CUI=&UM=8&UP=SPD8C54462-089E-4BFB-A90F-BAA3888448D8&D=051315&q={searchTerms}&SSPV=SP22340TB_sp_ch
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3334303&octid=EB_ORIGINAL_CTID&ISID=MC057788D-4877-4320-977C-E9547FD17DFB&SearchSource=55&CUI=&UM=8&UP=SPD8C54462-089E-4BFB-A90F-BAA3888448D8&D=051315&SSPV=SP22340TB_sp_ch
[C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : DB71604D7C538CAEFBE99489FFABDB09BBEB364840EE3D1C4119E5926A68B1ED"},"software_reporter":{"prompt_reason":"65120135ED9379EB80676750B550B590070C84B553A1846174A3349EA46B1202","prompt_seed":"00413EAE882FD5E4B52D63A0427A54BFD5E0741DE68B98F28EFE2C61EAA884DB","prompt_version":"60BD2AC4F9D481546D85357FF22BE4EC54CE3A153758D48D17377AF3AC8F7CE2"},"sync":{"remaining_rollback_tries":"25B4E9958845A0DDF3DD4DC2E57C9048166EDAD0D75D8A5C6EEFCB35A686DD6A"}},"super_mac":"BBF7077B07AD582B60620F88D8DC3065F82711F67C7A8B40A048CE64EA2858F0"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.trovi.com/?gd=&ctid=CT3334303&octid=EB_ORIGINAL_CTID&ISID=MC057788D-4877-4320-977C-E9547FD17DFB&SearchSource=55&CUI=&UM=8&UP=SPD8C54462-089E-4BFB-A90F-BAA3888448D8&D=051315&SSPV=SP22340TB_sp_ch

*************************

AdwCleaner[R0].txt - [29124 bytes] - [20/05/2015 04:01:41]
AdwCleaner[R1].txt - [29184 bytes] - [20/05/2015 06:06:04]
AdwCleaner[R2].txt - [29068 bytes] - [21/05/2015 02:27:16]
AdwCleaner[R3].txt - [34070 bytes] - [22/05/2015 01:15:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [34130 bytes] ##########
 



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:22 PM

Posted 22 May 2015 - 02:16 AM

 

# Option : Scan

 

 

After the scan has finished, click on the Clean button.

 

Please follow my instructions.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 LimeGreene

LimeGreene
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 22 May 2015 - 10:36 AM

AdwCleaner after clean function:

 

# AdwCleaner v4.204 - Logfile created 22/05/2015 at 05:30:41
# Updated 12/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Don jar - ALSTATION
# Running from : F:\adwcleaner_4.204.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Don jar\AppData\LocalLow\SmartWeb
File Deleted : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Deleted : C:\Users\DONJAR~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\WINDOWS\System32\drivers\SPPD.sys

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashBeat
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:63868;hxxps=127.0.0.1:63868
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v43.0.2357.65


*************************

AdwCleaner[R0].txt - [29124 bytes] - [20/05/2015 04:01:41]
AdwCleaner[R1].txt - [29184 bytes] - [20/05/2015 06:06:04]
AdwCleaner[R2].txt - [29068 bytes] - [21/05/2015 02:27:16]
AdwCleaner[R3].txt - [34558 bytes] - [22/05/2015 01:15:16]
AdwCleaner[R4].txt - [2668 bytes] - [22/05/2015 05:26:24]
AdwCleaner[S0].txt - [31954 bytes] - [22/05/2015 01:23:30]
AdwCleaner[S1].txt - [1901 bytes] - [22/05/2015 05:30:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1960  bytes] ##########
 



#11 LimeGreene

LimeGreene
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 22 May 2015 - 10:37 AM

Malware Bytes Scan Log: Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/22/2015
Scan Time: 1:53:20 AM
Logfile: mbamscan5-22.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.21.04
Rootkit Database: v2015.05.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Don jar

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 430408
Time Elapsed: 1 hr, 13 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.MultiPlug.A, C:\Users\Don jar\AppData\Roaming\12796BCE-1429872125-9D39-F953-74FFC26B80C5\nst30A8.tmp, 2368, Delete-on-Reboot, [b197b4e26f1bfb3bca560e6051b45fa1]
PUP.Optional.MultiPlug.A, C:\Users\Don jar\AppData\Roaming\12796BCE-1429872125-9D39-F953-74FFC26B80C5\jnsy4005.tmp, 1404, Delete-on-Reboot, [b197b4e26f1bfb3bca560e6051b45fa1]

Modules: 0
(No malicious items detected)

Registry Keys: 85
PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, Quarantined, [e068f0a65931c5715cbcb90751b008f8],
PUP.Optional.PullUpdate.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\OdIPsAncsa, Quarantined, [82c642543258a88e7a3f95ccdc2ab24e],
PUP.Optional.ConsumerInput.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [8abe2f673456eb4b3d2398c736cd5ca4],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, Quarantined, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xoxobify, Quarantined, [b197b4e26f1bfb3bca560e6051b45fa1],
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mojufili, Quarantined, [b197b4e26f1bfb3bca560e6051b45fa1],
PUP.Optional.Flashbeat.A, HKLM\SOFTWARE\Flashbeat, Quarantined, [dd6b1383f3971224c7b96d7aa65dc43c],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine, Quarantined, [b098098d35559d99f168ebf4b64dbe42],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine.1.0, Quarantined, [e26634620b7f77bf2237ac339a69d729],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [ad9b5046cac0f93d49e8be6d758f33cd],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [c3853660fd8d023433fedb50df25768a],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [71d78b0bf892ed491819c4675fa5758b],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [4503e3b3aae067cfb879ff2ce0241ce4],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [cb7d593d6525c76fac854dde4fb5c43c],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [5eeaa2f42268270fab861d0e778d9967],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [c28691051179db5bce631b10da2ab848],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [c187484e79118fa7f73ab07bb64e28d8],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [e167573fb9d1b77f59d80724d43009f7],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [4bfd2f67cdbdf4427cb550dba55f9c64],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [8abe1680ff8bd660a190e843917306fa],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [7fc916803555d5610f22c6653ec62dd3],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [b098fc9a7e0c4ee87cb5e447b054ce32],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [b296a0f6503a75c160d153d8679da65a],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [5eeaa6f0305a76c0cb6654d7788cd22e],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [85c3c7cf7f0b1c1a8aa7f13a966e48b8],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [84c4e0b6f496fc3a65cc3fec59abb64a],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [98b0ecaa7713b2842e0351da46be3ec2],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [e7615b3bb8d23cfa5bd6270427dd1ce4],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [a6a25640a3e7af870e23f03bcf3536ca],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [4305fa9ce8a20d29ff323deecc38ab55],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [0246791da2e8c86eb9780f1c29db43bd],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [ed5b2f67cdbd1c1a022f0427c242f808],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [064264323d4d0036e64b111a5fa5ed13],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\APPID\ConsumerInputUpdate.exe, Quarantined, [f2567f1772180f27db7c8b5446bdcf31],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\ConsumerInputUpdate.exe, Quarantined, [f5536630543638fec69119c6c93a02fe],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [5cec4f477911e650f229acb69471e020],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [4107f1a5acde01358e8cce9485808080],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\ConsumerInput, Quarantined, [3b0d9ef8cdbd72c47d400fcca360a55b],
PUP.Optional.Flashbeat.A, HKLM\SOFTWARE\WOW6432NODE\Flashbeat, Quarantined, [093f8d09771392a43f415e8958ab3ac6],
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\GAMESDESKTOP, Quarantined, [63e52076cbbfd16527826a85748f39c7],
PUP.Optional.GigaClicks.C, HKLM\SOFTWARE\WOW6432NODE\GigaClicks, Quarantined, [8dbbbbdb7f0b1d19cd8511cc3ac9f50b],
PUP.Optional.Infonaut.A, HKLM\SOFTWARE\WOW6432NODE\Infonaut_1.10.0.14, Quarantined, [ac9c890df298ef476666da0214efad53],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [7ecac5d16e1cc472635cce0d24dff010],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine, Quarantined, [0e3a573f286250e64613c51a0ef59070],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInput.OneClickProcessLauncherMachine.1.0, Quarantined, [192f0c8a6c1eff3739204a953bc8c13f],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [f7510d89b2d87bbbc36ee94213f146ba],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [40080b8bd8b223135fd2ee3deb197d83],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [b692deb8f3972610ca677bb0887c0ef2],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [a3a5a7efafdba0965ed38aa1a36152ae],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [81c7d8bed5b5bd79270a2704a36160a0],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [ec5cf79f068481b5d55cdd4ee024ee12],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [291fc4d23456c571d160151661a3dc24],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [4afe2d698208ea4c9b9670bbbe4639c7],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [f454821498f213235cd5b9724cb808f8],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [0840d2c4d8b21b1be44d8aa10df7ef11],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [d276c0d6068444f277bab378e22258a8],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [8dbb7b1b6a20191dc0719f8c4fb5ac54],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [c385a7efd6b4e94de1505bd062a20bf5],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [3a0e7c1a256556e07cb5022947bd37c9],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [a7a12373a3e7c96d87aac66556aef20e],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [4bfd0a8cddad0234260bb576cf351fe1],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [2721b6e0d3b74ee886ab6ac115efbd43],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [a8a0f2a421692a0ce54c56d555afb947],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [5cecf2a4a7e33cfafc3542e91fe5d828],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [aa9e9105b6d4d36334fda6859173d62a],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [d37530668cfecd69b27f101b2ed6a25e],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [93b5e7af0783da5c32ff5dceb450e917],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [26226d292a6056e0b978d754818329d7],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [a8a0f99d27633402c66b1d0e33d1c13f],
PUP.Optional.ConsumerInput.C, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\ConsumerInputUpdate.exe, Quarantined, [0840286e5f2b0b2bcc8b469957ac738d],
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\gmsd_us_608_is1, Quarantined, [d17796007119fa3ce6309060ec17ff01],
PUP.Optional.VoPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, Quarantined, [74d45e3839511026d8482c4123e217e9],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [b59341556a207abc853d2ddd927248b8],
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, Quarantined, [2f197c1afd8d3ef8014383e739cc817f],
PUP.Optional.PathMaxx.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util PathMaxx, Quarantined, [92b6a0f60c7e13230a617961f40f1be5],
PUP.Optional.Vitruvian.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\INSVC_1.10.0.13, Quarantined, [72d6276f3654ab8b54b6fb78d33244bc],
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, Quarantined, [ea5e36601b6f1a1c00d95fa561a36c94],
PUP.Optional.Coupoon.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UPDATECHECK, Quarantined, [c5837f174644ea4ccb18e19131d4c53b],
PUP.Optional.Coupoon.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\coupoon, Quarantined, [69dfdfb74a40e6504b9d115c867f3ec2],
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [a0a884124f3bfd39eb70df920bfa1de3],
PUP.Optional.Conduit.A, HKU\S-1-5-21-3014910660-1131023439-13105803-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3AF89E67-E2A8-4CA4-BEB6-FCB21AC896A3}, Quarantined, [76d2890da2e840f6692aefef8f74f60a],
PUP.Optional.Conduit.A, HKU\S-1-5-21-3014910660-1131023439-13105803-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A19A3D5-DEBA-4C7F-AB9C-70182814A2A7}, Quarantined, [21273d59ff8b0e28f0a37c621ae9669a],
PUP.Optional.ConsumerInput.C, HKU\S-1-5-21-3014910660-1131023439-13105803-1004\SOFTWARE\ConsumerInput, Quarantined, [1d2becaafe8c2d09a15c0bd26e95b34d],
PUP.Optional.ProPCCleaner.A, HKU\S-1-5-21-3014910660-1131023439-13105803-1004\SOFTWARE\ProPCCleanerLanguage, Quarantined, [bf89b9dd256558de01c49dd59075936d],
PUP.Optional.Trovi.C, HKU\S-1-5-21-3014910660-1131023439-13105803-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [da6eebab51396dc9419d0b67a164a858],

Registry Values: 17
PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, Quarantined, [0d3ba7ef72189d99e7d2d3083ac915eb]
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_us_598, Quarantined, [fc4ceea8d0ba5adcf227d02029da39c7],
PUP.Optional.SmartWeb.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SmartWeb, C:\Users\Don jar\AppData\Local\SmartWeb\SmartWebHelper.exe, Quarantined, [69df742295f50333dfc4b63b5ba8bb45]
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_us_608, "C:\Program Files (x86)\gmsd_us_608\gmsd_us_608.exe", Quarantined, [e563f2a46426c373de3b13dd35ce758b]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, Quarantined, [b59341556a207abc853d2ddd927248b8]
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, DBE800DB-EF4A-4C2B-9522-991BAA585CD3, Quarantined, [2f197c1afd8d3ef8014383e739cc817f]
PUP.Optional.Vitruvian.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\insvc_1.10.0.13|ImagePath, "C:\Program Files (x86)\Infonaut_1.10.0.13\Service\insvc.exe", Quarantined, [72d6276f3654ab8b54b6fb78d33244bc]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\mojufili|ImagePath, C:\Users\Don jar\AppData\Roaming\12796BCE-1429872125-9D39-F953-74FFC26B80C5\jnsy4005.tmp, Quarantined, [9eaa890da2e82e084066412ba065f709]
PUP.Optional.MultiPlug.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xoxobify|ImagePath, C:\Users\Don jar\AppData\Roaming\12796BCE-1429872125-9D39-F953-74FFC26B80C5\nst30A8.tmp, Quarantined, [9eaa1f77b0da75c1e6bf1953b35236ca]
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\WINDOWS\system32\drivers\SPPD.sys, Quarantined, [ea5e36601b6f1a1c00d95fa561a36c94]
PUP.Optional.Coupoon.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\UPDATECHECK|ImagePath, C:\Program Files (x86)\Coupoon\UpdateCheck.exe run , Quarantined, [c5837f174644ea4ccb18e19131d4c53b]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3014910660-1131023439-13105803-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3AF89E67-E2A8-4CA4-BEB6-FCB21AC896A3}|URL, http://search.conduit.com/Results.aspx?ctid=CT3300032&SearchSource=45&q={searchTerms}, Quarantined, [76d2890da2e840f6692aefef8f74f60a]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3014910660-1131023439-13105803-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A19A3D5-DEBA-4C7F-AB9C-70182814A2A7}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN39809364871265927&UM=2&SSPV=TB_C3, Quarantined, [21273d59ff8b0e28f0a37c621ae9669a]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3014910660-1131023439-13105803-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6A19A3D5-DEBA-4C7F-AB9C-70182814A2A7}|FaviconURL, http://search.conduit.com/favicon.ico, Quarantined, [d8705c3abad080b6c0d3d60847bc52ae]
PUP.Optional.Trovi.A, HKU\S-1-5-21-3014910660-1131023439-13105803-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, http://www.trovi.com/Results.aspx?gd=&ctid=CT3326306&octid=EB_ORIGINAL_CTID&ISID=M9312B3A3-89EA-4E98-BC5E-AD61B7054055&SearchSource=58&CUI=&UM=8&UP=SPFAF02F01-1D15-4EF8-9DA9-FFBD953596F5&q={searchTerms}&D=031215&SSPV=SP22340TB_sp_ie, Quarantined, [f4549bfbd2b880b62ca3c0aca362f30d]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3014910660-1131023439-13105803-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, Quarantined, [1c2cebabf496122473fd7a63fa099769]
PUP.Optional.Trovi.A, HKU\S-1-5-21-3014910660-1131023439-13105803-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi, Quarantined, [f157f0a6ec9e31053d92d09c0afbbb45]

Registry Data: 3
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll C:\ProgramData\FlashBeat\FlashBeat64.dll , Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll),Replaced,[64e4078f5a308ea8d741388817ea09f7]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll C:\ProgramData\FlashBeat\FlashBeat32.dll , Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll),Replaced,[96b28214c1c9aa8cc355447caf529d63]
PUP.Optional.Trovi.A, HKU\S-1-5-21-3014910660-1131023439-13105803-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M658D866C-1AA4-46DC-AC79-FA61981518E6&SearchSource=55&CUI=&UM=8&UP=SP52452AB7-B7ED-4C25-9701-084B8FACC3D0&D=052115&SSPV=SP22340TB_sp_ie, Good: (www.google.com), Bad: (http://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M658D866C-1AA4-46DC-AC79-FA61981518E6&SearchSource=55&CUI=&UM=8&UP=SP52452AB7-B7ED-4C25-9701-084B8FACC3D0&D=052115&SSPV=SP22340TB_sp_ie),Replaced,[e6624f477e0c86b0175b1b00e81ef907]

Folders: 46
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar, Quarantined, [b98f0492701a0d29d81f7c6016ede21e],
PUP.Optional.ConsumerInput.C, C:\Users\Don jar\AppData\Roaming\Compete\Consumer Input, Quarantined, [7ccc31654d3d9b9b1ae6528ccb38ec14],
PUP.Optional.ConsumerInput.C, C:\Users\Don jar\AppData\Roaming\Compete, Quarantined, [7ccc31654d3d9b9b1ae6528ccb38ec14],
PUP.Optional.SmartWeb.A, C:\Users\Don jar\AppData\Local\SmartWeb, Delete-on-Reboot, [d474286e21695dd9eedc0ed024df58a8],
PUP.Optional.SweetIM.C, C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}, Quarantined, [202899fd6723290dcbe534ac5fa4a15f],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, Quarantined, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, Quarantined, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.MultiPlug.A, C:\Users\Don jar\AppData\Roaming\12796BCE-1429872125-9D39-F953-74FFC26B80C5, Delete-on-Reboot, [b197b4e26f1bfb3bca560e6051b45fa1],
PUP.Optional.MultiPlug.A, C:\Users\Don jar\AppData\Roaming\12796BCE-1431070224-9D39-F953-74FFC26B80C5, Quarantined, [7bcd9df9bfcb40f6e9370e6085807e82],
PUP.Optional.ProPCCleaner.A, C:\Windows\Installer\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}, Quarantined, [57f17e1854362d0928eb4d2882832bd5],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\SearchProtect, Delete-on-Reboot, [4afe870f127842f43a6dbffaa55e7a86],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\SearchProtect\SearchProtect, Delete-on-Reboot, [4afe870f127842f43a6dbffaa55e7a86],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\SearchProtect\SearchProtect\rep, Delete-on-Reboot, [4afe870f127842f43a6dbffaa55e7a86],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\SearchProtect\SearchProtect\STG, Quarantined, [4afe870f127842f43a6dbffaa55e7a86],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\SearchProtect\UI, Delete-on-Reboot, [4afe870f127842f43a6dbffaa55e7a86],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\SearchProtect\UI\rep, Delete-on-Reboot, [4afe870f127842f43a6dbffaa55e7a86],
PUP.Optional.GamesDesktop.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP, Quarantined, [80c80a8ceb9f87af69264389ba49cd33],
PUP.Optional.GamesDesktop.A, C:\Users\Don jar\AppData\Local\gmsd_us_608, Delete-on-Reboot, [f6521581e8a2b87e4b45b8147d86b24e],
PUP.Optional.GamesDesktop.A, C:\Users\Don jar\AppData\Local\gmsd_us_608\gmsd_us_608, Quarantined, [f6521581e8a2b87e4b45b8147d86b24e],
PUP.Optional.GamesDesktop.A, C:\Users\Don jar\AppData\Local\gmsd_us_608\gmsd_us_608\1.20, Quarantined, [f6521581e8a2b87e4b45b8147d86b24e],
PUP.Optional.GamesDesktop.A, C:\Program Files (x86)\gmsd_us_608, Delete-on-Reboot, [f058d5c14d3dcb6b474a88445aa927d9],
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat, Delete-on-Reboot, [6ddb0f87424834024106a82c0201c739],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\avabvcxvyx, Quarantined, [de6a3660f19972c4694410c457ac22de],
PUP.Optional.Trovi.A, C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_www.trovi.com_0.indexeddb.leveldb, Quarantined, [ac9c0c8a89016fc7b695c412877c7c84],
PUP.Optional.Trovi.A, C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\databases\http_www.trovi.com_0, Quarantined, [36124d49a6e46ec8e2ab6373669d4ab6],
PUP.Optional.ProPCCleaner.A, C:\Users\Don jar\AppData\Local\Pro_PC_Cleaner, Quarantined, [1c2c81150f7b70c613b1944511f2a25e],
PUP.Optional.ProPCCleaner.A, C:\Users\Don jar\AppData\Local\Pro_PC_Cleaner\ProPCCleaner.exe_Url_twd2ze3eaqaiwzlxig5riiby3fd4fyue, Quarantined, [1c2c81150f7b70c613b1944511f2a25e],
PUP.Optional.ProPCCleaner.A, C:\Users\Don jar\AppData\Local\Pro_PC_Cleaner\ProPCCleaner.exe_Url_twd2ze3eaqaiwzlxig5riiby3fd4fyue\2.5.5.0, Quarantined, [1c2c81150f7b70c613b1944511f2a25e],
PUP.Optional.PullUpdate.A, C:\ProgramData\GKQhOcYPh\dat, Quarantined, [c8802472a5e5c47236f141227096619f],
PUP.Optional.PullUpdate.A, C:\ProgramData\GKQhOcYPh, Quarantined, [c8802472a5e5c47236f141227096619f],

Files: 220
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Delete-on-Reboot, [e068f0a65931c5715cbcb90751b008f8],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Delete-on-Reboot, [96b24d49d5b5e0561efa14ac10f11ae6],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Delete-on-Reboot, [c0887422d3b76fc7e8307947eb16de22],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll, Delete-on-Reboot, [64e4078f5a308ea8d741388817ea09f7],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll, Delete-on-Reboot, [96b28214c1c9aa8cc355447caf529d63],
PUP.Optional.PullUpdate.A, C:\ProgramData\GKQhOcYPh\OdIPsAncsa.exe, Quarantined, [82c642543258a88e7a3f95ccdc2ab24e],
PUP.Optional.JellySplit.Gen, C:\ProgramData\634af84c257e446593c8317e01716daf\634af84c257e446593c8317e01716daf.exe, Quarantined, [ad9b6b2b0b7f37ff54952c1232d0ed13],
PUP.Optional.JellySplit.Gen.A, C:\ProgramData\841a6e9fc7334b5aa886ffd57efc6604\841a6e9fc7334b5aa886ffd57efc6604.exe, Quarantined, [a99febabeaa0da5c2cc8cf6a9f639a66],
PUP.Optional.PullUpdate.A, C:\ProgramData\GKQhOcYPh\IEClearCache.exe, Quarantined, [32161b7bc8c2c96dd6e3fa676d99fc04],
PUP.Optional.PullUpdate.A, C:\ProgramData\GKQhOcYPh\dat\mRsWcCxnQ.exe, Quarantined, [4bfdaaec157539fdc8f13f22ee1834cc],
PUP.Optional.PullUpdate.A, C:\ProgramData\GKQhOcYPh\dat\SaCfcZBe.dll, Quarantined, [8dbbf4a26129c07681382c3514f2748c],
PUP.Optional.ZombieInvasion.A, C:\ProgramData\GKQhOcYPh\dat\sKtkLte.dll, Quarantined, [d8700096b1d92313627929e5010525db],
PUP.Optional.PullUpdate.A, C:\ProgramData\GKQhOcYPh\dat\yrbzxsgq.exe, Quarantined, [03457422cbbfe84e0dac7ae79f676898],
PUP.Optional.CrossRider.A, C:\Users\Don jar\AppData\Roaming\cLlbOgky8LYQzi.exe, Quarantined, [e365eea8b7d35bdba380b896a35f8977],
PUP.Optional.CrossRider.A, C:\Users\Don jar\AppData\Roaming\seajybw.exe, Quarantined, [62e635617a10a29442e175d9ff03d729],
PUP.Optional.CrossRider.A, C:\Users\Don jar\AppData\Roaming\Ws2tp6KnecTD1Z6kFk5NXwNTI0t.exe, Quarantined, [96b20591a3e78aac0b186be3d929728e],
PUP.Optional.CrossRider.A, C:\Users\Don jar\AppData\Roaming\YRORXaf.exe, Quarantined, [f256c4d25832d5618c97193536cc9f61],
PUP.Optional.EORezo, C:\Program Files (x86)\gmsd_us_608\gamesdesktop_widget.exe, Quarantined, [0840cdc921699e98df75ec75e026639d],
PUP.Optional.Tuto4PC.A, C:\Program Files (x86)\gmsd_us_608\gmsd_us_608.exe, Delete-on-Reboot, [9dab1185107a52e477cd421f13f3a15f],
PUP.Optional.Tuto4PC.A, C:\Program Files (x86)\gmsd_us_608\predm.exe, Quarantined, [a0a8c2d49ded5bdb4df74b169f67ea16],
PUP.Optional.EORezo, C:\Program Files (x86)\gmsd_us_608\unins000.exe, Quarantined, [8abe4f47682283b3d183ec7510f65ea2],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\c33670e1-3a38-4032-8ad8-68dcc99ef6cd\9147ca77-030e-480c-a9d6-77105b00bc27.dll, Quarantined, [7eca3066890138fe9a240d54c83edf21],
PUP.Optional.Crossbrowse.C, C:\$Recycle.Bin\S-1-5-21-3014910660-1131023439-13105803-1004\$R26EHIH.dll, Quarantined, [f85081152c5e3df924aece9208fee61a],
PUP.Optional.Crossbrowse.C, C:\$Recycle.Bin\S-1-5-21-3014910660-1131023439-13105803-1004\$RWRMXC2.exe, Quarantined, [f157ebab8505d561409271ef8c7a7090],
PUP.Optional.Crossbrowse.C, C:\$Recycle.Bin\S-1-5-21-3014910660-1131023439-13105803-1004\$RZ8VKS2.exe, Quarantined, [79cfa6f03456ca6cf0e2a1bffb0bd12f],
PUP.Optional.CrossBrowse, C:\$Recycle.Bin\S-1-5-21-3014910660-1131023439-13105803-1004\$RPWMAG1.exe, Quarantined, [2f19613504860234d801c69059a91ee2],
PUP.Optional.ProPCCleaner.A, C:\$Recycle.Bin\S-1-5-21-3014910660-1131023439-13105803-1004\$R7MFHOZ\ProPCCleaner.exe, Quarantined, [0444fa9cbccec5719c9e2037e022b34d],
PUP.Optional.Crossbrowse.C, C:\$Recycle.Bin\S-1-5-21-3014910660-1131023439-13105803-1004\$RDIF9G3\chrmstp.exe, Quarantined, [044493032a606ec8f7146df434d28f71],
PUP.Optional.Crossbrowse.C, C:\$Recycle.Bin\S-1-5-21-3014910660-1131023439-13105803-1004\$RDIF9G3\setup.exe, Quarantined, [dd6b6630bdcd3afc73982b3662a4b54b],
PUP.Optional.OfferInstaller.C, C:\Users\Don jar\AppData\Local\Temp\mVO85EC.exe, Quarantined, [fb4defa7a5e50e283e2ee459aa5853ad],
PUP.Optional.Compete, C:\Users\Don jar\AppData\Local\Temp\nsj33F6.tmp, Quarantined, [0048e7af91f9e4527b54402147bfc53b],
PUP.Optional.Imali.SID.A, C:\Users\Don jar\AppData\Local\Temp\nsk75E2.tmp, Quarantined, [a7a1f89e434774c235f74d140501c23e],
PUP.Optional.CrossBrowse, C:\Users\Don jar\AppData\Local\Temp\32.exe, Quarantined, [b296177fee9c063033a64b0b6d95af51],
PUP.Optional.Infonaut.A, C:\Users\Don jar\AppData\Local\Temp\is-0AO8G.tmp\infonaut.exe, Quarantined, [60e8e7af2f5b7db9e43ac49d53b3ab55],
PUP.Optional.Tuto4PC.A, C:\Users\Don jar\AppData\Local\Temp\is-75I3T.tmp\TUTOBUN.exe, Quarantined, [3d0ba0f642482c0a1f25164b52b40af6],
PUP.Optional.Tuto4PC.A, C:\Users\Don jar\AppData\Local\Temp\is-FE6ID.tmp\gentlemjmp_ieeuu.exe, Quarantined, [95b3fd99701a3df96ada154cc73fd62a],
PUP.Optional.Conduit.A, C:\Users\Don jar\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\Extracted\adv_35.exe, Quarantined, [d96f4b4b1f6bda5c64c5c190df22fb05],
PUP.Optional.HDPlayer, C:\Users\Don jar\Downloads\Setup (2).exe, Quarantined, [ed5bb0e6f793b185be710646da2833cd],
PUP.Optional.HDPlayer, C:\Users\Don jar\Downloads\Setup (3).exe, Quarantined, [9eaaabeb93f771c5e34c8ac2ff039c64],
PUP.Optional.InstallCore.SID.C, C:\Users\Don jar\Downloads\Unconfirmed 158008.torchdownload, Quarantined, [f553c9cddcaed561634c5110b84eb54b],
PUP.Optional.InstallCore.SID.C, C:\Users\Don jar\Downloads\Unconfirmed 206211.crdownload, Quarantined, [bf897a1c7d0ddf57357a4a17679fe51b],
PUP.Optional.InstallCore.SID.C, C:\Users\Don jar\Downloads\Unconfirmed 349292.crdownload, Quarantined, [53f5484e4446b77f2788c79aa3637a86],
PUP.Optional.InstallCore.SID.C, C:\Users\Don jar\Downloads\Unconfirmed 393537.crdownload, Quarantined, [f4544056444666d05b549ec30ef8e31d],
PUP.Optional.InstallCore.SID.C, C:\Users\Don jar\Downloads\Unconfirmed 424317.crdownload, Quarantined, [8eba405669215dd96a45d78ac145837d],
PUP.Optional.InstallCore.SID.C, C:\Users\Don jar\Downloads\Unconfirmed 617955.crdownload, Quarantined, [f94f6f27d3b7ff379c13b4ad20e6a15f],
PUP.Optional.InstallCore.SID.C, C:\Users\Don jar\Downloads\Unconfirmed 662737.torchdownload, Quarantined, [5fe9f89e602a9c9a3976ff6232d46898],
PUP.Optional.InstallCore.SID.C, C:\Users\Don jar\Downloads\Unconfirmed 865478.crdownload, Quarantined, [e5630a8cf595da5ce4cbcb96d0363bc5],
PUP.Optional.InstallCore.SID.C, C:\Users\Don jar\Downloads\Unconfirmed 598689.crdownload, Quarantined, [e3659df90a8048eeeec172eff90d916f],
PUP.Optional.SearchProtect, C:\Users\Don jar\AppData\Local\avabvcxvyx\avabvcxvyx.exe, Quarantined, [01479ff7345689ad3d86cf4fc9398977],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\avabvcxvyx\pbqrmvbub, Quarantined, [94b442549af03afcfc1cc3fd4db420e0],
PUP.Optional.Tuto4PC.A, C:\Users\Don jar\AppData\Local\gmsd_us_608\upgmsd_us_608.exe, Delete-on-Reboot, [22262d698efca5910c38263b3dc9718f],
PUP.Optional.SpeedBit, C:\Users\Don jar\AppData\Local\Installer\Install_10519\DCytdkietut_tutdk_setup.exe, Quarantined, [1236e7afb3d7e94dfa2e3619788a03fd],
PUP.Optional.SpeedBit, C:\Users\Don jar\AppData\Local\Installer\Install_14285\DCytdkietut_tutdk_setup.exe, Quarantined, [13359df9adddee48a28654fb53af9c64],
PUP.Optional.SpeedBit, C:\Users\Don jar\AppData\Local\Installer\Install_1437\DCSetup_15556.exe, Quarantined, [8cbcd0c694f6cd6947e1aaa532d06799],
PUP.Optional.SpeedBit, C:\Users\Don jar\AppData\Local\Installer\Install_16470\DCSetup_15556.exe, Quarantined, [fa4ec1d5f991201672b67ad52bd713ed],
PUP.Optional.SmartWeb.A, C:\Users\Don jar\AppData\Local\SmartWeb\SmartWebApp.exe, Delete-on-Reboot, [96b2653101892e080cf6e81cfa082fd1],
PUP.Optional.SmartWeb.A, C:\Users\Don jar\AppData\Local\SmartWeb\SmartWebHelper.exe, Delete-on-Reboot, [4dfbaee8d5b5ae8862a056aecd3552ae],
PUP.Optional.SmartWeb.A, C:\Users\Don jar\AppData\Local\SmartWeb\swhk.dll, Delete-on-Reboot, [4afed7bfe5a58babb74bb64ed42e47b9],
PUP.Optional.SmartWeb.A, C:\Users\Don jar\AppData\Local\SmartWeb\__u.exe, Quarantined, [60e8870fc7c38da9857d59ab0af830d0],
PUP.Optional.SearchProtect.A, C:\Windows\apppatch\apppatch64\VCLdr64.dll, Delete-on-Reboot, [38101a7c8dfd9c9a1ff95d63e61bfb05],
PUP.Optional.SearchProtect.A, C:\Windows\apppatch\nbin\VC32Loader.dll, Delete-on-Reboot, [93b5b7df7d0da69026f2615f10f16f91],
PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar\wb.log, Quarantined, [b98f0492701a0d29d81f7c6016ede21e],
PUP.Optional.Goobzo.A, C:\Windows\System32\Tasks\Inst_Rep, Quarantined, [f94ffb9b46448ea8a717ba23f310fa06],
PUP.Optional.Goobzo.A, C:\Windows\System32\Tasks\Installer_shopperpro, Quarantined, [3b0da1f55a3094a2d5ebedf0d42fb24e],
PUP.Optional.GeForce.A, C:\Windows\System32\Tasks\Installer_geforce, Quarantined, [6fd99cfa5e2c4aece2e0dc017390a957],
PUP.Optional.ConsumerInput.C, C:\Users\Don jar\AppData\Roaming\Compete\Consumer Input\DCA_config_spruce000.dat, Quarantined, [7ccc31654d3d9b9b1ae6528ccb38ec14],
PUP.Optional.ConsumerInput.C, C:\Users\Don jar\AppData\Roaming\Compete\Consumer Input\DCA_externalJS_diagnostic_spruce000.dat, Quarantined, [7ccc31654d3d9b9b1ae6528ccb38ec14],
PUP.Optional.ConsumerInput.C, C:\Users\Don jar\AppData\Roaming\Compete\Consumer Input\DCA_externalJS_serp_spruce000.dat, Quarantined, [7ccc31654d3d9b9b1ae6528ccb38ec14],
PUP.Optional.ConsumerInput.C, C:\Users\Don jar\AppData\Roaming\Compete\Consumer Input\DCA_externalJS_shoppingcart_spruce000.dat, Quarantined, [7ccc31654d3d9b9b1ae6528ccb38ec14],
PUP.Optional.ConsumerInput.C, C:\Users\Don jar\AppData\Roaming\Compete\Consumer Input\DCA_externalJS_spruce000.dat, Quarantined, [7ccc31654d3d9b9b1ae6528ccb38ec14],
PUP.Optional.ConsumerInput.C, C:\Users\Don jar\AppData\Roaming\Compete\Consumer Input\DCA_notification_spruce000.dat, Quarantined, [7ccc31654d3d9b9b1ae6528ccb38ec14],
PUP.Optional.ConsumerInput.C, C:\Users\Don jar\AppData\Roaming\Compete\Consumer Input\DCA_privacy_spruce000.dat, Quarantined, [7ccc31654d3d9b9b1ae6528ccb38ec14],
PUP.Optional.ConsumerInput.C, C:\Users\Don jar\AppData\Roaming\Compete\Consumer Input\DCA_voicebox_rules_spruce000.dat, Quarantined, [7ccc31654d3d9b9b1ae6528ccb38ec14],
PUP.Optional.ConsumerInput.C, C:\Users\Don jar\AppData\Roaming\Compete\Consumer Input\DCA_whitelist_spruce000.dat, Quarantined, [7ccc31654d3d9b9b1ae6528ccb38ec14],
PUP.Optional.SmartWeb.A, C:\Users\Don jar\AppData\Local\SmartWeb\uninst.lnk, Quarantined, [d474286e21695dd9eedc0ed024df58a8],
PUP.Optional.SweetIM.C, C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx, Quarantined, [202899fd6723290dcbe534ac5fa4a15f],
PUP.Optional.SearchProtect.A, C:\Windows\System32\Tasks\avabvcxvyx, Quarantined, [5deb72241f6b4fe746d203e23dc6a45c],
PUP.Optional.SelectionTools.A, C:\Windows\System32\Tasks\Selection Tools Update, Quarantined, [74d401951c6ea98d9b9232bbae5556aa],
PUP.Optional.SmartWeb.A, C:\Users\Don jar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk, Quarantined, [2226732382080333fea42cc51fe4659b],
PUP.Optional.SmartWeb.A, C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task, Quarantined, [8dbb435327639b9b8f1617da3ac950b0],
PUP.Optional.Nosibay.A, C:\Windows\System32\Tasks\WindApp Update, Quarantined, [1a2e5b3b098130062f778f71f60eb64a],
PUP.Optional.SelectNGo.A, C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Quarantined, [ba8e5244365425114377be534fb5fc04],
PUP.Optional.SelectNGo.A, C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Quarantined, [68e032646d1dbd797842f31e39cbdb25],
Trojan.Downloader, C:\Users\Don jar\AppData\Local\Temp\32.exe, Quarantined, [53f5b3e34248ca6c98f6e89846bebf41],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, Quarantined, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\cfi.bin, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\edk.bin, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\pni.bin, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\trn.bin, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32.dll, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64.dll, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\DialogAPI.js, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, Delete-on-Reboot, [b197781e7911c17573f21e2bae57e31d],
PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Delete-on-Reboot, [f2563a5c0288af8747d7cc96cb3a44bc],
PUP.Optional.Vitruvian.A, C:\Users\Don jar\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, Quarantined, [b296f2a44f3b87af24eede89ee17c937],
PUP.Optional.Vitruvian.A, C:\Users\Don jar\AppData\Local\Temp\vitruvian-installer-install-v0003, Quarantined, [48007b1b0a8054e2ee24a2c5818444bc],
PUP.Optional.Vitruvian.A, C:\Users\Don jar\AppData\Local\Temp\vitruvian-installer-processes-v0002, Quarantined, [36129df98604c274908285e2d2334eb2],
PUP.Optional.Vitruvian.A, C:\Users\Don jar\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, Quarantined, [e4648f07800a66d00909bcab23e2f50b],
PUP.Optional.ConsumerInput.A, C:\Windows\Tasks\CIMT_daily_S-1-5-21-3014910660-1131023439-13105803-1004.job, Quarantined, [d672494d0981ab8b2fe26306ba4b33cd],
PUP.Optional.ConsumerInput.A, C:\Windows\System32\Tasks\CIMT_daily_S-1-5-21-3014910660-1131023439-13105803-1004, Quarantined, [3d0bfb9bfa9085b167abec7de32238c8],
PUP.Optional.ConsumerInput.A, C:\Windows\Tasks\CIMT_S-1-5-21-3014910660-1131023439-13105803-1004.job, Quarantined, [4503cbcb4f3bd0661102096015f043bd],
PUP.Optional.ConsumerInput.A, C:\Windows\System32\Tasks\CIMT_S-1-5-21-3014910660-1131023439-13105803-1004, Quarantined, [ea5eddb9c9c1d95d9b79baafc93c7f81],
PUP.Optional.MultiPlug.A, C:\Users\Don jar\AppData\Roaming\12796BCE-1429872125-9D39-F953-74FFC26B80C5\nst30A8.tmp, Delete-on-Reboot, [b197b4e26f1bfb3bca560e6051b45fa1],
PUP.Optional.MultiPlug.A, C:\Users\Don jar\AppData\Roaming\12796BCE-1429872125-9D39-F953-74FFC26B80C5\jnsy4005.tmp, Delete-on-Reboot, [b197b4e26f1bfb3bca560e6051b45fa1],
PUP.Optional.MultiPlug.A, C:\Users\Don jar\AppData\Roaming\12796BCE-1429872125-9D39-F953-74FFC26B80C5\rnsq388F.exe, Quarantined, [b197b4e26f1bfb3bca560e6051b45fa1],
PUP.Optional.MultiPlug.A, C:\Users\Don jar\AppData\Roaming\12796BCE-1429872125-9D39-F953-74FFC26B80C5\Uninstall.exe, Quarantined, [b197b4e26f1bfb3bca560e6051b45fa1],
PUP.Optional.MultiPlug.A, C:\Users\Don jar\AppData\Roaming\12796BCE-1429872125-9D39-F953-74FFC26B80C5\vnsoDA9A.tmp, Quarantined, [b197b4e26f1bfb3bca560e6051b45fa1],
PUP.Optional.MultiPlug.A, C:\Users\Don jar\AppData\Roaming\12796BCE-1431070224-9D39-F953-74FFC26B80C5\nstC502.tmp, Quarantined, [7bcd9df9bfcb40f6e9370e6085807e82],
PUP.Optional.MultiPlug.A, C:\Users\Don jar\AppData\Roaming\12796BCE-1431070224-9D39-F953-74FFC26B80C5\jnsp39C0.tmp, Quarantined, [7bcd9df9bfcb40f6e9370e6085807e82],
PUP.Optional.MultiPlug.A, C:\Users\Don jar\AppData\Roaming\12796BCE-1431070224-9D39-F953-74FFC26B80C5\vnsqFD17.tmp, Quarantined, [7bcd9df9bfcb40f6e9370e6085807e82],
PUP.Optional.ProPCCleaner.A, C:\Windows\System32\Tasks\ProPCCleaner_Popup, Quarantined, [db6d4e482565b97d0cb6a9c9b253946c],
PUP.Optional.ProPCCleaner.A, C:\Windows\System32\Tasks\ProPCCleaner_Start, Quarantined, [85c32d691c6e2c0ad5edc9a97d88b050],
PUP.Optional.SuperOptimizer.A, C:\Users\Don jar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk, Quarantined, [df699006d2b8e6507b4fb6bd3dc89f61],
PUP.Optional.SearchModule.A, C:\Windows\Tasks\SMW_UpdateTask_Time_3731343435333631312d344a414155342a2a236c6c5a.job, Quarantined, [4008a9ed484288ae9f7bf97b4db8ba46],
PUP.Optional.ProPCCleaner.A, C:\Windows\Installer\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}\Pro_PC_Cleaner_Icon.exe, Quarantined, [57f17e1854362d0928eb4d2882832bd5],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, Quarantined, [4afe870f127842f43a6dbffaa55e7a86],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Delete-on-Reboot, [4afe870f127842f43a6dbffaa55e7a86],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, Delete-on-Reboot, [4afe870f127842f43a6dbffaa55e7a86],
PUP.Optional.GamesDesktop.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP\GamesDesktop.lnk, Quarantined, [80c80a8ceb9f87af69264389ba49cd33],
PUP.Optional.GamesDesktop.A, C:\Users\Don jar\AppData\Local\gmsd_us_608\upgmsd_us_608.cyl, Quarantined, [f6521581e8a2b87e4b45b8147d86b24e],
PUP.Optional.GamesDesktop.A, C:\Users\Don jar\AppData\Local\gmsd_us_608\user_profil.cyp, Quarantined, [f6521581e8a2b87e4b45b8147d86b24e],
PUP.Optional.GamesDesktop.A, C:\Users\Don jar\AppData\Local\gmsd_us_608\gmsd_us_608\1.20\cnf.cyl, Quarantined, [f6521581e8a2b87e4b45b8147d86b24e],
PUP.Optional.GamesDesktop.A, C:\Program Files (x86)\gmsd_us_608\unins000.dat, Quarantined, [f058d5c14d3dcb6b474a88445aa927d9],
PUP.Optional.GamesDesktop.A, C:\Program Files (x86)\gmsd_us_608\unins000.msg, Quarantined, [f058d5c14d3dcb6b474a88445aa927d9],
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\FlashBeat.exe, Delete-on-Reboot, [6ddb0f87424834024106a82c0201c739],
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\FlashBeat32.dll, Quarantined, [6ddb0f87424834024106a82c0201c739],
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\FlashBeat64.dll, Quarantined, [6ddb0f87424834024106a82c0201c739],
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\NSISHelper.dll, Quarantined, [6ddb0f87424834024106a82c0201c739],
PUP.Optional.FlashBeat.A, C:\ProgramData\FlashBeat\SoftConfigTest.exe, Quarantined, [6ddb0f87424834024106a82c0201c739],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\avabvcxvyx\bahvxfk, Quarantined, [de6a3660f19972c4694410c457ac22de],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\avabvcxvyx\mkfvxfk, Quarantined, [de6a3660f19972c4694410c457ac22de],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\avabvcxvyx\pvpqbjobmlpfqlovvawq, Quarantined, [de6a3660f19972c4694410c457ac22de],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\avabvcxvyx\qokvxfk, Quarantined, [de6a3660f19972c4694410c457ac22de],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\avabvcxvyx\rfobmlpfqlovvawq, Quarantined, [de6a3660f19972c4694410c457ac22de],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\avabvcxvyx\rpboobmlpfqlovvawq, Quarantined, [de6a3660f19972c4694410c457ac22de],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\avabvcxvyx\stb.dat, Quarantined, [de6a3660f19972c4694410c457ac22de],
PUP.Optional.SearchProtect.A, C:\Users\Don jar\AppData\Local\avabvcxvyx\ycfvxfk, Quarantined, [de6a3660f19972c4694410c457ac22de],
PUP.Optional.Trovi.A, C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_www.trovi.com_0.indexeddb.leveldb\000003.log, Quarantined, [ac9c0c8a89016fc7b695c412877c7c84],
PUP.Optional.Trovi.A, C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_www.trovi.com_0.indexeddb.leveldb\CURRENT, Quarantined, [ac9c0c8a89016fc7b695c412877c7c84],
PUP.Optional.Trovi.A, C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_www.trovi.com_0.indexeddb.leveldb\LOCK, Quarantined, [ac9c0c8a89016fc7b695c412877c7c84],
PUP.Optional.Trovi.A, C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_www.trovi.com_0.indexeddb.leveldb\LOG, Quarantined, [ac9c0c8a89016fc7b695c412877c7c84],
PUP.Optional.Trovi.A, C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_www.trovi.com_0.indexeddb.leveldb\LOG.old, Quarantined, [ac9c0c8a89016fc7b695c412877c7c84],
PUP.Optional.Trovi.A, C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_www.trovi.com_0.indexeddb.leveldb\MANIFEST-000001, Quarantined, [ac9c0c8a89016fc7b695c412877c7c84],
PUP.Optional.Trovi.A, C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\databases\http_www.trovi.com_0\51, Quarantined, [36124d49a6e46ec8e2ab6373669d4ab6],
PUP.Optional.ProPCCleaner.A, C:\Users\Don jar\AppData\Local\Pro_PC_Cleaner\ProPCCleaner.exe_Url_twd2ze3eaqaiwzlxig5riiby3fd4fyue\2.5.5.0\user.config, Quarantined, [1c2c81150f7b70c613b1944511f2a25e],
PUP.Optional.PullUpdate.A, C:\ProgramData\GKQhOcYPh\dat\mRsWcCxnQ.exe.config, Quarantined, [c8802472a5e5c47236f141227096619f],
PUP.Optional.PullUpdate.A, C:\ProgramData\GKQhOcYPh\dat\yrbzxsgq.exe.config, Quarantined, [c8802472a5e5c47236f141227096619f],
PUP.Optional.PullUpdate.A, C:\ProgramData\GKQhOcYPh\info.dat, Quarantined, [c8802472a5e5c47236f141227096619f],
PUP.Optional.PullUpdate.A, C:\ProgramData\GKQhOcYPh\OdIPsAncsa.dat, Quarantined, [c8802472a5e5c47236f141227096619f],
PUP.Optional.PullUpdate.A, C:\ProgramData\GKQhOcYPh\OdIPsAncsa.exe.config, Quarantined, [c8802472a5e5c47236f141227096619f],

Physical Sectors: 0
(No malicious items detected)


(end)



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:22 PM

Posted 22 May 2015 - 10:38 AM

OK. Please proceed with 4.

Edited by deeprybka, 22 May 2015 - 10:38 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 LimeGreene

LimeGreene
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 22 May 2015 - 10:39 AM

FRST Log: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by Don jar (administrator) on ALSTATION on 22-05-2015 05:54:14
Running from F:\
Loaded Profiles: Don jar (Available profiles: Al & Don jar)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ClearCanvas Inc.) C:\Program Files\ClearCanvas\ClearCanvas Workstation\ClearCanvas.Server.ShredHostService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
() C:\Users\Don jar\AppData\Local\Viber\Viber.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(The Chromium Authors) C:\Users\Don jar\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Don jar\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Don jar\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Don jar\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Don jar\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Don jar\AppData\Local\Ninja Loader\Discover\Discover.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(The Chromium Authors) C:\Users\Don jar\AppData\Local\Ninja Loader\Discover\Discover.exe
(The Chromium Authors) C:\Users\Don jar\AppData\Local\Ninja Loader\Discover\Discover.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [GoogleChromeAutoLaunch_2C911586514EF5679BBFB67D4C954E36] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-13] (Google Inc.)
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-07-11] (Google Inc.)
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1553688 2014-02-20] (Comfort Software Group)
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [Viber] => C:\Users\Don jar\AppData\Local\Viber\Viber.exe [936656 2014-10-20] ()
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\Run: [GoogleChromeAutoLaunch_F29C5BB4CE998528148FB4172C4B3AFA] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\...\MountPoints2: {5d6ed02c-ef1f-11e1-be71-806e6f6e6963} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL E:\media/index.htm
AppInit_DLLs: C:\ProgramData\FlashBeat\FlashBeat64.dll => C:\ProgramData\FlashBeat\FlashBeat64.dll File Not Found
AppInit_DLLs-x32: C:\ProgramData\FlashBeat\FlashBeat32.dll => "C:\ProgramData\FlashBeat\FlashBeat32.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:63868;https=127.0.0.1:63868
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKU\S-1-5-21-3014910660-1131023439-13105803-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKLM-x32 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
URLSearchHook: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Users\Don jar\Desktop\bin\ssv.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Users\Don jar\Desktop\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-04-16] (RealDownloader)
BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Price Check by AOL -> {D25B97E9-62B2-40CE-BECF-E43A7B879072} -> C:\Program Files (x86)\Price Check by AOL\aolpricecheck.dll [2012-09-04] (AOL Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
Toolbar: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> No Name - {00000000-0000-0000-0000-000000000000} -  No File
Toolbar: HKU\S-1-5-21-3014910660-1131023439-13105803-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-01] (Google Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Users\Don jar\Desktop\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Users\Don jar\Desktop\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-07-11]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR Profile: C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-13]
CHR Extension: (Google Docs) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-13]
CHR Extension: (Google Drive) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-24]
CHR Extension: (YouTube) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-13]
CHR Extension: (Google Search) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-13]
CHR Extension: (Google Sheets) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-13]
CHR Extension: (Bookmark Manager) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (RealDownloader) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-05-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-13]
CHR Extension: (kloiceblkijlknknaibcaieiicafajlo) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2015-05-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-13]
CHR Extension: (Google Wallet) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-15]
CHR Extension: (Google Quick Scroll) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2015-05-21]
CHR Extension: (Gmail) - C:\Users\Don jar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3014910660-1131023439-13105803-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\DONJAR~1\AppData\Local\Google\Drive\APDFLL~1.CRX [2013-06-22]
CHR HKU\S-1-5-21-3014910660-1131023439-13105803-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClearCanvas Workstation ShredHost Service; C:\Program Files\ClearCanvas\ClearCanvas Workstation\ClearCanvas.Server.ShredHostService.exe [9216 2013-03-19] (ClearCanvas Inc.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [59496 2015-04-07] (Ninja Soft Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-28] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 corozylo; C:\Users\Don jar\AppData\Roaming\VOPackage\JOSrv.exe [X]
S2 ryqofisu; C:\Users\Don jar\AppData\Roaming\VOPackage\nsoFA91.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-11-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-04-27] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-22] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-10] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-10] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 01:09 - 2015-05-22 05:45 - 00000354 _____ () C:\WINDOWS\Tasks\GPZMERTTIY1.job
2015-05-22 01:09 - 2015-05-22 03:09 - 00000000 ____D () C:\ProgramData\841a6e9fc7334b5aa886ffd57efc6604
2015-05-22 01:09 - 2015-05-22 01:57 - 00003568 _____ () C:\WINDOWS\System32\Tasks\JEQAT
2015-05-22 01:09 - 2015-05-22 01:57 - 00002868 _____ () C:\WINDOWS\System32\Tasks\GPZMERTTIY1
2015-05-22 00:08 - 2015-05-22 00:08 - 00002269 _____ () C:\Users\Public\Desktop\Search.lnk
2015-05-22 00:07 - 2015-05-22 00:07 - 00000000 ____D () C:\Users\Don jar\AppData\Roaming\Microsoft\Windows\Start Menu\Desktop Search
2015-05-22 00:04 - 2015-05-22 00:04 - 00002115 _____ () C:\Users\Don jar\Desktop\Continue GamesDesktop Uninstaller.lnk
2015-05-21 23:56 - 2015-05-21 23:56 - 00002796 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-05-21 16:12 - 2015-05-05 13:59 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-21 16:12 - 2015-05-05 13:59 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-21 15:46 - 2015-04-30 16:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-21 15:46 - 2015-04-30 16:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-21 13:53 - 2015-04-02 20:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-05-21 13:53 - 2015-04-02 20:14 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-05-21 13:53 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-05-21 13:53 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-05-21 13:53 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-05-21 13:53 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-05-21 13:53 - 2015-03-12 22:02 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-05-21 13:53 - 2015-03-12 21:11 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-05-21 13:53 - 2015-03-12 20:39 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-05-21 13:53 - 2015-03-05 22:47 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-05-21 13:52 - 2015-02-17 19:19 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-05-21 13:49 - 2015-04-13 18:48 - 04180480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-05-21 13:49 - 2015-04-09 21:00 - 01996800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-05-21 13:49 - 2015-04-09 20:50 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-05-21 13:49 - 2015-04-09 20:26 - 01560576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-05-21 13:44 - 2015-03-13 00:03 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-05-21 13:44 - 2015-03-13 00:03 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-05-21 13:44 - 2015-03-12 20:29 - 00410017 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-05-21 13:44 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-05-21 13:44 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-05-21 13:44 - 2015-03-05 23:08 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-05-21 13:44 - 2015-03-05 22:43 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-05-21 13:35 - 2015-04-09 20:34 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-05-21 13:35 - 2015-04-09 20:11 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-05-21 13:34 - 2015-03-19 21:56 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-05-21 13:34 - 2015-03-17 13:26 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-05-21 13:34 - 2015-03-08 22:02 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-05-21 13:34 - 2015-03-03 21:32 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-05-21 13:34 - 2015-03-03 21:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-21 13:34 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-05-21 13:34 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-05-21 13:32 - 2015-04-30 19:05 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-05-21 13:32 - 2015-04-30 18:48 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-05-21 05:40 - 2015-03-30 01:47 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-05-21 05:40 - 2015-03-26 23:27 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-05-21 05:40 - 2015-03-26 22:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-05-21 05:40 - 2015-03-26 22:48 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-05-21 05:39 - 2015-04-08 18:55 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-05-21 05:38 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-05-21 05:38 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-05-21 05:38 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-05-21 05:38 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-05-21 05:38 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-05-21 05:38 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-05-21 05:38 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-05-21 05:38 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-05-21 05:38 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-05-21 05:38 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-05-21 05:38 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-05-21 05:38 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-05-21 05:38 - 2015-04-21 12:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-05-21 05:38 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-05-21 05:38 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-05-21 05:38 - 2015-04-21 11:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-05-21 05:38 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-05-21 05:38 - 2015-04-21 11:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-05-21 05:38 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-05-21 05:38 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-05-21 05:38 - 2015-04-21 11:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-05-21 05:38 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-05-21 05:38 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-05-21 05:38 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-05-21 05:38 - 2015-04-21 11:37 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-05-21 05:38 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-05-21 05:38 - 2015-04-21 11:32 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-05-21 05:38 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-05-21 05:38 - 2015-04-21 11:28 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-05-21 05:38 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-05-21 05:38 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-05-21 05:38 - 2015-04-21 11:26 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-05-21 05:38 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-05-21 05:38 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-05-21 05:38 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-05-21 05:38 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-05-21 05:38 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-05-21 05:38 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-05-21 05:38 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-05-21 05:16 - 2015-05-21 05:16 - 00001280 _____ () C:\Users\Don jar\Desktop\Revo Uninstaller.lnk
2015-05-21 05:16 - 2015-05-21 05:16 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-21 05:09 - 2015-05-22 05:44 - 00001487 _____ () C:\WINDOWS\setupact.log
2015-05-21 05:09 - 2015-05-21 05:09 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-05-21 05:06 - 2015-05-22 05:51 - 01235458 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-21 05:03 - 2015-05-22 05:31 - 00367856 _____ () C:\WINDOWS\PFRO.log
2015-05-20 06:00 - 2015-05-22 05:54 - 00000000 ____D () C:\FRST
2015-05-20 04:01 - 2015-05-22 05:43 - 00000000 ____D () C:\AdwCleaner
2015-05-18 02:04 - 2015-05-18 02:04 - 00386293 _____ () C:\MBAM quarantine file.txt
2015-05-18 00:46 - 2015-05-22 05:53 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-18 00:45 - 2015-05-18 00:45 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-18 00:45 - 2015-05-18 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-18 00:45 - 2015-05-18 00:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-18 00:45 - 2015-05-18 00:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-18 00:45 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-18 00:45 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-18 00:45 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-17 15:55 - 2015-05-17 15:55 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-17 15:55 - 2015-05-17 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-17 15:55 - 2015-05-17 15:55 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-17 15:53 - 2015-05-16 19:08 - 06480808 _____ (Piriform Ltd) C:\Users\Don jar\Desktop\ccsetup505.exe
2015-05-16 03:03 - 2015-05-16 03:03 - 00001054 _____ () C:\WINDOWS\Tasks\Ws2tp6KnecTD1Z6kFk5NXwNTI0t.job
2015-05-15 01:38 - 2015-05-15 01:38 - 00000000 ____D () C:\WINDOWS\pss
2015-05-13 11:57 - 2015-05-13 12:04 - 01306301 _____ () C:\Users\Don jar\Downloads\Unconfirmed 443568.crdownload
2015-05-13 03:12 - 2015-05-13 03:47 - 00000621 _____ () C:\WINDOWS\wininit.ini
2015-05-12 09:40 - 2015-05-12 09:40 - 00003598 _____ () C:\WINDOWS\System32\Tasks\SMWUpd
2015-05-12 09:35 - 2015-05-12 09:35 - 00000000 ____D () C:\Program Files (x86)\c33670e1-3a38-4032-8ad8-68dcc99ef6cd
2015-05-12 09:34 - 2015-05-22 01:18 - 00000000 ____D () C:\ProgramData\abc
2015-05-12 09:31 - 2015-05-12 09:31 - 00000000 _____ () C:\WINDOWS\SysWOW64\Number of results
2015-05-09 17:32 - 2015-05-09 17:32 - 00880208 _____ (Google Inc.) C:\Users\Don jar\Downloads\ChromeSetup (1).exe
2015-05-09 01:26 - 2015-05-09 01:26 - 00880208 _____ (Google Inc.) C:\Users\Don jar\Downloads\ChromeSetup.exe
2015-05-08 11:47 - 2015-05-22 01:20 - 00000112 _____ () C:\ProgramData\V4RAOCJ.dat
2015-05-08 04:05 - 2015-05-08 04:05 - 00000000 ____D () C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-05-04 10:22 - 2015-05-04 10:25 - 00022210 ____H () C:\Users\Don jar\Desktop\~WRL1739.tmp
2015-04-30 11:06 - 2015-04-30 11:06 - 00000000 ____D () C:\Users\Don jar\AppData\Local\CrashRpt
2015-04-29 12:16 - 2015-05-18 02:00 - 00000000 ____D () C:\Users\Don jar\AppData\Roaming\jellylam
2015-04-29 12:16 - 2015-05-12 11:51 - 00003246 _____ () C:\WINDOWS\System32\Tasks\DriverMgr
2015-04-28 01:54 - 2015-04-28 01:54 - 00000000 ____D () C:\Users\Don jar\Documents\ProPCCleaner
2015-04-28 01:51 - 2015-05-21 14:14 - 00000000 ____D () C:\Users\Don jar\AppData\Roaming\Pro PC Cleaner
2015-04-28 01:50 - 2015-05-12 11:51 - 00003782 _____ () C:\WINDOWS\System32\Tasks\Convertor
2015-04-28 01:50 - 2015-05-12 11:51 - 00003298 _____ () C:\WINDOWS\System32\Tasks\Winsta Update
2015-04-28 01:50 - 2015-05-12 11:51 - 00003240 _____ () C:\WINDOWS\System32\Tasks\WinKit
2015-04-28 01:50 - 2015-05-08 15:35 - 00000000 ____D () C:\Users\Don jar\AppData\Roaming\PDFConvert
2015-04-26 21:53 - 2015-04-26 21:53 - 00003142 _____ () C:\WINDOWS\System32\Tasks\{74D68A33-85F6-4E3F-A53A-F8CF5382B326}
2015-04-26 02:38 - 2015-05-08 15:35 - 00000000 ____D () C:\Users\Don jar\Downloads\Black Asian Dating Site, Black Asian Singles, Black Asian Personals at PerfectMatch.com_files
2015-04-26 02:38 - 2015-04-26 02:38 - 00070009 _____ () C:\Users\Don jar\Downloads\Black Asian Dating Site, Black Asian Singles, Black Asian Personals at PerfectMatch.com.html
2015-04-26 00:57 - 2015-05-08 15:04 - 00000000 ____D () C:\Program Files (x86)\Ninja Loader
2015-04-26 00:57 - 2015-05-08 13:55 - 00000000 ____D () C:\Users\Don jar\AppData\Local\Ninja Loader
2015-04-25 00:55 - 2015-04-25 00:55 - 00003990 _____ () C:\WINDOWS\System32\Tasks\LaunchPreSignup
2015-04-24 10:54 - 2015-05-22 05:56 - 00001014 _____ () C:\WINDOWS\Tasks\YRORXaf.job
2015-04-24 10:54 - 2015-04-24 10:54 - 00004026 _____ () C:\WINDOWS\System32\Tasks\YRORXaf
2015-04-24 10:53 - 2015-04-30 11:11 - 00000045 _____ () C:\user.js
2015-04-24 10:53 - 2015-04-24 10:53 - 00003568 _____ () C:\WINDOWS\System32\Tasks\SPUVG
2015-04-24 10:52 - 2015-05-22 03:09 - 00000000 ____D () C:\ProgramData\634af84c257e446593c8317e01716daf
2015-04-24 10:52 - 2015-04-24 10:52 - 00000000 ____D () C:\ProgramData\6e393ce3ffe841018f51c4c655d01187

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 05:50 - 2012-11-27 22:30 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3014910660-1131023439-13105803-1004
2015-05-22 05:49 - 2014-12-07 19:22 - 00000000 ____D () C:\Users\Don jar\AppData\Roaming\ViberPC
2015-05-22 05:47 - 2014-12-07 19:17 - 00000000 ____D () C:\Users\Don jar\AppData\Local\Viber
2015-05-22 05:47 - 2013-06-22 21:04 - 00000000 ___RD () C:\Users\Don jar\Google Drive
2015-05-22 05:47 - 2012-12-04 19:18 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-22 05:46 - 2012-12-04 19:18 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-22 05:44 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-22 05:29 - 2014-09-24 03:15 - 00006842 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-22 05:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-22 03:21 - 2012-12-25 20:51 - 00000000 ____D () C:\Users\Don jar\Documents\Youcam
2015-05-22 01:25 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-22 01:24 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-22 00:08 - 2012-12-04 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-22 00:07 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-21 22:30 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-05-21 16:11 - 2013-08-22 10:44 - 00485424 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-21 16:06 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-05-21 16:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\AdvancedInstallers
2015-05-21 15:54 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-21 15:42 - 2015-04-04 23:07 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-05-21 15:42 - 2015-04-04 23:07 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-21 15:18 - 2012-12-04 21:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-21 15:15 - 2013-09-23 19:18 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-21 14:55 - 2012-12-18 12:22 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-21 14:51 - 2013-06-19 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-21 14:48 - 2013-06-19 21:27 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-21 14:48 - 2013-06-19 21:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-21 14:39 - 2014-09-24 02:53 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-21 13:42 - 2012-12-04 19:18 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-21 13:42 - 2012-12-04 19:18 - 00003662 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-20 14:28 - 2012-08-25 20:15 - 00000000 ____D () C:\ProgramData\Norton
2015-05-20 14:27 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-20 14:27 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-05-20 05:06 - 2014-10-28 12:48 - 00000000 ____D () C:\Users\Don jar
2015-05-20 04:14 - 2013-06-18 23:09 - 00000000 ____D () C:\Users\Don jar\Documents\Visual Studio 2010
2015-05-17 16:15 - 2014-10-28 16:18 - 00000000 ___DC () C:\WINDOWS\Panther
2015-05-17 16:15 - 2012-11-28 20:28 - 00000000 ____D () C:\Users\Don jar\AppData\Local\CrashDumps
2015-05-15 00:37 - 2015-03-12 01:31 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-13 13:20 - 2013-11-19 12:50 - 00000000 ____D () C:\Users\Don jar\Desktop\New folder
2015-05-13 12:25 - 2013-07-23 20:07 - 00000000 ____D () C:\Users\Don jar\Desktop\New folder (5)
2015-05-12 11:51 - 2014-11-13 10:02 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-05-12 01:59 - 2013-01-04 22:20 - 00000000 ____D () C:\Users\Don jar\Documents\DateHookup.com - Search For Singles_files
2015-05-09 22:39 - 2014-11-14 12:18 - 00000000 ___HD () C:\Users\Public\Temp
2015-05-09 17:51 - 2013-06-22 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-08 15:41 - 2014-10-28 12:48 - 00000000 ____D () C:\Users\Al
2015-05-08 15:39 - 2014-12-13 01:55 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-05-08 15:39 - 2014-09-24 05:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-05-08 15:39 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-05-08 15:39 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-05-08 15:39 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-08 15:39 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-08 15:39 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2015-05-08 15:39 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-05-08 15:39 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-05-08 15:39 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-05-08 15:36 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2015-05-08 15:36 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-05-08 15:36 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-05-08 15:36 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-05-08 15:04 - 2014-10-28 12:26 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-08 15:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-05-08 14:34 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\registration
2015-05-08 14:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-05-05 09:53 - 2012-12-01 05:42 - 00000000 ____D () C:\Users\Don jar\Documents\MATLAB

==================== Files in the root of some directories =======

2014-10-01 13:02 - 2014-10-01 13:02 - 0000046 _____ () C:\Users\Don jar\AppData\Roaming\WB.CFG
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Don jar\AppData\Roaming\Ws2tp6KnecTD1Z6kFk5NXwNTI0t
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Don jar\AppData\Roaming\YRORXaf
2014-01-28 00:06 - 2014-01-28 00:06 - 0004608 _____ () C:\Users\Don jar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-21 01:39 - 2015-03-11 09:57 - 0000175 _____ () C:\ProgramData\dlea.log
2012-12-01 07:12 - 2015-01-21 02:19 - 0063560 _____ () C:\ProgramData\dleaJSW.log
2012-12-01 06:58 - 2014-10-28 10:42 - 0018394 _____ () C:\ProgramData\dleascan.log
2012-12-11 15:03 - 2012-12-11 15:03 - 9068507 _____ () C:\ProgramData\SPL3A3B.tmp
2013-05-06 15:38 - 2013-05-06 15:38 - 7964593 _____ () C:\ProgramData\SPL6385.tmp
2012-12-01 07:38 - 2012-12-01 07:38 - 9065159 _____ () C:\ProgramData\SPL9428.tmp
2012-12-11 15:03 - 2012-12-11 15:03 - 2990772 _____ () C:\ProgramData\SPLB1AB.tmp
2012-12-01 07:29 - 2012-12-01 07:29 - 9057673 _____ () C:\ProgramData\SPLB4C2.tmp
2015-05-08 11:47 - 2015-05-22 01:20 - 0000112 _____ () C:\ProgramData\V4RAOCJ.dat

Files to move or delete:
====================
C:\ProgramData\V4RAOCJ.dat


Some files in TEMP:
====================
C:\Users\Don jar\AppData\Local\Temp\Quarantine.exe
C:\Users\Don jar\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-22 05:13

==================== End of log ============================



#14 LimeGreene

LimeGreene
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 22 May 2015 - 10:44 AM

Ninja loader is still installed. Will uninstalling it cause more malware to be put back?



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:22 PM

Posted 22 May 2015 - 11:05 AM

The Addition.txt is missing.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users