Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware and Virus Infections


  • This topic is locked This topic is locked
34 replies to this topic

#1 Red131313

Red131313

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 17 August 2015 - 09:22 AM

I was recently given a laptop by my cousin. After running a Malwarebytes and Avira scan, I came to find it heavily infected.

 

Avira found 38 different issues, some of which include:

 

ADWARE/Amonetize.Gen7

ADWARE/Adware.Gen7

PUA/Linkury.iona

PUA/MyPCBackup.Gen

PUA/Linkury.Gen2

PUA/Systweak.Gen4

PUA/Mplug.tryu

 

Malwarebytes found 518 traces of maleware. Ive attached the Malwarebytes log file.

 

Any help getting rid of these issues would be greatly appreciated,

 

Thank you.

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:04 PM

Posted 17 August 2015 - 04:05 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Red131313

Red131313
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 17 August 2015 - 05:39 PM

Step1 FRST.txt Results

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by Justin Daymude (administrator) on JUSTINDAYMUDE (17-08-2015 16:34:09)
Running from C:\Users\Justin Daymude\Desktop
Loaded Profiles: Justin Daymude (Available Profiles: Justin Daymude)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser not detected!)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(The Chromium Authors) C:\Users\Justin Daymude\AppData\Local\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\Justin Daymude\AppData\Local\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\Justin Daymude\AppData\Local\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(The Chromium Authors) C:\Users\Justin Daymude\AppData\Local\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\Justin Daymude\AppData\Local\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-04-19]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-04-19]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-2634330040-2568979329-3127251919-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} ->  No File
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll [2012-12-14] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-19] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} ->  No File
BHO-x32: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKLM - No Name - !{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} -  No File
Toolbar: HKLM - No Name - !{348bd83c-b2cd-4319-a605-c96bb458dd80} -  No File
Toolbar: HKLM - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - No Name - !{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} -  No File
Toolbar: HKLM-x32 - No Name - !{348bd83c-b2cd-4319-a605-c96bb458dd80} -  No File
Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2634330040-2568979329-3127251919-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-2634330040-2568979329-3127251919-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-2634330040-2568979329-3127251919-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-07-16] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-07-16] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-07-16] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-07-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CD860390-48F4-46C4-A4E0-209144214578}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-16] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2010-10-13] (Best Buy)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-04-19] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2010-10-13] (Best Buy)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.103 -> C:\Program Files (x86)\NOS\bin\np_gp.dll [2011-05-25] (NOS Microsystems Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Chrome.NZTI3FGX4DKHLBJ7JUECOWDFDY - C:\Users\Justin Daymude\AppData\Local\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-09] (Avira Operations GmbH & Co. KG)
S2 Application Hosting; C:\ProgramData\Application Hosting\Application Hosting.exe [34304 2015-04-14] () [File not signed]
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43044512 2015-04-03] (Microsoft Corporation)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [53248 2011-05-25] (NOS Microsystems Ltd.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-08-17] (Enigma Software Group USA, LLC.)
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [380064 2015-04-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]
S2 FastUserSwitchingCompatibility; C:\Windows\installer\AMDEx3.msi [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-08-17] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-08-17] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [0 2009-07-13] () <==== ATTENTION (zero byte File/Folder)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-17 16:34 - 2015-08-17 16:35 - 00020191 _____ C:\Users\Justin Daymude\Desktop\FRST.txt
2015-08-17 16:33 - 2015-08-17 16:34 - 00000000 ____D C:\FRST
2015-08-17 16:33 - 2015-08-17 16:33 - 02173440 _____ (Farbar) C:\Users\Justin Daymude\Desktop\FRST64.exe
2015-08-17 15:18 - 2015-08-17 16:25 - 00006603 _____ C:\Windows\IE11_main.log
2015-08-17 14:29 - 2015-08-17 14:29 - 00003372 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-08-17 14:29 - 2015-08-17 14:29 - 00001089 _____ C:\Users\Justin Daymude\Desktop\SpyHunter.lnk
2015-08-17 14:29 - 2015-08-17 14:29 - 00000000 ____D C:\Users\Justin Daymude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-08-17 14:29 - 2015-08-17 14:29 - 00000000 ____D C:\Users\Justin Daymude\AppData\Roaming\Enigma Software Group
2015-08-17 14:29 - 2015-08-17 14:29 - 00000000 _____ C:\autoexec.bat
2015-08-17 14:27 - 2015-08-17 14:27 - 00000000 ____D C:\sh4ldr
2015-08-17 14:16 - 2015-08-17 14:16 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-08-17 14:15 - 2015-08-17 14:15 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-08-17 13:42 - 2015-08-17 16:26 - 00000112 _____ C:\Windows\setupact.log
2015-08-17 13:42 - 2015-08-17 13:42 - 00000000 _____ C:\Windows\setuperr.log
2015-08-17 13:41 - 2015-08-17 13:41 - 00000324 _____ C:\AdwCleaner[S8].txt
2015-08-17 13:40 - 2015-08-17 13:40 - 00000324 _____ C:\AdwCleaner[S7].txt
2015-08-17 13:37 - 2015-08-17 13:37 - 00000325 _____ C:\AdwCleaner[S6].txt
2015-08-17 13:14 - 2015-08-17 13:14 - 00003208 _____ C:\Windows\System32\Tasks\{C166220C-6429-4469-8088-803A49898511}
2015-08-17 12:55 - 2015-08-17 12:55 - 00563296 _____ (Oracle Corporation) C:\Users\Justin Daymude\Desktop\chromeinstall-8u51.exe
2015-08-17 12:45 - 2015-08-17 12:45 - 00000325 _____ C:\AdwCleaner[S5].txt
2015-08-17 12:33 - 2015-08-17 12:33 - 00000325 _____ C:\AdwCleaner[S4].txt
2015-08-17 12:24 - 2015-08-17 12:24 - 00000325 _____ C:\AdwCleaner[S3].txt
2015-08-17 12:22 - 2015-08-17 12:22 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Justin Daymude\Desktop\sc-cleaner.exe
2015-08-17 12:04 - 2015-08-17 12:04 - 00000325 _____ C:\AdwCleaner[S2].txt
2015-08-17 12:02 - 2015-08-17 12:02 - 00000325 _____ C:\AdwCleaner[S1].txt
2015-08-17 12:02 - 2015-08-17 12:02 - 00000000 ____D C:\AdwCleaner
2015-08-17 09:47 - 2015-08-17 09:47 - 00002818 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-08-17 09:47 - 2015-08-17 09:47 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-17 09:47 - 2015-08-17 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-17 09:47 - 2015-08-17 09:47 - 00000000 ____D C:\Program Files\CCleaner
2015-08-17 09:43 - 2015-08-17 09:45 - 06609608 _____ (Piriform Ltd) C:\Users\Justin Daymude\Downloads\ccsetup508.exe
2015-08-17 09:41 - 2015-08-17 09:41 - 00000000 ____D C:\Users\Justin Daymude\AppData\Roaming\VS Revo Group
2015-08-17 06:46 - 2015-07-30 07:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 06:46 - 2015-07-30 07:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-16 23:21 - 2015-08-16 23:21 - 00078117 _____ C:\Users\Justin Daymude\Desktop\MBAM Results 08-16-2015.txt
2015-08-16 23:05 - 2015-07-16 13:10 - 09069056 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 11031040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 06033920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 02088448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 01267712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 00428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 00389120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 00229376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 00186368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 00153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-16 23:04 - 2015-07-16 13:12 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-08-16 23:04 - 2015-07-16 13:11 - 01539584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-16 23:04 - 2015-07-16 13:11 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-16 23:04 - 2015-07-16 13:11 - 00610816 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-16 23:04 - 2015-07-16 13:11 - 00345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-16 23:04 - 2015-07-16 13:11 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-08-16 23:04 - 2015-07-16 13:11 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-16 23:04 - 2015-07-16 13:11 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-16 23:04 - 2015-07-16 13:11 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-16 23:04 - 2015-07-16 13:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-08-16 23:04 - 2015-07-16 13:11 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\corpol.dll
2015-08-16 23:04 - 2015-07-16 13:11 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-08-16 23:04 - 2015-07-16 13:10 - 12304896 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-16 23:04 - 2015-07-16 13:10 - 02470912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-16 23:04 - 2015-07-16 13:10 - 01466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-16 23:04 - 2015-07-16 13:10 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-08-16 23:04 - 2015-07-16 13:10 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-16 23:04 - 2015-07-16 13:10 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-16 23:04 - 2015-07-16 13:10 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-16 23:04 - 2015-07-16 13:10 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-16 23:04 - 2015-07-16 13:10 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-16 23:04 - 2015-07-16 13:10 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-08-16 23:04 - 2015-07-16 13:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-16 23:04 - 2015-07-16 13:10 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-16 23:04 - 2015-07-16 13:10 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-08-16 23:04 - 2015-07-16 13:10 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-16 23:04 - 2015-07-16 13:10 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-16 23:04 - 2015-07-16 13:10 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-16 23:04 - 2015-07-16 13:10 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-16 23:04 - 2015-07-16 13:10 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-08-16 23:04 - 2015-07-16 13:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-16 23:04 - 2015-07-16 13:10 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-08-16 23:04 - 2015-07-16 13:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-16 23:04 - 2015-07-16 13:09 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-16 23:04 - 2015-07-16 11:29 - 00483328 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-16 23:04 - 2015-07-16 11:14 - 00386560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-16 23:04 - 2015-07-16 11:06 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-16 23:04 - 2015-07-16 10:54 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-16 22:18 - 2015-06-01 18:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-08-16 22:18 - 2015-06-01 17:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-08-16 22:17 - 2015-07-28 14:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-16 22:17 - 2015-07-28 14:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-16 22:17 - 2015-07-28 14:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-16 22:17 - 2015-07-28 14:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-16 22:17 - 2015-07-28 14:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-16 22:17 - 2015-07-28 14:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-16 22:17 - 2015-07-28 14:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-16 22:17 - 2015-07-28 13:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-16 22:17 - 2015-07-15 12:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-16 22:17 - 2015-07-15 12:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-16 22:17 - 2015-07-15 12:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-16 22:17 - 2015-07-15 12:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-16 22:17 - 2015-07-15 12:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-16 22:17 - 2015-07-15 12:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-16 22:17 - 2015-07-15 12:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-16 22:17 - 2015-07-15 12:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-16 22:17 - 2015-07-15 12:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-16 22:17 - 2015-07-15 12:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-16 22:17 - 2015-07-15 12:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-16 22:17 - 2015-07-15 12:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-16 22:17 - 2015-07-15 12:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-16 22:17 - 2015-07-15 12:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-16 22:17 - 2015-07-15 12:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-16 22:17 - 2015-07-15 12:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-16 22:17 - 2015-07-15 12:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-16 22:17 - 2015-07-15 12:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 12:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-16 22:17 - 2015-07-15 11:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-16 22:17 - 2015-07-15 11:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-16 22:17 - 2015-07-15 11:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-16 22:17 - 2015-07-15 11:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-16 22:17 - 2015-07-15 11:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-16 22:17 - 2015-07-15 11:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-16 22:17 - 2015-07-15 11:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-16 22:17 - 2015-07-15 11:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-16 22:17 - 2015-07-15 11:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-16 22:17 - 2015-07-15 11:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-16 22:17 - 2015-07-15 11:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-16 22:17 - 2015-07-15 11:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-16 22:17 - 2015-07-15 11:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-16 22:17 - 2015-07-15 11:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-16 22:17 - 2015-07-15 11:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-16 22:17 - 2015-07-15 11:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-16 22:17 - 2015-07-15 11:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-16 22:17 - 2015-07-15 11:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-16 22:17 - 2015-07-15 11:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-16 22:17 - 2015-07-15 11:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-16 22:17 - 2015-07-15 11:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-16 22:17 - 2015-07-15 11:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 11:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 10:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-16 22:17 - 2015-07-15 10:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-16 22:17 - 2015-07-15 10:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-16 22:17 - 2015-07-15 10:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-16 22:17 - 2015-07-15 10:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-16 22:17 - 2015-07-15 10:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 10:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 10:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-16 22:17 - 2015-07-15 10:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-16 22:17 - 2015-06-09 12:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-16 22:17 - 2015-06-09 12:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-08-16 22:16 - 2015-08-16 22:16 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-16 22:14 - 2015-07-14 21:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-16 22:13 - 2015-07-16 13:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-16 22:13 - 2015-07-16 13:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-16 22:13 - 2015-07-16 13:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-16 22:13 - 2015-07-16 13:11 - 05779456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-16 22:13 - 2015-07-16 13:11 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-16 22:13 - 2015-07-16 13:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-16 22:13 - 2015-07-14 21:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-16 22:13 - 2015-07-14 21:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-16 22:13 - 2015-07-14 21:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-16 22:13 - 2015-07-14 21:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-16 22:13 - 2015-07-14 20:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-16 22:13 - 2015-07-14 20:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-16 22:13 - 2015-07-14 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-16 22:13 - 2015-07-14 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-16 22:13 - 2015-07-01 14:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-16 22:13 - 2015-07-01 14:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-16 22:13 - 2015-07-01 14:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-16 22:13 - 2015-07-01 14:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-16 22:05 - 2015-06-17 11:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-16 22:05 - 2015-06-17 11:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-16 21:56 - 2015-07-04 12:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-16 21:56 - 2015-07-04 11:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-16 21:56 - 2015-04-27 13:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-08-16 21:56 - 2015-04-27 13:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-08-16 21:56 - 2015-04-27 13:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-08-16 21:56 - 2015-04-27 13:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-08-16 21:56 - 2015-04-27 13:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-08-16 21:56 - 2015-04-27 13:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-08-16 21:56 - 2015-04-27 13:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-08-16 21:56 - 2015-04-27 13:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-08-16 21:54 - 2015-08-16 21:54 - 00000000 ____D C:\f6b409bc41436deab09347a2b7b569
2015-08-16 21:54 - 2015-07-30 12:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-16 21:54 - 2015-07-30 12:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-16 21:54 - 2015-07-30 12:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-16 21:54 - 2015-07-30 12:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-16 21:54 - 2015-07-30 12:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-16 21:54 - 2015-07-30 12:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-16 21:54 - 2015-07-30 12:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-16 21:54 - 2015-07-30 11:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-16 21:54 - 2015-07-30 11:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-16 21:54 - 2015-07-30 11:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-16 21:54 - 2015-07-30 11:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-16 21:54 - 2015-07-30 11:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-16 21:54 - 2015-07-30 11:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-16 21:54 - 2015-07-30 10:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-16 21:54 - 2015-07-30 10:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-16 21:54 - 2015-07-30 10:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-16 21:54 - 2015-07-09 11:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-16 21:54 - 2015-07-09 11:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-16 21:54 - 2015-07-09 11:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-16 21:54 - 2015-06-15 15:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-08-16 21:54 - 2015-06-15 15:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-16 21:54 - 2015-06-15 15:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-16 21:54 - 2015-06-15 15:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-08-16 21:54 - 2015-06-15 15:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-08-16 21:54 - 2015-06-15 15:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-16 21:54 - 2015-06-15 15:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-16 21:54 - 2015-06-15 15:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-16 21:54 - 2015-06-15 15:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-08-16 21:54 - 2015-06-15 15:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-16 21:54 - 2015-06-15 15:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-08-16 21:54 - 2015-06-15 15:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-08-16 21:53 - 2015-07-20 12:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-16 21:53 - 2015-07-20 12:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-16 21:53 - 2015-07-20 12:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-16 21:53 - 2015-07-20 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-16 21:53 - 2015-07-20 12:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-16 21:53 - 2015-07-20 12:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-16 21:53 - 2015-07-20 12:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-16 21:53 - 2015-07-20 12:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-16 21:53 - 2015-07-20 12:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-16 21:53 - 2015-07-20 12:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-16 21:53 - 2015-07-20 12:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-16 21:53 - 2015-07-20 11:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-16 21:53 - 2015-07-20 11:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-16 21:53 - 2015-07-20 11:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-16 21:53 - 2015-07-20 11:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-16 21:53 - 2015-07-20 11:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-16 21:53 - 2015-07-10 11:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-16 21:53 - 2015-07-10 11:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-16 21:41 - 2015-08-16 21:41 - 00000000 ____D C:\Users\Public\Documents\Dell
2015-08-16 20:54 - 2015-08-16 20:54 - 00001079 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-08-16 20:54 - 2015-08-16 20:54 - 00000000 ____D C:\Users\Justin Daymude\AppData\Local\VS Revo Group
2015-08-16 20:54 - 2015-08-16 20:54 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-08-16 20:54 - 2015-08-16 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-08-16 20:54 - 2015-08-16 20:54 - 00000000 ____D C:\Program Files\VS Revo Group
2015-08-16 20:54 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-08-16 20:50 - 2015-08-16 20:52 - 11069616 _____ (VS Revo Group ) C:\Users\Justin Daymude\Downloads\RevoUninProSetup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-17 16:33 - 2011-04-19 21:40 - 02001911 _____ C:\Windows\WindowsUpdate.log
2015-08-17 16:28 - 2011-10-30 18:03 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-08-17 16:27 - 2011-06-01 16:44 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-08-17 16:27 - 2011-06-01 16:44 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-08-17 16:27 - 2011-04-19 22:16 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-08-17 16:26 - 2013-06-03 10:08 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-08-17 16:26 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-17 16:22 - 2013-02-26 21:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-17 13:53 - 2009-07-13 22:45 - 00022704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-17 13:53 - 2009-07-13 22:45 - 00022704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-17 13:11 - 2014-03-22 08:22 - 00000000 ____D C:\ProgramData\Oracle
2015-08-17 12:08 - 2009-07-13 21:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-17 10:04 - 2011-04-19 22:04 - 00000000 ____D C:\ProgramData\Sonic
2015-08-17 09:52 - 2014-08-16 15:49 - 00000000 ____D C:\Users\Justin Daymude\AppData\Roaming\Notepad++
2015-08-17 09:52 - 2011-12-16 14:34 - 00000000 ____D C:\Windows\Minidump
2015-08-17 09:52 - 2009-04-28 10:27 - 00000000 ____D C:\Windows\Panther
2015-08-17 07:03 - 2011-06-01 16:37 - 00000000 ____D C:\Users\Justin Daymude
2015-08-17 06:56 - 2009-07-13 22:45 - 05021904 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-17 06:52 - 2014-12-10 04:51 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-17 06:52 - 2014-04-30 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-17 06:52 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-17 06:48 - 2011-06-01 17:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-08-17 06:46 - 2013-03-14 03:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-17 06:45 - 2013-03-14 03:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-17 06:45 - 2013-03-14 03:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-17 06:42 - 2011-06-01 16:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-17 06:30 - 2009-07-13 20:34 - 00000612 _____ C:\Windows\win.ini
2015-08-17 06:28 - 2013-08-25 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-08-17 00:03 - 2009-07-13 23:13 - 00875838 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-16 23:58 - 2011-06-01 16:45 - 00000000 ____D C:\Users\Justin Daymude\AppData\Local\Deployment
2015-08-16 23:50 - 2014-12-28 17:26 - 00000000 ____D C:\Users\Justin Daymude\AppData\Local\RGMService
2015-08-16 23:40 - 2014-08-23 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-08-16 23:23 - 2014-10-10 21:13 - 00000000 ____D C:\ProgramData\Browser
2015-08-16 23:23 - 2014-10-09 18:18 - 00000000 ____D C:\Users\Public\91428E07517644A1AF40912C4D48931B
2015-08-16 23:12 - 2014-09-01 13:03 - 00000000 ____D C:\Users\Justin Daymude\AppData\Local\4392
2015-08-16 22:41 - 2015-04-13 02:41 - 00000000 ____D C:\Program Files (x86)\ProductUI
2015-08-16 22:26 - 2013-02-26 21:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-16 22:25 - 2013-02-26 21:44 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-16 22:25 - 2011-06-08 18:39 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-16 22:25 - 2009-07-13 23:08 - 00032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-16 22:18 - 2014-08-23 16:23 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-16 22:16 - 2014-08-23 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-16 22:16 - 2014-08-23 16:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-16 21:42 - 2014-08-23 17:49 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-16 21:40 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-16 21:25 - 2013-05-26 15:01 - 00000000 ____D C:\Program Files (x86)\USTechSupport
2015-08-16 21:22 - 2011-04-19 22:03 - 00000000 ____D C:\Program Files (x86)\Roxio
2015-08-16 21:14 - 2011-09-17 20:21 - 00000000 ____D C:\Users\Justin Daymude\AppData\Roaming\Apple Computer
2015-08-16 21:14 - 2011-09-17 20:21 - 00000000 ____D C:\Users\Justin Daymude\AppData\Local\Apple Computer
2015-08-16 21:05 - 2011-07-06 12:52 - 00000000 ____D C:\Users\Justin Daymude\AppData\Roaming\Avery
2015-08-16 20:44 - 2014-03-30 13:27 - 00000000 ____D C:\Users\Justin Daymude\FrostWire
2015-07-28 10:59 - 2011-06-03 01:59 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2014-08-23 11:02 - 2014-08-23 11:02 - 0000004 _____ () C:\Users\Justin Daymude\AppData\Roaming\appdataFr2.bin
2014-08-16 14:06 - 2014-08-16 14:06 - 0026900 _____ () C:\Users\Justin Daymude\AppData\Local\dt.dat
2013-05-26 22:03 - 2013-05-26 22:03 - 0007605 _____ () C:\Users\Justin Daymude\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Justin Daymude\AppData\Local\Temp\avgnt.exe
C:\Users\Justin Daymude\AppData\Local\Temp\sqlite3.dll
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\ohci1394.sys
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-19 00:21
 
==================== End of log ============================


#4 Red131313

Red131313
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 17 August 2015 - 05:40 PM

Step 1 Addition.txt Results

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by Justin Daymude (2015-08-17 16:36:18)
Running from C:\Users\Justin Daymude\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2634330040-2568979329-3127251919-500 - Administrator - Disabled)
Guest (S-1-5-21-2634330040-2568979329-3127251919-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2634330040-2568979329-3127251919-1006 - Limited - Enabled)
Justin Daymude (S-1-5-21-2634330040-2568979329-3127251919-1000 - Administrator - Enabled) => C:\Users\Justin Daymude
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Connect Add-in (HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\...\Adobe Connect Add-in) (Version:  - )
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.103 - NOS Microsystems Ltd.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader 9.5.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.3 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{a5e00a72-db4a-4f77-8874-d1265b8fcd7e}) (Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Best Buy pc app (Version: 3.1.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.0.0 - Best Buy) Hidden
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Business Contact Manager for Microsoft Outlook 2010 (HKLM-x32\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
Business Contact Manager for Microsoft Outlook 2010 (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Chromium Browser (HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\...\Chromium) (Version: 41.0.2231.0 - Chrome)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.30 - ArcSoft)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)
Dell Stage (HKLM-x32\...\{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}) (Version: 1.4.173.0 - Fingertapps)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GDR 5538 for SQL Server 2008 (KB3045305) (HKLM-x32\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{59C245FC-343C-4FEC-B3CB-B6F12B561C20}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.5.0 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
RGMUpdater Monetization Control (HKLM-x32\...\RGMUpdater Monetization Controlcc56729e-9fc2-4c79-a5a8-77edc7087390) (Version: 2.2.0322.1140 -  )
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Shopping Helper Smartbar Engine (HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\...\{f5df2bfc-73b8-457a-8baf-f7a9e99738d9}) (Version: 11.113.63.19229 - ReSoft Ltd.) <==== ATTENTION
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.20.9.4533 - Enigma Software Group, LLC)
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.0.1 - Synaptics Incorporated)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Window Shopper (HKLM-x32\...\{A1570454-ED12-4050-A7AC-9282C7AFB23C}) (Version: 01.02.0003 - Superfish)
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth  (03/24/2010 6.3.0.2501) (HKLM\...\AF09E130E2FD4D1BEFD1B9132AE624BAE0364719) (Version: 03/24/2010 6.3.0.2501 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2634330040-2568979329-3127251919-1000_Classes\CLSID\{0bb215fa-c1c7-4167-ba68-b5eaa27d44a4}\InprocServer32 -> C:\WINDOWS\SYSTEM32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2634330040-2568979329-3127251919-1000_Classes\CLSID\{35203a17-4f7a-40cc-b43d-aaed4280e68d}\InprocServer32 -> C:\WINDOWS\SYSTEM32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2634330040-2568979329-3127251919-1000_Classes\CLSID\{74299f92-5beb-4b45-8f7e-5ba10ff91d4f}\InprocServer32 -> C:\WINDOWS\SYSTEM32\dfshim.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02A468EE-C13B-4CF6-9DD5-7DBAD8462968} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {0BBD53FE-EAB3-465B-8361-279EAB8C04CC} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-08-17] (Enigma Software Group USA, LLC.)
Task: {12772680-55D1-44EB-8614-E12074FCEFCE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {315968E9-5FA4-475A-8468-A3A366825D1C} - System32\Tasks\USTSPCO-USTSPCOOneClickCare => C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe
Task: {5A7EECCF-F517-4C87-A10A-9ED2864486F4} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {91DF64AD-5F03-486C-ACEC-FB4381D64D14} - System32\Tasks\LAUNCH CDPCO => C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe
Task: {95432DDE-1A2E-4A9D-99FF-15E0E40CB425} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {ADD3F18A-85FC-428E-9DBD-B0F53F746CC2} - \WSE_Astromenda -> No File <==== ATTENTION
Task: {B7EAF163-6D66-4B43-847E-266461524653} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{A0ACBDA1-D96D-4148-A1C4-77797E090062}.exe
Task: {B8CFB61F-79B1-411B-8961-BDF74B0A1455} - System32\Tasks\{C166220C-6429-4469-8088-803A49898511} => pcalua.exe -a "C:\Users\Justin Daymude\Desktop\chromeinstall-8u51.exe" -d "C:\Users\Justin Daymude\Desktop"
Task: {CDDBE979-AD61-48CC-B6AA-8429DF42CF98} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-16] (Adobe Systems Incorporated)
Task: {ECC9F573-A791-405B-B78F-089DD42F0296} - \ASP -> No File <==== ATTENTION
Task: {F2E2FE40-F2A7-4214-AA7E-88C2A814A661} - System32\Tasks\{27C2AAC7-9D36-42DC-87CA-48988D879C6B} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {F5234AB0-CBF1-4E20-8F03-9D4BF704DF49} - System32\Tasks\{D2E40E76-6E05-4743-974D-E43728A02C26} => pcalua.exe -a "C:\Users\Justin Daymude\Downloads\setup (2).exe" -d "C:\Users\Justin Daymude\Downloads"
Task: {F674A68E-0DC6-477E-8E76-68467E6FDDB2} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{A0ACBDA1-D96D-4148-A1C4-77797E090062}.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-04-19 22:16 - 2011-08-18 09:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-28 17:28 - 2014-11-30 23:48 - 01409536 _____ () C:\Users\Justin Daymude\AppData\Local\Chrome\Application\41.0.2231.0\libglesv2.dll
2014-12-28 17:28 - 2014-11-30 23:48 - 00223744 _____ () C:\Users\Justin Daymude\AppData\Local\Chrome\Application\41.0.2231.0\libegl.dll
2014-12-28 17:28 - 2014-11-30 23:48 - 09528320 _____ () C:\Users\Justin Daymude\AppData\Local\Chrome\Application\41.0.2231.0\pdf.dll
2014-10-17 04:01 - 2014-10-17 04:01 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1b6598c5f94ca13b5ff739e492ba9d01\IsdiInterop.ni.dll
2011-04-19 21:49 - 2010-06-08 09:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Justin Daymude\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Application Restart #1 => C:\Users\Justin Daymude\AppData\Local\Chrome\Application\chrome.exe  --extra-search-query-params=publisher=ShoppingHelper&dpid=OB_316&co=US&userid=f57dda8f-090a-abe4-9169-c08efc996bc4&installdate=01/01/2014&barcodeid=151115&searchtype=cd --flag-switches-begin --flag-switches-end --restore-last-session http://feed.snapdo.com/?searchtype=cn&publisher=ShoppingHelper&dpid=OB_316&co=US&userid=f57dda8f-090a-abe4-9169-c08efc996bc4&installdate=01/01/2014&barcodeid=151115
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{CA9CCC87-7FF5-4078-9393-5ABE6EA11053}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{07D41428-77AA-4E64-8791-8D4AC6785F4F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F29AE269-EF65-4D1C-AA08-33595AF3FFBD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8D255A8F-2151-486A-96AA-15721C582D3A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{27C0685E-D31E-40DF-B18B-1E44BD5DA9CE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D6F27E74-F512-4D4A-886B-78BF963D2A71}] => (Allow) LPort=2869
FirewallRules: [{9112188D-37E9-4403-BCE2-D71B68EC42E8}] => (Allow) LPort=1900
FirewallRules: [{2B043280-C114-40C6-A27B-B171597E49C9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5BD37F82-1157-44E3-ABE0-AA9ECA59ECE3}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{09C95BE2-3BEE-40D2-BA92-5BDAED50367A}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{EC9877F2-4F81-420E-BDDD-5451A1D6C972}] => (Allow) C:\Users\Justin Daymude\AppData\Local\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/17/2015 04:22:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x80042318).
 
Error: (08/17/2015 04:22:42 PM) (Source: VSS) (EventID: 12347) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers.  The Registry Writer failed to respond to a query
from VSS. Check to see that the Event Service and Volume Shadow Copy Service
are operating properly, and please check the Application event log for any other events.
 
 
Operation:
   Gathering Writer Data
   Executing Asynchronous Operation
 
Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata
 
Error: (08/17/2015 03:19:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x80042318).
 
Error: (08/17/2015 03:19:24 PM) (Source: VSS) (EventID: 12347) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers.  The Registry Writer failed to respond to a query
from VSS. Check to see that the Event Service and Volume Shadow Copy Service
are operating properly, and please check the Application event log for any other events.
 
 
Operation:
   Gathering Writer Data
   Executing Asynchronous Operation
 
Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata
 
Error: (08/17/2015 03:18:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80042318).
 
Error: (08/17/2015 03:18:06 PM) (Source: VSS) (EventID: 12347) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers.  The Registry Writer failed to respond to a query
from VSS. Check to see that the Event Service and Volume Shadow Copy Service
are operating properly, and please check the Application event log for any other events.
 
 
Operation:
   Gathering Writer Data
   Executing Asynchronous Operation
 
Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata
 
Error: (08/17/2015 01:49:53 PM) (Source: MsiInstaller) (EventID: 11723) (User: JustinDaymude)
Description: Product: Window Shopper -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action _F8B62A2B_4539_4C60_B990_79A54DE08AC8, entry: UnInstallAction, library: C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll
 
Error: (08/17/2015 01:49:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Window Shopper; Error = 0x80042318).
 
Error: (08/17/2015 01:49:42 PM) (Source: VSS) (EventID: 12347) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers.  The Registry Writer failed to respond to a query
from VSS. Check to see that the Event Service and Volume Shadow Copy Service
are operating properly, and please check the Application event log for any other events.
 
 
Operation:
   Gathering Writer Data
   Executing Asynchronous Operation
 
Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata
 
Error: (08/17/2015 01:49:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Window Shopper; Error = 0x80042318).
 
 
System errors:
=============
Error: (08/17/2015 04:30:10 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x8002801d
 
Error: (08/17/2015 04:28:40 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x8002801d
 
Error: (08/17/2015 04:27:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.
 
Error: (08/17/2015 04:27:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The AMD External Events Utility .NET. service terminated with the following error: 
%%126
 
Error: (08/17/2015 04:27:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Application Hosting service service to connect.
 
Error: (08/17/2015 04:25:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.
 
Error: (08/17/2015 04:23:12 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (08/17/2015 04:22:14 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (08/17/2015 02:29:33 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (08/17/2015 01:47:12 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x8002801d
 
 
Microsoft Office:
=========================
Error: (08/17/2015 04:22:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80042318
 
Error: (08/17/2015 04:22:42 PM) (Source: VSS) (EventID: 12347) (User: )
Description: Operation:
   Gathering Writer Data
   Executing Asynchronous Operation
 
Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata
 
Error: (08/17/2015 03:19:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\servicing\TrustedInstaller.exeWindows Modules Installer0x80042318
 
Error: (08/17/2015 03:19:24 PM) (Source: VSS) (EventID: 12347) (User: )
Description: Operation:
   Gathering Writer Data
   Executing Asynchronous Operation
 
Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata
 
Error: (08/17/2015 03:18:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80042318
 
Error: (08/17/2015 03:18:06 PM) (Source: VSS) (EventID: 12347) (User: )
Description: Operation:
   Gathering Writer Data
   Executing Asynchronous Operation
 
Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata
 
Error: (08/17/2015 01:49:53 PM) (Source: MsiInstaller) (EventID: 11723) (User: JustinDaymude)
Description: Product: Window Shopper -- Error 1723. There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor.  Action _F8B62A2B_4539_4C60_B990_79A54DE08AC8, entry: UnInstallAction, library: C:\Program Files (x86)\Superfish\Window Shopper\SuperfishIEAddon.dll (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (08/17/2015 01:49:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved Window Shopper0x80042318
 
Error: (08/17/2015 01:49:42 PM) (Source: VSS) (EventID: 12347) (User: )
Description: Operation:
   Gathering Writer Data
   Executing Asynchronous Operation
 
Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata
 
Error: (08/17/2015 01:49:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved Window Shopper0x80042318
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 58%
Total physical RAM: 3894.68 MB
Available physical RAM: 1601.04 MB
Total Virtual: 7787.57 MB
Available Virtual: 5312.02 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:372.42 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: EEEB4352)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:04 PM

Posted 18 August 2015 - 01:12 PM

Hi there,

Step 1revouninstaller.png

  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    Shopping Helper Smartbar Engine
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

Step 2

Please download the latest version of adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 3

v21logo.PNG

Scan with Malwarebytes Anti-Malware.

  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].

mbamv21.gif


Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Step 4

zoek.jpg

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    systemspecs;
    filesrcm;
    emptyclsid;
    autoclean;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 Red131313

Red131313
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 19 August 2015 - 12:22 AM

I removed the Shopping Helper Smartbar Engine in step 1 with no problems.

 

When I attempted to run AdwCleaner in step 2, I received an error message.

 

Screen shot of error message attached.

 

I haven't completed the other steps yet because I'm not sure if step 2 MUST be completed before continuing with the remaining steps.

Attached Files



#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:04 PM

Posted 19 August 2015 - 12:12 PM

Please delete the adwcleaner.exe and repeat step 2. If the error occurs again, skip step 2 and proceed with the other steps.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 Red131313

Red131313
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 20 August 2015 - 08:11 PM

After running the ZOEK program, I attempted to run AdwCleaner again, and this time it worked. I will reply with the results, in the order they were generated.

 

 

1st - Malwarebytes

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 8/19/2015

Scan Time: 10:28 PM

Logfile: MBAM Results 08162015.txt

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.08.17.01

Rootkit Database: v2015.08.16.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Justin Daymude

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 416720

Time Elapsed: 52 min, 16 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 1

PUP.Optional.RGMUpdater.A, C:\Users\Justin Daymude\AppData\Local\RGMService\RGMUpdater.exe, 2480, , [25c07b8edab16ec88c8a5cd5cc37ca36]

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 55

PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, , [e8fd7d8ce1aaa0966652894516ec3cc4],

PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, , [e8fd7d8ce1aaa0966652894516ec3cc4],

PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, , [e8fd7d8ce1aaa0966652894516ec3cc4],

PUP.Optional.QuickShare.A, HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, , [e8fd7d8ce1aaa0966652894516ec3cc4],

PUP.Optional.QuickShare.A, HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, , [e8fd7d8ce1aaa0966652894516ec3cc4],

PUP.Optional.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34BE6615-ADA0-46D1-9457-ABE77C82B0AD}, , [0bda38d1612a25116335e5b114ee07f9],

PUP.Optional.Agent, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, , [0bda38d1612a25116335e5b114ee07f9],

PUP.Optional.Agent, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, , [0bda38d1612a25116335e5b114ee07f9],

PUP.Optional.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, , [0bda38d1612a25116335e5b114ee07f9],

PUP.Optional.Agent, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Updater.AmiUpd, , [0bda38d1612a25116335e5b114ee07f9],

PUP.Optional.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, , [0bda38d1612a25116335e5b114ee07f9],

PUP.Optional.Agent, HKLM\SOFTWARE\CLASSES\WOW6432NODE\Updater.AmiUpd.1, , [0bda38d1612a25116335e5b114ee07f9],

PUP.Optional.Agent, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{34BE6615-ADA0-46D1-9457-ABE77C82B0AD}, , [0bda38d1612a25116335e5b114ee07f9],

PUP.Optional.Snapdo.T, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [974e60a9513a5fd72c37c2103bc753ad],

PUP.Optional.InternetHelper.A, HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}, , [8461d3363f4c072fd3d98b0b6d951ce4],

PUP.Optional.InternetHelper.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}, , [8461d3363f4c072fd3d98b0b6d951ce4],

PUP.Optional.InternetHelper.A, HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}, , [8461d3363f4c072fd3d98b0b6d951ce4],

PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64, , [2bba1eebcfbca78f2efccf77679cf010],

PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT3247201, , [c71eca3f2a610f27bde7b4f34eb61fe1],

PUP.Optional.Astromenda.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, , [559013f61d6e5bdbddc5c7ce976d34cc],

PUP.Optional.Astromenda.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [7e67c1480b80af87f80ae1bd52b2ba46],

PUP.Optional.SearchResults.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}, , [469f8980a2e94beb24510915a55e6898],

PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32LDR, , [3ca9a267dab111254aac7235669e3dc3],

PUP.SoftwareUpdater.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\AmiUpdXp, , [a44158b16e1d56e0103570a90201718f],

PUP.Optional.RegCleanerPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ASP, , [a0452cddf3981b1b8ddf7e9aba49ab55],

PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\FF Watcher {2492FC79-34CB-4956-A2FA-5A25A24D0E07}, , [8f565baebdce152132ec170252b1a65a],

PUP.Optional.SmartWeb.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SmartWeb Upgrade Trigger Task, , [26bff811236861d510ad95830300e21e],

PUP.Optional.Astromenda.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WSE_Astromenda, , [b233b653fa9150e6cbbd1bfebf44a060],

PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [cb1afc0d4a41e94da9f40f9842c238c8],

PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CompeteInc, , [697c7a8f296275c1d3f67638699bce32],

PUP.Optional.MyFreeze.A, HKLM\SOFTWARE\WOW6432NODE\Freeze.com, , [aa3b00095d2e1b1b6567d55cee15ca36],

PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, , [b23345c42467989ef93fc37b20e32dd3],

Adware.SmartBar, HKLM\SOFTWARE\WOW6432NODE\Smartbar, , [5392d039a6e5aa8cf79a8c687e85cd33],

PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT3247201, , [7a6bf81105861d19356f693e956f748c],

PUP.Optional.Astromenda.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, , [856076938efd0a2c089a7d186e96f60a],

PUP.Optional.ConduitTB.Gen.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{65D659DF-D0E3-4495-B78B-959E48B66607}, , [07de30d9c8c3d95d8b784d5a24e08878],

PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{735F171F-BE13-49FB-8689-8DF72A91D5B0}, , [6f768f7af398f73fd2c82687a26229d7],

PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ospd_us_64_is1, , [0cd9d732d3b82b0b1b1cc77757ac837d],

PUP.Software.Updater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, , [41a482877e0d5dd94ee23e2de41f53ad],

PUP.Optional.Linkury.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}, , [22c317f23e4d0f274a1b3919f21107f9],

PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, , [09dc1fead3b89c9a2b720b9cd3311fe1],

PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM, , [0adb719883082115a69a68434db7738d],

PUP.Optional.PCSpeedUp.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, , [d80d48c1c5c6270f338ee4c4a2629868],

PUP.Optional.RGMUpdater.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RGMUpdater, , [25c07b8edab16ec88c8a5cd5cc37ca36],

PUP.Optional.AddLyrics, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WEBINSTR, , [7d68b2577a1174c2e59938063ec5ec14],

PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [786d1aefdbb057dfc4add3d638cc4db3],

PUP.Optional.SuperOptimizer.C, HKU\S-1-5-19\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [ab3af7124a4183b3b9b846637b89eb15],

PUP.Optional.SuperOptimizer.C, HKU\S-1-5-20\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [92530009cdbe3df9d39ee9c0bf459c64],

PUP.Optional.AskAPN.Gen, HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\SOFTWARE\APN DTX, , [7570b257d3b8999dc3a0525ced170cf4],

PUP.Optional.Astromenda.A, HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\SOFTWARE\astromenda, , [bc294fbabfcc77bff90c200e46bd5fa1],

PUP.Optional.RGMUpdater.A, HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\SOFTWARE\RGMService, , [9d4840c949421d19be5ab77a818260a0],

PUP.Optional.ReMarkit.A, HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\SOFTWARE\APPDATALOW\SOFTWARE\Re-markit, , [6580c148d4b7af872645f943ed1637c9],

PUP.Optional.SerachQU.A, HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\SOFTWARE\APPDATALOW\SOFTWARE\searchqutoolbar, , [de0757b2414a142299d27aa21ae9f10f],

PUP.Optional.Astromenda.A, HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, , [eef7ca3f395240f690136530fa0a857b],

PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\nmhostct3247201, , [8362ff0a1b70a88ed25d8f8d39cab24e],

 

Registry Values: 29

PUP.Optional.InternetHelper.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}, , [8461d3363f4c072fd3d98b0b6d951ce4],

PUP.Optional.InternetHelper.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}, , [6d787f8ac2c996a07735f5a1e9199c64],

PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, , [6283ef1a2f5c5bdb4dafc3d819e91ce4],

PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, , [6283ef1a2f5c5bdb4dafc3d819e91ce4]

PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, , [6283ef1a2f5c5bdb4dafc3d819e91ce4]

PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, , [757022e7117ab08667958e0d8c76629e],

PUP.Optional.Astromenda.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_33_ch&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0E0CyD0B0AtCzzyC0DyEtN0D0Tzu0SzyyDzytN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyDtA0FtCzytC0CtGzzzztB0CtG0F0FtCyDtG0FtD0ByCtGtDtDyB0FtD0CtC0AyB0BtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzzyDyD0EyBtA0DtGtDyC0EtDtGyE0BtByBtG0B0B0E0DtG0E0F0F0E0AyDtCyByB0CtD0E2Q&cr=462312691&ir=, , [7e67c1480b80af87f80ae1bd52b2ba46]

PUP.Optional.Astromenda.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TopResultURLFallback, http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_33_ch&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0E0E0CyD0B0AtCzzyC0DyEtN0D0Tzu0SzyyDzytN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyDtA0FtCzytC0CtGzzzztB0CtG0F0FtCyDtG0FtD0ByCtGtDtDyB0FtD0CtC0AyB0BtBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzzyDyD0EyBtA0DtGtDyC0EtDtGyE0BtByBtG0B0B0E0DtG0E0F0F0E0AyDtCyByB0CtD0E2Q&cr=462312691&ir=, , [ca1b67a21477a59116eca5f90103a957]

PUP.Optional.Astromenda.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|FaviconPath, C:\Program Files (x86)\WSE_Astromenda\\FavIcon.ico, , [b62f5dacd0bbaf8760a2722c897b6799]

PUP.Optional.Astromenda.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Astromenda, , [717417f22368d264b54d8717ca3a8977]

PUP.Optional.Astromenda.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|DisplayName, Astromenda, , [08ddf811f5964bebcd356e3018ecb14f]

PUP.Optional.SearchResults.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|URL, http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}, , [469f8980a2e94beb24510915a55e6898]

PUP.Optional.SearchQu.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|SuggestionsURL_JSON, http://www.searchqu.com/suggest.php?src=ieb&appid=101&systemid=406&qu={searchTerms}&ft=json, , [37aecc3ddcaf1c1a82d5aff2e71d7b85]

PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, , [7f66e2270c7f3bfb90d0bd83cf34d828]

PUP.Optional.Trovi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\SPVC32Ldr|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 130566708726383898, , [3ca9a267dab111254aac7235669e3dc3]

PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [cb1afc0d4a41e94da9f40f9842c238c8]

PUP.Optional.Astromenda.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Astromenda\\, , [c71e09005932ac8a3990a876689b04fc]

PUP.Optional.ConduitTB.Gen.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{65D659DF-D0E3-4495-B78B-959E48B66607}|AppPath, C:\Users\Justin Daymude\AppData\Local\Conduit\CT3247201, , [07de30d9c8c3d95d8b784d5a24e08878]

PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{735F171F-BE13-49FB-8689-8DF72A91D5B0}|AppPath, C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar, , [6f768f7af398f73fd2c82687a26229d7]

PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, , [21c4e722bccfe452c69a221e45be59a7]

PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ospd_us_64, "C:\Program Files (x86)\ospd_us_64\ospd_us_64.exe", , [588d30d94a416dc93ffbcd7133d0b050]

PUP.Optional.SmartWeb.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SmartWeb, C:\Users\Justin Daymude\AppData\Local\SmartWeb\SmartWebHelper.exe, , [3baa7e8bacdfd4620330a490649f9d63]

PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [09dc1fead3b89c9a2b720b9cd3311fe1]

PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SPPDCOM|TS, 2, , [0adb719883082115a69a68434db7738d]

PUP.Optional.AddLyrics, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WEBINSTR|DisplayName, webinstr, , [7d68b2577a1174c2e59938063ec5ec14]

PUP.Optional.Snapdo.T, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [b62f8980eaa11e18b920ca7d54af0ef2]

PUP.Optional.SnapDo.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}|URL, http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEV7awbD8dIcI9CB9a_e9L6COR_kyzu2kxpHH4tzbntU-zHo2af2H-maqqeVFKqTosSecmyifKqXZ0j2QixuaOfjpgpae6FfEFJsXslQjZVH0A16rywPUU-2UCIdi2Uof8sTGNW2lSTYj5g,,&q={searchTerms}, , [32b3da2f93f800364255eeb25da7a45c]

PUP.Optional.Snapdo.T, HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, , [677ea86191fabd79c4155becaa59916f]

PUP.Optional.MarkIt.A, HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{7E0D11C6-3FCD-94E7-E8F0-11AC241AE776}, C:\Program Files (x86)\ver1Re-markit\177.xpi, , [1bca0405cebde94d82d3227c9d671be5]

 

Registry Data: 6

PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEV7awbD8dIcI9CB9a_e9L6COR_kyzu2kxpHH4tzbntU-zHo2af2H-maqqeVFKqTosSecmyifKqXZ0j2QixuaOfjpgpae6FfEFJsXslQjZVH0A16rywPUU-2UCIdi2Uof8sTGNW2lSTYj5g,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEV7awbD8dIcI9CB9a_e9L6COR_kyzu2kxpHH4tzbntU-zHo2af2H-maqqeVFKqTosSecmyifKqXZ0j2QixuaOfjpgpae6FfEFJsXslQjZVH0A16rywPUU-2UCIdi2Uof8sTGNW2lSTYj5g,,&q={searchTerms}),,[a93ca168d8b31f17acf621266b9a58a8]

PUP.Optional.SnapDo.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEV7awbD8dIcI9CB9a_e9L6COR_kyzu2kxpHH4tzbntU-zHo2af2H-maqqeVFKqTosSecmyifKqXZ0j2cAwTuIma6Kjfe-CJkNo50L2Oqi3ov29nuX855DwoCa4crKbJ5KNd7tDtEhiG9Kw, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEV7awbD8dIcI9CB9a_e9L6COR_kyzu2kxpHH4tzbntU-zHo2af2H-maqqeVFKqTosSecmyifKqXZ0j2cAwTuIma6Kjfe-CJkNo50L2Oqi3ov29nuX855DwoCa4crKbJ5KNd7tDtEhiG9Kw,),,[17cee227810ad462119347006c9920e0]

PUP.Optional.SnapDo.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEV7awbD8dIcI9CB9a_e9L6COR_kyzu2kxpHH4tzbntU-zHo2af2H-maqqeVFKqTosSecmyifKqXZ0j2QixuaOfjpgpae6FfEFJsXslQjZVH0A16rywPUU-2UCIdi2Uof8sTGNW2lSTYj5g,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEV7awbD8dIcI9CB9a_e9L6COR_kyzu2kxpHH4tzbntU-zHo2af2H-maqqeVFKqTosSecmyifKqXZ0j2QixuaOfjpgpae6FfEFJsXslQjZVH0A16rywPUU-2UCIdi2Uof8sTGNW2lSTYj5g,,&q={searchTerms}),,[2bbab554890257df485cb196877ece32]

PUP.Optional.SnapDo.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEV7awbD8dIcI9CB9a_e9L6COR_kyzu2kxpHH4tzbntU-zHo2af2H-maqqeVFKqTosSecmyifKqXZ0j2QixuaOfjpgpae6FfEFJsXslQjZVH0A16rywPUU-2UCIdi2Uof8sTGNW2lSTYj5g,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEV7awbD8dIcI9CB9a_e9L6COR_kyzu2kxpHH4tzbntU-zHo2af2H-maqqeVFKqTosSecmyifKqXZ0j2QixuaOfjpgpae6FfEFJsXslQjZVH0A16rywPUU-2UCIdi2Uof8sTGNW2lSTYj5g,,&q={searchTerms}),,[11d423e69af19d99851ebc8ba56044bc]

PUP.Optional.SnapDo.A, HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEV7awbD8dIcI9CB9a_e9L6COR_kyzu2kxpHH4tzbntU-zHo2af2H-maqqeVFKqTosSecmyifKqXZ0j2QixuaOfjpgpae6FfEFJsXslQjZVH0A16rywPUU-2UCIdi2Uof8sTGNW2lSTYj5g,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEV7awbD8dIcI9CB9a_e9L6COR_kyzu2kxpHH4tzbntU-zHo2af2H-maqqeVFKqTosSecmyifKqXZ0j2QixuaOfjpgpae6FfEFJsXslQjZVH0A16rywPUU-2UCIdi2Uof8sTGNW2lSTYj5g,,&q={searchTerms}),,[6283fe0b8dfef343d5cffa4d0cf94fb1]

PUP.Optional.SnapDo.A, HKU\S-1-5-21-2634330040-2568979329-3127251919-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEV7awbD8dIcI9CB9a_e9L6COR_kyzu2kxpHH4tzbntU-zHo2af2H-maqqeVFKqTosSecmyifKqXZ0j2QixuaOfjpgpae6FfEFJsXslQjZVH0A16rywPUU-2UCIdi2Uof8sTGNW2lSTYj5g,,&q={searchTerms}, Good: (www.google.com), Bad: (http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEV7awbD8dIcI9CB9a_e9L6COR_kyzu2kxpHH4tzbntU-zHo2af2H-maqqeVFKqTosSecmyifKqXZ0j2QixuaOfjpgpae6FfEFJsXslQjZVH0A16rywPUU-2UCIdi2Uof8sTGNW2lSTYj5g,,&q={searchTerms}),,[d1140801810a71c51390064137ce17e9]

 

Folders: 32

PUP.Optional.Shuka.A, C:\Users\Justin Daymude\AppData\Local\Temp\Shuka, , [826388816e1de65027ff6dc47f84c23e],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\141e0ca8-c9a5-41a2-b083-3b439c740f11, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\4267bc79-948c-4e1d-8651-93d5f11e63fb, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\45711248-ef3f-48b4-8a98-29dd4781183d, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\4a8480ec-3051-4a86-8825-ed3baadad101, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\c538d57a-1be3-438e-b8a2-820b75cccdf0, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.MultiPlug.F, C:\ProgramData\4d09ce8d5400296d, , [7174e722494272c4c8757c3515ef52ae],

PUP.Optional.Extutil.A, C:\Users\Justin Daymude\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, , [875e1dec99f241f5a04a708552b0fb05],

PUP.Optional.Managera.A, C:\Users\Justin Daymude\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, , [677e3dcc523946f0f2f96e8730d234cc],

PUP.Optional.Vbates.A, C:\Program Files\V-bates, , [85601fea0e7dab8bc00fcc2a33cf18e8],

PUP.Optional.SearchResultsTB.A, C:\Users\Justin Daymude\AppData\LocalLow\searchresultstb, , [26bf1dec761589ad0a3434c9a35f45bb],

PUP.Optional.InternetHelper.A, C:\Users\Justin Daymude\AppData\LocalLow\InternetHelper1.5, , [e302e425bccf310518b139c4d42e7b85],

PUP.Optional.InternetHelper.A, C:\Users\Justin Daymude\AppData\LocalLow\InternetHelper1.5\Logs, , [e302e425bccf310518b139c4d42e7b85],

PUP.Optional.InternetHelper.A, C:\Users\Justin Daymude\AppData\LocalLow\InternetHelper1.5\MyStuffApps, , [e302e425bccf310518b139c4d42e7b85],

PUP.Optional.InternetHelper.A, C:\Users\Justin Daymude\AppData\LocalLow\InternetHelper1.5\Repository, , [e302e425bccf310518b139c4d42e7b85],

PUP.Optional.InternetHelper.A, C:\Users\Justin Daymude\AppData\LocalLow\InternetHelper1.5\Repository\conduit_CT3247201_CT3247201, , [e302e425bccf310518b139c4d42e7b85],

PUP.Optional.InternetHelper.A, C:\Users\Justin Daymude\AppData\LocalLow\InternetHelper1.5\Repository\conduit_CT3247201_CT3247201\AppsMetaData, , [e302e425bccf310518b139c4d42e7b85],

PUP.Optional.InternetHelper.A, C:\Users\Justin Daymude\AppData\LocalLow\InternetHelper1.5\Repository\conduit_CT3247201_CT3247201\ToolbarSettings, , [e302e425bccf310518b139c4d42e7b85],

PUP.Optional.InternetHelper.A, C:\Users\Justin Daymude\AppData\LocalLow\InternetHelper1.5\Repository\conduit_CT3247201_en, , [e302e425bccf310518b139c4d42e7b85],

PUP.Optional.InternetHelper.A, C:\Users\Justin Daymude\AppData\LocalLow\InternetHelper1.5\Repository\conduit_CT3247201_en\ToolbarTranslation, , [e302e425bccf310518b139c4d42e7b85],

PUP.Optional.OneSoftPerDay.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY, , [f7ee0801bad15adcdb4744bafd059f61],

PUP.Optional.OneSoftPerDay.A, C:\Users\Justin Daymude\AppData\Local\ospd_us_64, , [26bf38d1bdce75c1f52e86780ef439c7],

PUP.Optional.OneSoftPerDay.A, C:\Users\Justin Daymude\AppData\Local\ospd_us_64\Download, , [26bf38d1bdce75c1f52e86780ef439c7],

PUP.Optional.Freeze.A, C:\Program Files (x86)\Free Offers from Freeze.com, , [7a6b33d62d5e0f270d2f49b7c2410ff1],

PUP.Optional.SmartBar.A, C:\Users\Justin Daymude\AppData\LocalLow\Smartbar, , [f7ee0aff1a715ed8692e768eac57d729],

PUP.Optional.WorldWideWebCoupon.A, C:\ProgramData\WorldWideWebCoupon, , [ecf9be4b484385b142166fa032d1d62a],

PUP.Optional.PullUpdate.A, C:\ProgramData\hRBWpxWrCPC\dat, , [df0629e06328f0464f92ed9bc83d42be],

PUP.Optional.PullUpdate.A, C:\ProgramData\hRBWpxWrCPC, , [df0629e06328f0464f92ed9bc83d42be],

 

Files: 395

PUP.Optional.MultiPlug.Uns, C:\ProgramData\WorldWideWebCoupon\WorldWideWebCoupon.exe, , [edf89079018ae056fa1d2a58b9498080],

PUP.Optional.MyPCBackup.A, C:\Users\Justin Daymude\AppData\Local\Temp\BackupSetup.exe, , [15d08980c7c478be64a8d37821e07f81],

PUP.Optional.Linkury, C:\Users\Justin Daymude\AppData\Local\Temp\qeqxmfc8.dll, , [8065f316018afb3b2199dd557a8b48b8],

PUP.Optional.Linkury, C:\Users\Justin Daymude\AppData\Local\Temp\ey_bcyhl.dll, , [766f59b07c0fbd794c6eda58d4316898],

PUP.Optional.Linkury, C:\Users\Justin Daymude\AppData\Local\Temp\apewnfjt.dll, , [3aabcc3db2d984b28535c76b57ae956b],

PUP.Optional.Linkury, C:\Users\Justin Daymude\AppData\Local\Temp\vligaqli.dll, , [6e7729e0a6e550e6259570c27a8bb749],

PUP.Optional.VBates.A, C:\Users\Justin Daymude\AppData\Local\Temp\setup_362.exe, , [8362bb4ee5a69a9c50a7997c5fa6da26],

PUP.Optional.PCSpeedUp.A, C:\Users\Justin Daymude\AppData\Local\Temp\setup_384.exe, , [c32263a6a8e3a1959b8edcd027da8977],

PUP.Optional.ShopHelper, C:\Users\Justin Daymude\AppData\Local\Temp\SHelp2.exe, , [da0b15f4c2c974c2830d531efa0858a8],

PUP.Optional.Linkury, C:\Users\Justin Daymude\AppData\Local\Temp\n2zrz8ke.dll, , [6e775aaf305b7db92892a09237ce32ce],

PUP.Optional.Linkury, C:\Users\Justin Daymude\AppData\Local\Temp\kpdqzs5q.dll, , [e10488815c2f5fd7209a53dfd2330bf5],

PUP.Optional.Linkury, C:\Users\Justin Daymude\AppData\Local\Temp\cmr7brwm.dll, , [04e151b8a5e64fe72c8eb280df268779],

PUP.Optional.Compete, C:\Users\Justin Daymude\AppData\Local\Temp\ConsumerInputSetup.exe, , [f5f00bfef893d264e47255311fe68f71],

PUP.Optional.Linkury, C:\Users\Justin Daymude\AppData\Local\Temp\_837cfm2.dll, , [5a8b0207632857df3585e15120e5b34d],

PUP.Optional.Linkury, C:\Users\Justin Daymude\AppData\Local\Temp\fcu4lwyw.dll, , [0ed74dbcb3d8f442c4f6211157aeca36],

PUP.Optional.Linkury, C:\Users\Justin Daymude\AppData\Local\Temp\irkcad7c.dll, , [a54057b2d0bb3ff7ad0d9b97c540b44c],

PUP.Optional.Linkury, C:\Users\Justin Daymude\AppData\Local\Temp\igtscvjv.dll, , [55909178dbb07fb7398135fd0df820e0],

PUP.Optional.Linkury, C:\Users\Justin Daymude\AppData\Local\Temp\h-ivhweg.dll, , [9f468f7a157633035c5e8ea49d6819e7],

PUP.Optional.Linkury, C:\Users\Justin Daymude\AppData\Local\Temp\ndzjqo2t.dll, , [18cd5baebdce2016536760d2f213eb15],

PUP.Optional.Linkury, C:\Users\Justin Daymude\AppData\Local\Temp\oiwwxmag.dll, , [c025a366d1ba8bab71495cd61ee76a96],

PUP.Optional.MyPCBackup.A, C:\Users\Justin Daymude\AppData\Local\Temp\OnlineBackup.exe, , [edf89c6d404bb0860ffd57f4669b53ad],

PUP.Optional.Linkury, C:\Users\Justin Daymude\AppData\Local\Temp\3inqtmv-.dll, , [766fd534503b45f1c5f54de513f2af51],

PUP.Optional.HealthFix, C:\Users\Justin Daymude\AppData\Local\Temp\22C2tmp\pchf101.exe, , [d31268a1afdc68ce1e320635936d6799],

PUP.Optional.AlimenMain, C:\Users\Justin Daymude\AppData\Local\Temp\23CEtmp\setup.exe, , [6184b752bad1340265a610168481a957],

PUP.Optional.NewPlayer, C:\Users\Justin Daymude\AppData\Local\Temp\1F8Ftmp\newvideoplayersetup.exe, , [fce9d8310d7ecf67d14ce15afe03639d],

PUP.Optional.Linkury.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\141e0ca8-c9a5-41a2-b083-3b439c740f11\Rau.exe, , [70759d6c96f571c563eedd7d19e81ae6],

PUP.Optional.Linkury.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\4a8480ec-3051-4a86-8825-ed3baadad101\AllRau_23_12.exe, , [d510ca3fb4d723132b262e2cc33ecb35],

PUP.Optional.Linkury.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\c538d57a-1be3-438e-b8a2-820b75cccdf0\Rau.exe, , [2eb748c115761e186de4aeacb84907f9],

PUP.Optional.SkyTech.A, C:\Users\Justin Daymude\AppData\Local\Temp\E63926EC-3F3D-419d-BF69-6DE9D0101F68[t]\1.zip, , [41a45faa2665ae88ec81213327da9d63],

PUP.Optional.StartPage.A, C:\Users\Justin Daymude\AppData\Local\Temp\E63926EC-3F3D-419d-BF69-6DE9D0101F68[t]\1.zipDir\BaofengUpdate.exe, , [905572973a5158deb3b02a2ace33f50b],

PUP.Optional.SkyTech.A, C:\Users\Justin Daymude\AppData\Local\Temp\E63926EC-3F3D-419d-BF69-6DE9D0101F68[t]\1.zipDir\BFVUpdateM.dll, , [c5207d8c96f554e292db65ef5ca5b050],

PUP.Optional.Linkury.A, C:\Users\Justin Daymude\AppData\Local\Temp\Rau\LPTConnector.exe, , [f9ecbe4b0e7da88e470a8ecc7889d62a],

PUP.Optional.Linkury.A, C:\Users\Justin Daymude\AppData\Local\Temp\Rau\PackerV2.exe, , [b13432d75239e155a82cf749d52b22de],

PUP.Optional.MyPCBackup.SID.A, C:\Users\Justin Daymude\AppData\Local\Temp\1FBFtmp\cloud_backup_setup.exe, , [3fa64ebb99f2300686256c19f11442be],

PUP.Optional.OutBrowse, C:\Users\Public\91428E07517644A1AF40912C4D48931B\setup.exe, , [ecf933d6fe8d989e60a52c1578892cd4],

PUP.Optional.Amonetize, C:\Users\Justin Daymude\AppData\Local\4392\a26430.exe, , [c3221bee8cff61d581ab40f43bc68d73],

PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll, , [707562a7bccf082e3c9850dead54c33d],

PUP.Optional.SnapDo.A, C:\Windows\Installer\79da9.msi, , [865f18f1adde7eb8d01cd2584ab7c937],

PUP.Optional.SmartBar.A, C:\Windows\Installer\79dae.msi, , [964f2ddc642742f492cbed375ca9de22],

PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, , [08dd6d9c8506c472740e46d12cd7d729],

PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf, , [3da87099d8b3ed49c1565bd3c83b5da3],

PUP.Optional.Shuka.A, C:\Users\Justin Daymude\AppData\Local\Temp\Shuka\UACGetter.exe.config, , [826388816e1de65027ff6dc47f84c23e],

PUP.Optional.Shuka.A, C:\Users\Justin Daymude\AppData\Local\Temp\Shuka\64.exe, , [826388816e1de65027ff6dc47f84c23e],

PUP.Optional.Shuka.A, C:\Users\Justin Daymude\AppData\Local\Temp\Shuka\PackerV2.exe, , [826388816e1de65027ff6dc47f84c23e],

PUP.Optional.Shuka.A, C:\Users\Justin Daymude\AppData\Local\Temp\Shuka\uninstall.exe, , [826388816e1de65027ff6dc47f84c23e],

PUP.Optional.SmartWeb.A, C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task, , [55905cade1aaf442b481ea4aa55e0df3],

PUP.Optional.VBates, C:\Windows\System32\Tasks\FF Watcher {2492FC79-34CB-4956-A2FA-5A25A24D0E07}, , [39ac0504bad13ff76430271c3dc60cf4],

PUP.Optional.VBates, C:\Windows\Tasks\FF Watcher {2492FC79-34CB-4956-A2FA-5A25A24D0E07}.job, , [865f0cfdafdcaf8773221b280ef5c040],

PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys, , [2bba1eebcfbca78f2efccf77679cf010],

PUP.SoftwareUpdater.A, C:\Windows\System32\Tasks\AmiUpdXp, , [ba2b898089021c1a27791536c83b43bd],

PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, , [3fa6000993f849ed131c224921e240c0],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioData.xml, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\TVData.xml, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1001276787.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1032580196.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1049633276.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1087330818.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\10910262.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1104610067.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1147580050.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1163213760.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1204718153.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\121835881.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\122472738.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1230328089.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1298762877.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1310107020.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1326063932.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1345014714.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1349390236.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1369710219.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3063365749.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3064150577.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3082581872.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\309514462.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3120382369.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3122142557.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3165264072.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3182409528.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3184054012.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3187131776.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\4108659329.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\4111842662.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\4124855599.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\4156122664.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\4160168922.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\4162666780.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\4180019228.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\42509276.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\4258041623.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\426489121.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\4289669010.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\439796844.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\446498293.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\462705098.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\502425151.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2538400399.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2540923269.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2558778520.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2571747616.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2583444921.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2587409586.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2590608011.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2591439044.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2612287955.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2628037879.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2653061757.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1669310521.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1679097045.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\168641980.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1758576778.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1761620300.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1772830074.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\179336091.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1804880237.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1893260371.png, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1924605918.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1944064088.png, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1955680767.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2030579034.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2035413131.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2042360304.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2054100928.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3872957308.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3458352640.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3489211912.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3498988851.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3500507916.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\355292266.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3561459644.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3590131191.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3596627549.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3620542188.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3663645435.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3696038166.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3702168251.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3741228717.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3763336611.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3766425313.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3789643263.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2085154025.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2098956121.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2100782698.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2132085398.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2133340426.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2135235822.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2157068549.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2172383622.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2188799041.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\505295175.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\508462604.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\554680345.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\573901993.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\610494985.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\620039489.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\647184093.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\652777024.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\655303227.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1373235683.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1386532862.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1394199207.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1407761077.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1415894710.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1418938224.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1424569337.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1448618572.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1481822820.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1493636833.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1509927059.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\1517724479.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\154459894.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\155412559.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3813878146.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3814325319.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3823133617.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3823177572.png, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3835949179.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3837055614.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3847014217.png, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3855687987.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3856427893.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3862616577.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3864747753.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2675558977.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2710200799.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\273527147.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2751319937.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2776020400.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2787724300.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2797249473.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2842060987.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\285939796.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2931527065.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2952973582.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2984351418.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3033724325.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3042219480.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\319401273.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3232831230.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3233771152.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3250796059.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3282864392.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3308340081.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3329535649.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\333136190.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3353459484.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3369034760.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3383800463.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3386776517.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3423014897.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3453891725.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3885036774.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3887458186.png, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3890543285.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3944243447.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3966688001.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3970689814.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3976347681.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\3994114319.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\40007619.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\4032896534.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\4040521507.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\4047869151.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\4059135308.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\735399138.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\765389517.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\767227599.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\768979132.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\788754019.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\876609851.png, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\881006563.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\90069336.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\90299962.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\918057842.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\953710841.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2197254446.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2237253885.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2299189749.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2314318620.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2319664488.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2351760750.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2352788679.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2434806465.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2448178934.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2527570036.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Smartbar.A, C:\Users\Justin Daymude\AppData\Local\Temp\Smartbar\RadioTVIcons\2538377536.gif, , [677ee42517742d097f260b8536ce3ac6],

PUP.Optional.Vitruvian.A, C:\Users\Justin Daymude\AppData\Local\Temp\vitruvian-installer-install-v0001, , [5f8651b894f783b3a41ae7b1a361da26],

PUP.Optional.Vitruvian.A, C:\Users\Justin Daymude\AppData\Local\Temp\vitruvian-installer-processes-v0001, , [4e972bde77149c9a2e90e2b6f70d7e82],

PUP.Optional.Vitruvian.A, C:\Users\Justin Daymude\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0001, , [edf817f28704e4520cb21b7dec187789],

PUP.Optional.Vitruvian.A, C:\Users\Justin Daymude\AppData\Local\Temp\vitruvian-installer-uninstall-v0001, , [80659178d4b72e08a41a4454788c56aa],

PUP.Optional.Winsock.HijackBoot, C:\Windows\System32\plsapp64.dll, , [2bbaaa5fafdc0333e33d4756986c4eb2],

PUP.Optional.Browser.A, C:\ProgramData\Browser\prompt.exe.config, , [cc1968a1dcafcd697069f5ab4eb6e61a],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\wlu.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\2620.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\4436.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\h.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\1.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\10.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\10092.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\10679.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\1391.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\1707.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\17672.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\17807.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\18120.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\18771.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\1883.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\18920.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\19816.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\19888.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\20124.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\21356.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\2228.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\2229.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\2255.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\2307.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\23307.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\23526.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\24098.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\25872.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\i.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\j.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\k.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\l.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\m.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\n.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\o.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\p.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\q.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\r.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\s.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\t.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\u.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\v.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\w.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\x.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\y.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\z.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\450.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\4873.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\4925.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\5038.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\5352.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\6405.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\641.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\6426.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\6567.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\6785.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\7030.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\7041.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\7132.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\8130.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\94.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\946.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\947.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\9576.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\960.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\9658.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\9752.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\a.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\b.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\c.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\d.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\e.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\f.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\g.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\26372.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\26620.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\27241.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\27418.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\27710.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\28934.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\29030.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\30097.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\31843.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\31848.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\32307.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\33839.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\35498.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\3577.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\371.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\407.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\4096.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\41014.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\41092.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\42226.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\42830.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\43576.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\43909.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\44045.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\44080.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\44132.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.SmartWeb, C:\Users\Justin Daymude\AppData\LocalLow\SmartWeb\Data\44215.txt, , [1ec772976823e05699037d31ce36aa56],

PUP.Optional.MultiPlug.F, C:\ProgramData\4d09ce8d5400296d\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}.20140822183811, , [7174e722494272c4c8757c3515ef52ae],

PUP.Optional.MultiPlug.F, C:\ProgramData\4d09ce8d5400296d\198cdfe22d13c1abbcc4850bd4e9a9db.ini, , [7174e722494272c4c8757c3515ef52ae],

PUP.Optional.MultiPlug.F, C:\ProgramData\4d09ce8d5400296d\242c2fd4536773fabcc4850bd4e9a9db.ini, , [7174e722494272c4c8757c3515ef52ae],

PUP.Optional.MultiPlug.F, C:\ProgramData\4d09ce8d5400296d\3ed03cfb56800283bcc4850bd4e9a9db.ini, , [7174e722494272c4c8757c3515ef52ae],

PUP.Optional.MultiPlug.F, C:\ProgramData\4d09ce8d5400296d\bd95dd966694472dbcc4850bd4e9a9db.ini, , [7174e722494272c4c8757c3515ef52ae],

PUP.Optional.MultiPlug.F, C:\ProgramData\4d09ce8d5400296d\c6fe71eb0df193210fc63bdd08997ce6.ini, , [7174e722494272c4c8757c3515ef52ae],

PUP.Optional.MultiPlug.F, C:\ProgramData\4d09ce8d5400296d\c90970dadaa8483bbcc4850bd4e9a9db.ini, , [7174e722494272c4c8757c3515ef52ae],

PUP.Optional.MultiPlug.F, C:\ProgramData\4d09ce8d5400296d\e7a261f5c12d84050fc63bdd08997ce6.ini, , [7174e722494272c4c8757c3515ef52ae],

PUP.Optional.RGMUpdater.A, C:\Users\Justin Daymude\AppData\Local\RGMService\RGMUpdater.exe, , [25c07b8edab16ec88c8a5cd5cc37ca36],

PUP.Optional.AddLyrics, C:\Windows\System32\drivers\webinstr.sys, , [7d68b2577a1174c2e59938063ec5ec14],

PUP.Optional.Extutil.A, C:\Users\Justin Daymude\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, , [875e1dec99f241f5a04a708552b0fb05],

PUP.Optional.Extutil.A, C:\Users\Justin Daymude\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, , [875e1dec99f241f5a04a708552b0fb05],

PUP.Optional.Extutil.A, C:\Users\Justin Daymude\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, , [875e1dec99f241f5a04a708552b0fb05],

PUP.Optional.Managera.A, C:\Users\Justin Daymude\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, , [677e3dcc523946f0f2f96e8730d234cc],

PUP.Optional.Managera.A, C:\Users\Justin Daymude\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, , [677e3dcc523946f0f2f96e8730d234cc],

PUP.Optional.Vbates.A, C:\Program Files\V-bates\lbwnhk64.dll, , [85601fea0e7dab8bc00fcc2a33cf18e8],

PUP.Optional.InternetHelper.A, C:\Users\Justin Daymude\AppData\LocalLow\InternetHelper1.5\ldrtbInte.dll, , [e302e425bccf310518b139c4d42e7b85],

PUP.Optional.InternetHelper.A, C:\Users\Justin Daymude\AppData\LocalLow\InternetHelper1.5\tbInte.dll, , [e302e425bccf310518b139c4d42e7b85],

PUP.Optional.InternetHelper.A, C:\Users\Justin Daymude\AppData\LocalLow\InternetHelper1.5\toolbar.cfg, , [e302e425bccf310518b139c4d42e7b85],

PUP.Optional.InternetHelper.A, C:\Users\Justin Daymude\AppData\LocalLow\InternetHelper1.5\Repository\conduit_CT3247201_CT3247201\ToolbarSettings\data.bck.txt, , [e302e425bccf310518b139c4d42e7b85],

PUP.Optional.InternetHelper.A, C:\Users\Justin Daymude\AppData\LocalLow\InternetHelper1.5\Repository\conduit_CT3247201_CT3247201\ToolbarSettings\data.txt, , [e302e425bccf310518b139c4d42e7b85],

PUP.Optional.InternetHelper.A, C:\Users\Justin Daymude\AppData\LocalLow\InternetHelper1.5\Repository\conduit_CT3247201_en\ToolbarTranslation\data.bck.txt, , [e302e425bccf310518b139c4d42e7b85],

PUP.Optional.InternetHelper.A, C:\Users\Justin Daymude\AppData\LocalLow\InternetHelper1.5\Repository\conduit_CT3247201_en\ToolbarTranslation\data.txt, , [e302e425bccf310518b139c4d42e7b85],

PUP.Optional.OneSoftPerDay.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY\Onesoftperday.lnk, , [f7ee0801bad15adcdb4744bafd059f61],

PUP.Optional.OneSoftPerDay.A, C:\Users\Justin Daymude\AppData\Local\ospd_us_64\upospd_us_64.cyl, , [26bf38d1bdce75c1f52e86780ef439c7],

PUP.Optional.OneSoftPerDay.A, C:\Users\Justin Daymude\AppData\Local\ospd_us_64\user_profil.cyp, , [26bf38d1bdce75c1f52e86780ef439c7],

PUP.Optional.Freeze.A, C:\Program Files (x86)\Free Offers from Freeze.com\17219.url, , [7a6b33d62d5e0f270d2f49b7c2410ff1],

PUP.Optional.Freeze.A, C:\Program Files (x86)\Free Offers from Freeze.com\6866.url, , [7a6b33d62d5e0f270d2f49b7c2410ff1],

PUP.Optional.Freeze.A, C:\Program Files (x86)\Free Offers from Freeze.com\6881.url, , [7a6b33d62d5e0f270d2f49b7c2410ff1],

PUP.Optional.Freeze.A, C:\Program Files (x86)\Free Offers from Freeze.com\6884.url, , [7a6b33d62d5e0f270d2f49b7c2410ff1],

PUP.Optional.Freeze.A, C:\Program Files (x86)\Free Offers from Freeze.com\control.txt, , [7a6b33d62d5e0f270d2f49b7c2410ff1],

PUP.Optional.Freeze.A, C:\Program Files (x86)\Free Offers from Freeze.com\dolphinico.ico, , [7a6b33d62d5e0f270d2f49b7c2410ff1],

PUP.Optional.Freeze.A, C:\Program Files (x86)\Free Offers from Freeze.com\games.ico, , [7a6b33d62d5e0f270d2f49b7c2410ff1],

PUP.Optional.Freeze.A, C:\Program Files (x86)\Free Offers from Freeze.com\musicoasis.ico, , [7a6b33d62d5e0f270d2f49b7c2410ff1],

PUP.Optional.Freeze.A, C:\Program Files (x86)\Free Offers from Freeze.com\videosaver.ico, , [7a6b33d62d5e0f270d2f49b7c2410ff1],

PUP.Optional.SmartBar.A, C:\Users\Justin Daymude\AppData\LocalLow\Smartbar\UserInfo.config, , [f7ee0aff1a715ed8692e768eac57d729],

Adware.Trace, C:\END, , [5c894fbac2c9280ec301f496867f6b95],

PUP.Optional.PullUpdate.A, C:\ProgramData\hRBWpxWrCPC\dat\SBPOGi.exe.config, , [df0629e06328f0464f92ed9bc83d42be],

PUP.Optional.PullUpdate.A, C:\ProgramData\hRBWpxWrCPC\dat\XxfIieFToep.exe.config, , [df0629e06328f0464f92ed9bc83d42be],

PUP.Optional.PullUpdate.A, C:\ProgramData\hRBWpxWrCPC\info.dat, , [df0629e06328f0464f92ed9bc83d42be],

PUP.Optional.PullUpdate.A, C:\ProgramData\hRBWpxWrCPC\nwhYlMD.dat, , [df0629e06328f0464f92ed9bc83d42be],

PUP.Optional.PullUpdate.A, C:\ProgramData\hRBWpxWrCPC\nwhYlMD.exe.config, , [df0629e06328f0464f92ed9bc83d42be],

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)



#9 Red131313

Red131313
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 20 August 2015 - 08:14 PM

Step2 ZOEK

 

 

 

Zoek.exe v5.0.0.0 Updated 04-May-2015

Tool run by Justin Daymude on Thu 08/20/2015 at 18:15:35.44.

 

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Justin Daymude\Desktop\zoek.exe [Scan all users] [Script inserted]

 

==== Older Logs ======================

 

C:\zoek-results2015-08-21-001259.log      1738 bytes

 

==== Empty Folders Check ======================

 

C:\PROGRA~2\MSXML 4.0 deleted successfully

C:\PROGRA~2\predm deleted successfully

C:\PROGRA~2\RingtoneJunkiez Desktop deleted successfully

C:\PROGRA~2\RoyyAAllShhopperAopp deleted successfully

C:\PROGRA~2\Superfish deleted successfully

C:\PROGRA~2\The Weather Channel FW deleted successfully

C:\PROGRA~2\USTechSupport deleted successfully

C:\PROGRA~2\COMMON~1\RingtoneJunkiez deleted successfully

C:\PROGRA~2\COMMON~1\supportdotcom deleted successfully

C:\PROGRA~2\COMMON~1\USTechSupport deleted successfully

C:\PROGRA~3\Browser deleted successfully

C:\PROGRA~3\Oracle deleted successfully

C:\PROGRA~3\RoyyAAllShhopperAopp deleted successfully

C:\Users\Justin Daymude\AppData\Roaming\USTechSupport deleted successfully

C:\Users\Justin Daymude\AppData\Roaming\WinRAR deleted successfully

C:\Users\Justin Daymude\AppData\Roaming\X-EleratedGuides deleted successfully

C:\Users\Justin Daymude\AppData\Local\PackageAware deleted successfully

C:\Users\Justin Daymude\AppData\Local\TB deleted successfully

C:\Users\Justin Daymude\AppData\Local\Unity deleted successfully

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-2634330040-2568979329-3127251919-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

HKEY_USERS\S-1-5-21-2634330040-2568979329-3127251919-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully

HKEY_USERS\S-1-5-21-2634330040-2568979329-3127251919-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

HKEY_USERS\S-1-5-21-2634330040-2568979329-3127251919-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

HKEY_USERS\S-1-5-21-2634330040-2568979329-3127251919-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_USERS\S-1-5-21-2634330040-2568979329-3127251919-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4d91-8333-CF10577473F7} deleted successfully

HKEY_USERS\S-1-5-21-2634330040-2568979329-3127251919-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} deleted successfully

HKEY_USERS\S-1-5-21-2634330040-2568979329-3127251919-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

HKEY_USERS\S-1-5-21-2634330040-2568979329-3127251919-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully

HKEY_USERS\S-1-5-21-2634330040-2568979329-3127251919-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{348BD83C-B2CD-4319-A605-C96BB458DD80} deleted successfully

HKEY_USERS\S-1-5-21-2634330040-2568979329-3127251919-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} deleted successfully

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully

HKEY_USERS\S-1-5-21-2634330040-2568979329-3127251919-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744} deleted successfully

HKEY_USERS\S-1-5-21-2634330040-2568979329-3127251919-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully

HKEY_USERS\S-1-5-21-2634330040-2568979329-3127251919-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{348BD83C-B2CD-4319-A605-C96BB458DD80} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{348BD83C-B2CD-4319-A605-C96BB458DD80} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\!{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

 

==== Deleting Services ======================

 

 

==== Deleting Files \ Folders ======================

 

C:\PROGRA~2\predm not found

C:\PROGRA~2\RingtoneJunkiez Desktop not found

C:\PROGRA~2\RoyyAAllShhopperAopp not found

C:\PROGRA~2\Superfish not found

C:\PROGRA~2\The Weather Channel FW not found

C:\PROGRA~2\USTechSupport not found

C:\Users\Justin Daymude\AppData\Local\RGMService deleted

C:\Users\Justin Daymude\AppData\LocalLow\{4177EA7B-242B-8972-5FFB-E79AD21DABA9} deleted

C:\Users\Justin Daymude\AppData\LocalLow\{68EF7835-345D-3500-A6B1-51EFC621EFBF} deleted

C:\Users\Justin Daymude\AppData\Local\Packages\windows_ie_ac_001\AC\{4177EA7B-242B-8972-5FFB-E79AD21DABA9} deleted

C:\Users\Justin Daymude\AppData\Local\Packages\windows_ie_ac_001\AC\{68EF7835-345D-3500-A6B1-51EFC621EFBF} deleted

C:\Users\Justin Daymude\AppData\Local\19954 deleted

C:\Users\Justin Daymude\AppData\Local\4392 deleted

C:\Users\Justin Daymude\AppData\LocalLow\Conduit deleted

C:\PROGRA~3\SavvinShop deleted

C:\PROGRA~2\PC Speed Up deleted

C:\user.js deleted

C:\Users\Justin Daymude\AppData\Roaming\appdataFr2.bin deleted

C:\Users\Justin Daymude\AppData\Roaming\RHEng deleted

C:\PROGRA~3\Best Buy pc app deleted

C:\PROGRA~3\Tarma Installer deleted

C:\PROGRA~3\Package Cache deleted

C:\PROGRA~3\Trymedia deleted

C:\Users\Justin Daymude\AppData\Local\APN deleted

C:\Users\Justin Daymude\AppData\Local\WhiteListing deleted

C:\Users\Justin Daymude\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

C:\Users\Justin Daymude\AppData\LocalLow\AVG Security Toolbar deleted

C:\Users\Justin Daymude\AppData\LocalLow\Company deleted

C:\Users\Justin Daymude\AppData\LocalLow\TB deleted

C:\Users\Justin Daymude\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} deleted

C:\Users\Justin Daymude\AppData\LocalLow\{FAECC00E-8025-47C7-94A5-DCC838C392A1} deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Security Toolbar deleted

C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted

C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job deleted

C:\windows\SysNative\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv deleted

C:\windows\SysNative\Tasks\LaunchSignup deleted

C:\windows\SysNative\tasks\USTSPCO-USTSPCOOneClickCare deleted

C:\Windows\SysNative\config\systemprofile\Searches deleted

C:\windows\SysNative\GroupPolicy\Machine deleted

C:\windows\SysNative\GroupPolicy\User deleted

C:\windows\SysNative\GroupPolicy\GPT.INI deleted

C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted

C:\Users\JUSTIN~1\AppData\Roaming\Mozilla\Firefox\Profiles\9cWf1Pvy.default\extensions\abs@avira.com deleted

 

==== System Specs ======================

 

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 3895 MB

CPU Info: Intel® Core™ i3 CPU       M 380  @ 2.53GHz

CPU Speed: 2581.2 MHz

Sound Card: Speakers (High Definition Audio |

Display Adapters: Intel® HD Graphics | Intel® HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Generic PnP Monitor |

Screen Resolution: 1360 X 768 - 32 bit

Network: Network Present

Network Adapters: Broadcom Virtual Wireless Adapter | DW1501 Wireless-N WLAN Half-Mini Card

CD / DVD Drives: 1x (D: | ) D: MATbleepADVD+-RW UJ8B1

Ports: COM Ports NOT Present. LPT Port NOT Present.

Mouse: 5 Button Wheel Mouse Present

Hard Disks: C:  451.0GB

Hard Disks - Free: C:  372.9GB

Manufacturer *: Dell Inc.

BIOS Info: AT/AT COMPATIBLE | 01/09/10 | DELL   - 1072009

Time Zone: Mountain Standard Time

Motherboard *: Dell Inc. 0WXY9J

Country: United States

Language: ENU

 

==== System Specs (Software) ======================

 

Internet Explorer version: 8.0.7601.17514

Adobe Reader version: 9.5.3.305

Sun Java version: 1.7.0_51 (32-bit)

Sun Java version: 1.6.0_24 (64-bit)

Flash Player version: 18.0.0.232

 

==== Files Recently Created / Modified ======================

 

====== C:\Windows ====

2015-08-21 00:10:34     4E08299DD63B94AC3D3A5C3A39D0B120    21755830    ----a-w-      C:\Windows\repository.backup

2015-08-17 03:54:01     B32189BDFF6E577A92BAA61AD49264E6    193536      ----a-w-      C:\Windows\notepad.exe

====== C:\Users\JUSTIN~1\AppData\Local\Temp ====

2015-08-14 12:29:20     5F09D271B8F4A62FC087E0D5452D2EC8    681097      ----a-w-      C:\Users\Justin Daymude\AppData\Local\Temp\sqlite3.dll

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2015-08-19 04:16:00     82A2049AE09A6966B10D42D1926902A0    6034432     ----a-w-      C:\Windows\SysWOW64\mshtml.dll

2015-08-19 04:16:00     3181AF5E342745CC6F63F6EF2F81935B    1638912     ----a-w-      C:\Windows\SysWOW64\mshtml.tlb

2015-08-17 12:46:24     4FA66A573E9A45D05AD5A25B1E76A35D    103120      ----a-w-      C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2015-08-17 05:04:53     12196309176ED078F0234373DB4534FF    11031040    ----a-w-      C:\Windows\SysWOW64\ieframe.dll

2015-08-17 05:04:52     D2767D6F3AA393A653402079D9B6C566    428544      ----a-w-      C:\Windows\SysWOW64\vbscript.dll

2015-08-17 05:04:51     FDDBC680BDA6E502736BDBC692571B91    2088448     ----a-w-      C:\Windows\SysWOW64\iertutil.dll

2015-08-17 05:04:51     9416705320EA2DE0807E0F58231B0DA2    1267712     ----a-w-      C:\Windows\SysWOW64\urlmon.dll

2015-08-17 05:04:51     1BEA6C668F1C4F451EC2E90F7E17B1CB    981504      ----a-w-      C:\Windows\SysWOW64\wininet.dll

2015-08-17 05:04:48     C58A9FCCE262F732EEDF973D7BDD5057    1466368     ----a-w-      C:\Windows\SysWOW64\inetcpl.cpl

2015-08-17 05:04:48     9439F30FF77FABE757FE3782D80FE1E4    389120      ----a-w-      C:\Windows\SysWOW64\iedkcs32.dll

2015-08-17 05:04:47     EDFB4B3FADA805448C9CE573F2DF6BD8    627712      ----a-w-      C:\Windows\SysWOW64\msfeeds.dll

2015-08-17 05:04:47     4AC582F3B8E82F94383585CFEDB56B5F    142848      ----a-w-      C:\Windows\SysWOW64\ieUnatt.exe

2015-08-17 05:04:46     3DB13861E4629A504649DD73E23CDB4B    229376      ----a-w-      C:\Windows\SysWOW64\webcheck.dll

2015-08-17 05:04:45     CD345F0702B95521E2F891A1CB309A06    64512 ----a-w-      C:\Windows\SysWOW64\msfeedsbs.dll

2015-08-17 05:04:45     BC614704BA600F2290C8F77BACB1368E    176640      ----a-w-      C:\Windows\SysWOW64\ieui.dll

2015-08-17 05:04:45     A627A4EB5DBB8A7007BF1A06D2B9663B    195072      ----a-w-      C:\Windows\SysWOW64\msrating.dll

2015-08-17 05:04:45     643ABC8E4EC5D4AD8914966AC1114504    624640      ----a-w-      C:\Windows\SysWOW64\mstime.dll

2015-08-17 05:04:45     54B59218FBD50251AFC8E2EDF52CA1FA    153088      ----a-w-      C:\Windows\SysWOW64\occache.dll

2015-08-17 05:04:45     54A99BA71FEFE375C9EF72ED676F1E06    186368      ----a-w-      C:\Windows\SysWOW64\iepeers.dll

2015-08-17 05:04:45     1B2F5A12D80305E70667BC076E8C3B51    216064      ----a-w-      C:\Windows\SysWOW64\dxtrans.dll

2015-08-17 05:04:45     12A8E7E6A43967606C5C87A5E6FCDF3A    67584 ----a-w-      C:\Windows\SysWOW64\mshtmled.dll

2015-08-17 05:04:45     08CC333FEBC0BD60B3CF5867CFCC89B8    717824      ----a-w-      C:\Windows\SysWOW64\jscript.dll

2015-08-17 05:04:44     E517E76AB808452A863D00A3CFFA3D64    345600      ----a-w-      C:\Windows\SysWOW64\dxtmsft.dll

2015-08-17 05:04:44     C8600CFF87E1EEE07E8E73DC23F17A91    44544 ----a-w-      C:\Windows\SysWOW64\licmgr10.dll

2015-08-17 05:04:44     AB2E326531B7BB4D38D42A1E356A4069    18944 ----a-w-      C:\Windows\SysWOW64\corpol.dll

2015-08-17 05:04:43     7820D6B6373547D3C04B42243623F8D7    386560      ----a-w-      C:\Windows\SysWOW64\html.iec

2015-08-17 05:04:43     6ABDA50F76CFF38549D10C93921DC094    48128 ----a-w-      C:\Windows\SysWOW64\jsproxy.dll

2015-08-17 05:04:43     311BD02BABA39A9DE3E32B2A89E0A9A3    132096      ----a-w-      C:\Windows\SysWOW64\url.dll

2015-08-17 05:04:43     0B81B3366B9B7644BD7456DFBB8312DA    15872 ----a-w-      C:\Windows\SysWOW64\msfeedssync.exe

2015-08-17 05:04:43     01DEDE18396204ABE19027BA9BA46A12    50176 ----a-w-      C:\Windows\SysWOW64\mshta.exe

2015-08-17 04:18:03     6E91F67335D57DDFFE798C815444B0E3    210432      ----a-w-      C:\Windows\SysWOW64\cewmdm.dll

2015-08-17 04:17:31     FE748FEAA8A5A7677DA1C2C6CE405ADE    248832      ----a-w-      C:\Windows\SysWOW64\schannel.dll

2015-08-17 04:17:31     FC85BC746818EE9B5181EA0B1C882778    552960      ----a-w-      C:\Windows\SysWOW64\kerberos.dll

2015-08-17 04:17:31     37CE74C8094AD7D1D3B79A8D2849803E    665088      ----a-w-      C:\Windows\SysWOW64\rpcrt4.dll

2015-08-17 04:17:31     15400F593C9023CDC1D144C30BBDA47A    259584      ----a-w-      C:\Windows\SysWOW64\msv1_0.dll

2015-08-17 04:17:30     DC18FFFF3175376ABD38E6D48309F7F9    3934656     ----a-w-      C:\Windows\SysWOW64\ntoskrnl.exe

2015-08-17 04:17:28     1EA1328207A915C9EB10AA1D102C0B52    686080      ----a-w-      C:\Windows\SysWOW64\adtschema.dll

2015-08-17 04:17:27     6C95D6264810F816E92780E7DB81F7B1    3989952     ----a-w-      C:\Windows\SysWOW64\ntkrnlpa.exe

2015-08-17 04:17:27     5792E7C663FAA39335D4F787B9499490    1311768     ----a-w-      C:\Windows\SysWOW64\ntdll.dll

2015-08-17 04:17:24     650B603F5C040727788F19AD0B8D09BC    221184      ----a-w-      C:\Windows\SysWOW64\ncrypt.dll

2015-08-17 04:17:23     A38E10B4143A19F32D64517B6A1FCB98    1114112     ----a-w-      C:\Windows\SysWOW64\kernel32.dll

2015-08-17 04:17:23     51C161D5638465251857B2207BD535CB    172032      ----a-w-      C:\Windows\SysWOW64\wdigest.dll

2015-08-17 04:17:23     4C2D57F3DDBC07D3CC59160CDC400AC0    65536 ----a-w-      C:\Windows\SysWOW64\TSpkg.dll

2015-08-17 04:17:18     A2C5FAE51BC43B29525AAA5BF0B31259    50176 ----a-w-      C:\Windows\SysWOW64\auditpol.exe

2015-08-17 04:17:18     75706C0F199BC7658A98BEE452964587    36864 ----a-w-      C:\Windows\SysWOW64\cryptbase.dll

2015-08-17 04:17:18     0A4CE9AAA18F9DE7414C1E7BE572F5FA    274944      ----a-w-      C:\Windows\SysWOW64\KernelBase.dll

2015-08-17 04:17:18     086A1544FACAA91CD6F95FC4CDE16913    25600 ----a-w-      C:\Windows\SysWOW64\setup16.exe

2015-08-17 04:17:17     E70054ADA6AAB84659AB20D137747ACF    43008 ----a-w-      C:\Windows\SysWOW64\srclient.dll

2015-08-17 04:17:17     8A82C9C4A205266DC22BB1C8F2E1AB2D    17408 ----a-w-      C:\Windows\SysWOW64\credssp.dll

2015-08-17 04:17:17     3982911B4C4F42B156D7347C1543CF9F    22016 ----a-w-      C:\Windows\SysWOW64\secur32.dll

2015-08-17 04:17:17     2506A1507B7CBFE069BC0289349786ED    14336 ----a-w-      C:\Windows\SysWOW64\ntvdm64.dll

2015-08-17 04:17:17     008BDC16E15B3B6EFB6E8B6684022F36    146432      ----a-w-      C:\Windows\SysWOW64\msaudite.dll

2015-08-17 04:17:16     DD8BCBBC1C383F38F284E25CE39C136C    96768 ----a-w-      C:\Windows\SysWOW64\sspicli.dll

2015-08-17 04:17:16     D5F9C627C221A3B4B6944EDBE90D642C    60416 ----a-w-      C:\Windows\SysWOW64\msobjs.dll

2015-08-17 04:17:15     9E94CD7C6CBDC2C9B6A87AD9D5E4EF80    5120  ----a-w-      C:\Windows\SysWOW64\wow32.dll

2015-08-17 04:17:11     C899E7E3A4F42B802DA1E97F9908BD26    6656  ----a-w-      C:\Windows\SysWOW64\apisetschema.dll

2015-08-17 04:17:10     832494A551C2B2CCB616B2BE13A696A1    7680  ----a-w-      C:\Windows\SysWOW64\instnm.exe

2015-08-17 04:17:09     03A179385219FD37CDFB3E603F912CA7    2048  ----a-w-      C:\Windows\SysWOW64\user.exe

2015-08-17 04:13:14     44886B1E7B230F39BF3789E0EC748765    4922368     ----a-w-      C:\Windows\SysWOW64\mstscax.dll

2015-08-17 04:13:13     C49240FA601351BBFB1EE30906EA5B29    37376 ----a-w-      C:\Windows\SysWOW64\tsgqec.dll

2015-08-17 04:13:13     11741998816D58791B62A6BB3DDA461D    269824      ----a-w-      C:\Windows\SysWOW64\aaclient.dll

2015-08-17 04:13:10     55C70654420DBF429604FD567E6F3CD3    206848      ----a-w-      C:\Windows\SysWOW64\WebClnt.dll

2015-08-17 04:13:09     6B003E11CDBDA3B45A3D16E5A9D3F73B    82432 ----a-w-      C:\Windows\SysWOW64\davclnt.dll

2015-08-17 04:13:06     EA1BE72A8CD5CEA7B6E6649D1FD78BA1    1241088     ----a-w-      C:\Windows\SysWOW64\msxml3.dll

2015-08-17 04:13:06     B6F9E4CDA3069B03F654B650A5379E60    2048  ----a-w-      C:\Windows\SysWOW64\msxml3r.dll

2015-08-17 04:13:06     127EE7F36CEA127ECCA55BECBC230398    2048  ----a-w-      C:\Windows\SysWOW64\msxml6r.dll

2015-08-17 04:13:06     121E2E789BE080EB86DA71F95B611DF2    1390592     ----a-w-      C:\Windows\SysWOW64\msxml6.dll

2015-08-17 04:05:02     143046AC227C193B5B2E0E20BC0CF1DD    312320      ----a-w-      C:\Windows\SysWOW64\gdi32.dll

2015-08-17 03:56:37     4548507ED3C17DB4739DBBEAF6378004    1414656     ----a-w-      C:\Windows\SysWOW64\ole32.dll

2015-08-17 03:56:31     F4AFDB5ABEA0C9079E8193E24D1DB21D    1174528     ----a-w-      C:\Windows\SysWOW64\crypt32.dll

2015-08-17 03:56:31     33F67BBCC3C0499D3F3382473114CFA8    143872      ----a-w-      C:\Windows\SysWOW64\cryptsvc.dll

2015-08-17 03:56:29     D864C283FFD7C080FDC25FD4C798FF8D    103936      ----a-w-      C:\Windows\SysWOW64\cryptnet.dll

2015-08-17 03:56:29     588D52C2D0E60EE71FD5A64407865B10    179200      ----a-w-      C:\Windows\SysWOW64\wintrust.dll

2015-08-17 03:54:51     D7C4ABB0F1FFA371928EED0C7A6E24DC    2364416     ----a-w-      C:\Windows\SysWOW64\msi.dll

2015-08-17 03:54:51     7B4277F9E9F48D5D8E6AEA341F8048E8    1805824     ----a-w-      C:\Windows\SysWOW64\authui.dll

2015-08-17 03:54:49     F61A069A5517F85662ED9A6C5AD5445A    73216 ----a-w-      C:\Windows\SysWOW64\msiexec.exe

2015-08-17 03:54:49     C08582E7F8EA706A2D4A3C7BD5AC35C1    337408      ----a-w-      C:\Windows\SysWOW64\msihnd.dll

2015-08-17 03:54:48     A344B1EFA7DB86AE1407039CD596FB1E    25088 ----a-w-      C:\Windows\SysWOW64\msimsg.dll

2015-08-17 03:54:14     CE21524C53E9671A7108B28FB9B4E474    1251328     ----a-w-      C:\Windows\SysWOW64\DWrite.dll

2015-08-17 03:54:13     680D463893C9846CC6A1DA6012DD0FE5    299520      ----a-w-      C:\Windows\SysWOW64\atmfd.dll

2015-08-17 03:54:07     965CFC7687F0D188F215DC142FC8F6A1    1987584     ----a-w-      C:\Windows\SysWOW64\d3d10warp.dll

2015-08-17 03:54:07     400C20D6967A83EA69D6953EBB8D3FA3    34304 ----a-w-      C:\Windows\SysWOW64\atmlib.dll

2015-08-17 03:54:06     9E2F12744DD9810961031C56FBB691F4    25600 ----a-w-      C:\Windows\SysWOW64\lpk.dll

2015-08-17 03:54:06     7983F3481E89B96074FAE9AFCC24079C    70656 ----a-w-      C:\Windows\SysWOW64\fontsub.dll

2015-08-17 03:54:06     520AEC6C64AF2CFD74B469DB98611D4A    10240 ----a-w-      C:\Windows\SysWOW64\dciman32.dll

2015-08-17 03:54:01     A4F6DF0E33E644E802C8798ED94D80EA    179712      ----a-w-      C:\Windows\SysWOW64\notepad.exe

2015-08-17 03:53:53     4478348E3942AD9EED9AB263AFE7CD83    12875776    ----a-w-      C:\Windows\SysWOW64\shell32.dll

2015-08-17 03:53:47     FBECE2B32A3658AEB609DC5A1021100F    30208 ----a-w-      C:\Windows\SysWOW64\wups.dll

2015-08-17 03:53:47     E96D0EEAAE0446F664EE15703BB32A34    93184 ----a-w-      C:\Windows\SysWOW64\wudriver.dll

2015-08-17 03:53:47     A02515B58D318F427FBA64437FB0EDDF    566784      ----a-w-      C:\Windows\SysWOW64\wuapi.dll

2015-08-17 03:53:47     742AC3EF3C7C30F0EBF628D6D03BB399    34816 ----a-w-      C:\Windows\SysWOW64\wuapp.exe

2015-08-17 03:53:47     4447FD20A6B48D05E8392B6E18A194A8    173056      ----a-w-      C:\Windows\SysWOW64\wuwebv.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2015-08-19 04:16:01     2E0A34CB45A0F4026C2D0CB162980621    9068032     ----a-w-      C:\Windows\Sysnative\mshtml.dll

2015-08-19 04:16:00     A2DBCD17F7671EC6B5BB232722066EC5    1638912     ----a-w-      C:\Windows\Sysnative\mshtml.tlb

2015-08-17 12:46:24     52ED64BF80D360B0EA2B6E5F1504CDFF    124624      ----a-w-      C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll

2015-08-17 05:04:55     CDC156D65B3BAA4930293B524F9BE926    12304896    ----a-w-      C:\Windows\Sysnative\ieframe.dll

2015-08-17 05:04:54     C9DAA7774DE50664676585B1992E2A07    610816      ----a-w-      C:\Windows\Sysnative\vbscript.dll

2015-08-17 05:04:52     D1C9551CDA01DE4CE58C2EC216D562E0    2470912     ----a-w-      C:\Windows\Sysnative\iertutil.dll

2015-08-17 05:04:51     6B09887FE31C92CD67A08B6FCE131E11    1539584     ----a-w-      C:\Windows\Sysnative\urlmon.dll

2015-08-17 05:04:51     0C00E73AB18B2347C4667D36150F6987    174592      ----a-w-      C:\Windows\Sysnative\ieUnatt.exe

2015-08-17 05:04:50     5CFAB9F8E847372D809426AF436B9DCC    1188864     ----a-w-      C:\Windows\Sysnative\wininet.dll

2015-08-17 05:04:49     6E20481AEF8043910EEE58D135CAAF4E    1538048     ----a-w-      C:\Windows\Sysnative\inetcpl.cpl

2015-08-17 05:04:48     327FDDB635ABAA4BEED1996C944AE9BF    445952      ----a-w-      C:\Windows\Sysnative\iedkcs32.dll

2015-08-17 05:04:47     A4A900A5FD778EF9E035012262F1818B    290304      ----a-w-      C:\Windows\Sysnative\webcheck.dll

2015-08-17 05:04:46     F9DAB873147B4522F4DF9CC099066D17    1031168     ----a-w-      C:\Windows\Sysnative\mstime.dll

2015-08-17 05:04:46     AA3B91CC410F0933AA69FE19073751A3    735232      ----a-w-      C:\Windows\Sysnative\msfeeds.dll

2015-08-17 05:04:45     C4A2AD36A6F4A4FB7488D300318A9E26    247808      ----a-w-      C:\Windows\Sysnative\ieui.dll

2015-08-17 05:04:45     BD6002594AE0CDD6571C9B40F2C3FFC9    97280 ----a-w-      C:\Windows\Sysnative\mshtmled.dll

2015-08-17 05:04:45     9CF639524D43D344316220B33C629D1F    241152      ----a-w-      C:\Windows\Sysnative\msrating.dll

2015-08-17 05:04:45     97043020C0E9E4EC171E9CD4A459A142    189952      ----a-w-      C:\Windows\Sysnative\occache.dll

2015-08-17 05:04:45     834B90D1D245ABC246A75AB44B63A209    911360      ----a-w-      C:\Windows\Sysnative\jscript.dll

2015-08-17 05:04:45     1F5AB34AF9CD6237C77D3527AB2BEACB    82944 ----a-w-      C:\Windows\Sysnative\msfeedsbs.dll

2015-08-17 05:04:45     1AEEF602D80DA81A93D6BB512216B10F    252928      ----a-w-      C:\Windows\Sysnative\iepeers.dll

2015-08-17 05:04:45     190F09B4FEA683C734AC6C38B051C48B    314880      ----a-w-      C:\Windows\Sysnative\dxtrans.dll

2015-08-17 05:04:44     5F732CD5D8DCD6711E4E387F10B86166    495616      ----a-w-      C:\Windows\Sysnative\dxtmsft.dll

2015-08-17 05:04:44     449F8A65790FE29F608057BE3512111C    57856 ----a-w-      C:\Windows\Sysnative\licmgr10.dll

2015-08-17 05:04:44     43FAE3E2833B00E497810C79F246CA27    16384 ----a-w-      C:\Windows\Sysnative\msfeedssync.exe

2015-08-17 05:04:44     05A024B59E21E74CD057634DC0E29286    22528 ----a-w-      C:\Windows\Sysnative\corpol.dll

2015-08-17 05:04:43     F23ED09608A64BBCA850AAEB267AE920    47616 ----a-w-      C:\Windows\Sysnative\mshta.exe

2015-08-17 05:04:43     DB74886FB4894D401A05DED8848F3323    134144      ----a-w-      C:\Windows\Sysnative\url.dll

2015-08-17 05:04:43     9D3DE22772035C18A5F9480E5E75AC4A    483328      ----a-w-      C:\Windows\Sysnative\html.iec

2015-08-17 05:04:43     992288405CCAB472B88EA2B102CDDC40    64512 ----a-w-      C:\Windows\Sysnative\jsproxy.dll

2015-08-17 04:18:03     60696836CAD56F1B47059E1BA739787D    254976      ----a-w-      C:\Windows\Sysnative\cewmdm.dll

2015-08-17 04:17:56     DD91D9EAAA415B26EB30EC9CF768BF03    743424      ----a-w-      C:\Windows\Sysnative\generaltel.dll

2015-08-17 04:17:55     EEAFBC5A31C68438AF67531C52410A3D    227328      ----a-w-      C:\Windows\Sysnative\aepdu.dll

2015-08-17 04:17:55     EC9178A8037D3EF938F38B6793EAF990    774656      ----a-w-      C:\Windows\Sysnative\invagent.dll

2015-08-17 04:17:55     A3D0A038A6C03E368E80CDDEFC473140    1148416     ----a-w-      C:\Windows\Sysnative\aeinv.dll

2015-08-17 04:17:55     4FEB4397B066DEEDDDED0D1CEDA1C887    69120 ----a-w-      C:\Windows\Sysnative\acmigration.dll

2015-08-17 04:17:55     400E0B72AEB663360E1A3AB33DDD6A87    1116672     ----a-w-      C:\Windows\Sysnative\appraiser.dll

2015-08-17 04:17:55     36DA2E5BD218764CB48B8A13CF0B091F    437760      ----a-w-      C:\Windows\Sysnative\devinv.dll

2015-08-17 04:17:54     E99A30142A108B11381C47B0A30283B0    17344 ----a-w-      C:\Windows\Sysnative\CompatTelRunner.exe

2015-08-17 04:17:50     F6D23F6707CAEA235E4C84A4AC87EB2A    3180544     ----a-w-      C:\Windows\Sysnative\rdpcorets.dll

2015-08-17 04:17:49     960D313FFBC9C4C14D9DFDB1FEB21CBD    16384 ----a-w-      C:\Windows\Sysnative\RdpGroupPolicyExtension.dll

2015-08-17 04:17:32     B9A07A9807A4BAC067498CC8D77F3D4D    5568960     ----a-w-      C:\Windows\Sysnative\ntoskrnl.exe

2015-08-17 04:17:32     AF249D7461E228EBBD1C7E98D99B3B12    1461760     ----a-w-      C:\Windows\Sysnative\lsasrv.dll

2015-08-17 04:17:32     A0502BF52867F00FD9C67D1C355F6C91    1216512     ----a-w-      C:\Windows\Sysnative\rpcrt4.dll

2015-08-17 04:17:32     6DC249682EA708DA1C4B5CBD9C016F21    729088      ----a-w-      C:\Windows\Sysnative\kerberos.dll

2015-08-17 04:17:32     46041293D887F4D89979874015F26B30    342016      ----a-w-      C:\Windows\Sysnative\schannel.dll

2015-08-17 04:17:31     72585BDAF2EC5237EBD71D540657D6A2    1163264     ----a-w-      C:\Windows\Sysnative\kernel32.dll

2015-08-17 04:17:31     6518A42BE5B157EF3DC3ED4F8BE4CA46    315392      ----a-w-      C:\Windows\Sysnative\msv1_0.dll

2015-08-17 04:17:31     3F63C62D9183235792A46C0B66EAAD04    1730496     ----a-w-      C:\Windows\Sysnative\ntdll.dll

2015-08-17 04:17:28     2E730941CC5BF6200A4F56D1E9C24AAD    1743360     ----a-w-      C:\Windows\Sysnative\sysmain.dll

2015-08-17 04:17:28     25AADF664F576D1C264F8AC27B4838DF    686080      ----a-w-      C:\Windows\Sysnative\adtschema.dll

2015-08-17 04:17:27     7245C8C33397B90E376B9BB54E2A96C8    309760      ----a-w-      C:\Windows\Sysnative\ncrypt.dll

2015-08-17 04:17:24     61024C6DE4EEBC6BCC92422F0AE3CE94    86528 ----a-w-      C:\Windows\Sysnative\TSpkg.dll

2015-08-17 04:17:23     D6431591DEED9D47E9266890FB2BFBBC    210944      ----a-w-      C:\Windows\Sysnative\wdigest.dll

2015-08-17 04:17:19     E80CA72FA43BF258E72C408CEF9839BE    215040      ----a-w-      C:\Windows\Sysnative\winsrv.dll

2015-08-17 04:17:19     DAF50D708FF79AC4AE0A1C256A9BEE33    243712      ----a-w-      C:\Windows\Sysnative\wow64.dll

2015-08-17 04:17:19     B892459EC8441FFB9E045CCE73862868    424960      ----a-w-      C:\Windows\Sysnative\KernelBase.dll

2015-08-17 04:17:19     99D1FAA337A4EF3C33E256C79DC708F8    296960      ----a-w-      C:\Windows\Sysnative\rstrui.exe

2015-08-17 04:17:19     53632BBEFB00BDA1DCFC9E155E0C6B53    43520 ----a-w-      C:\Windows\Sysnative\csrsrv.dll

2015-08-17 04:17:19     35766EDA62E3FA02B897182219EEDF8A    503808      ----a-w-      C:\Windows\Sysnative\srcore.dll

2015-08-17 04:17:19     354D59027DE2BFB3A63E8E7DBAF081D8    338432      ----a-w-      C:\Windows\Sysnative\conhost.exe

2015-08-17 04:17:18     EBB9C6638109A3486EBA51D28837495C    64000 ----a-w-      C:\Windows\Sysnative\auditpol.exe

2015-08-17 04:17:18     E615E2FF68D64B52CEFDCD24332D61F5    136192      ----a-w-      C:\Windows\Sysnative\sspicli.dll

2015-08-17 04:17:18     98AFEF63F857FA67FA1BDD3969F40366    50176 ----a-w-      C:\Windows\Sysnative\srclient.dll

2015-08-17 04:17:18     98432481E11B9EDB54A2B069E465D1CB    44032 ----a-w-      C:\Windows\Sysnative\cryptbase.dll

2015-08-17 04:17:18     55C48343919A72B0C8F5C42E4C798FCA    112640      ----a-w-      C:\Windows\Sysnative\smss.exe

2015-08-17 04:17:18     0D48E93C6BE3143C0198CB252B992D16    31232 ----a-w-      C:\Windows\Sysnative\lsass.exe

2015-08-17 04:17:17     FFAD95FF2FE4B14F91E437E03D1F68BA    146432      ----a-w-      C:\Windows\Sysnative\msaudite.dll

2015-08-17 04:17:17     E6D24098FDB4A9C29007696B79389DB9    16384 ----a-w-      C:\Windows\Sysnative\ntvdm64.dll

2015-08-17 04:17:17     7ADF0CB99051D1E0DB7F65DA1D8099F1    11264 ----a-w-      C:\Windows\Sysnative\msmmsp.dll

2015-08-17 04:17:17     219DF0B319E46EA2601D90101C4C330A    29184 ----a-w-      C:\Windows\Sysnative\sspisrv.dll

2015-08-17 04:17:17     1BE3823E3206785F2BA8F26B2FAD3FBE    28160 ----a-w-      C:\Windows\Sysnative\secur32.dll

2015-08-17 04:17:17     0797A4FDBA2766B88FB563BBB7646FCE    22016 ----a-w-      C:\Windows\Sysnative\credssp.dll

2015-08-17 04:17:16     BD6BDB13F5D8FA13166CF8B3CBD6976A    13312 ----a-w-      C:\Windows\Sysnative\wow64cpu.dll

2015-08-17 04:17:16     77E88D36E88FDC825DCCBF269F81ED3E    362496      ----a-w-      C:\Windows\Sysnative\wow64win.dll

2015-08-17 04:17:16     46CB68A774B67187B722FA1156672A23    60416 ----a-w-      C:\Windows\Sysnative\msobjs.dll

2015-08-17 04:17:11     BC48CD24D35FA0E18D66A97E502BFAE2    6656  ----a-w-      C:\Windows\Sysnative\apisetschema.dll

2015-08-17 04:14:45     168EA9CD9BD6056BB6F60B57D5304BBE    52736 ----a-w-      C:\Windows\Sysnative\basesrv.dll

2015-08-17 04:13:15     FCCEC2081623C9F4CF87FE596C344D3D    5779456     ----a-w-      C:\Windows\Sysnative\mstscax.dll

2015-08-17 04:13:13     8E43FDE7430E7F9B25D0556CA33013FC    44032 ----a-w-      C:\Windows\Sysnative\tsgqec.dll

2015-08-17 04:13:13     0EEB15058126F30607D29DAEFA2BE55B    322560      ----a-w-      C:\Windows\Sysnative\aaclient.dll

2015-08-17 04:13:10     4E89FC53493704BF835F0300DC201C34    260096      ----a-w-      C:\Windows\Sysnative\WebClnt.dll

2015-08-17 04:13:09     16FD9A0F6EDEF091A72D7D3B77574008    102912      ----a-w-      C:\Windows\Sysnative\davclnt.dll

2015-08-17 04:13:07     32A74A5BC52EF569BC65252AF6F28578    1887232     ----a-w-      C:\Windows\Sysnative\msxml3.dll

2015-08-17 04:13:06     40EA064E91C6A63FDBC83259FC5BD4F8    2004992     ----a-w-      C:\Windows\Sysnative\msxml6.dll

2015-08-17 04:13:06     22DC6C17443DECC9EBE258220906DCAC    2048  ----a-w-      C:\Windows\Sysnative\msxml6r.dll

2015-08-17 04:13:05     99119778A8E44F077E46B0870B8DD6A8    2048  ----a-w-      C:\Windows\Sysnative\msxml3r.dll

2015-08-17 04:05:02     EFFFE1C77ACCE66C82CCFD18A9687F48    404992      ----a-w-      C:\Windows\Sysnative\gdi32.dll

2015-08-17 03:56:37     E3EB94B45A2735D4559558B5899732E8    2087424     ----a-w-      C:\Windows\Sysnative\ole32.dll

2015-08-17 03:56:31     7BC3E861F7E8EB543A630090FAE779E0    188416      ----a-w-      C:\Windows\Sysnative\cryptsvc.dll

2015-08-17 03:56:30     71187FA11F58012C188453877E16EB8B    1480192     ----a-w-      C:\Windows\Sysnative\crypt32.dll

2015-08-17 03:56:29     C5752F5CE47B6B00F914AE91087C0CB4    229376      ----a-w-      C:\Windows\Sysnative\wintrust.dll

2015-08-17 03:56:29     7EE0A3B9E904AF4744E4D8F00CB5CA32    140288      ----a-w-      C:\Windows\Sysnative\cryptnet.dll

2015-08-17 03:54:52     D9A91A779B5059E72D7FAD2B38275EA4    3242496     ----a-w-      C:\Windows\Sysnative\msi.dll

2015-08-17 03:54:51     5489E74E56C0255159C8AE2C70744458    1941504     ----a-w-      C:\Windows\Sysnative\authui.dll

2015-08-17 03:54:50     81CB8D34112178CE1826C86BA5F268C3    128000      ----a-w-      C:\Windows\Sysnative\msiexec.exe

2015-08-17 03:54:49     CDAD406033C31DB34185DDAECDD35FE2    504320      ----a-w-      C:\Windows\Sysnative\msihnd.dll

2015-08-17 03:54:49     0D9514850CC3A99A6600643F2888858B    112064      ----a-w-      C:\Windows\Sysnative\consent.exe

2015-08-17 03:54:48     978DC0A1FBE9CC91B21B40AF66CB396A    70656 ----a-w-      C:\Windows\Sysnative\appinfo.dll

2015-08-17 03:54:48     91593D4FB7D89249014564A5F3EC389B    25088 ----a-w-      C:\Windows\Sysnative\msimsg.dll

2015-08-17 03:54:15     DB94C47BD7F2AD9C58DEC46026D5FD08    1648128     ----a-w-      C:\Windows\Sysnative\DWrite.dll

2015-08-17 03:54:15     D5A775990A7C202A037378FDBCDB6141    1180160     ----a-w-      C:\Windows\Sysnative\FntCache.dll

2015-08-17 03:54:14     F8C0AF84AB602D395FFC89BC7CF3CE18    372736      ----a-w-      C:\Windows\Sysnative\atmfd.dll

2015-08-17 03:54:13     F97A0CFC495C92FF2F6A03933157D115    3208192     ----a-w-      C:\Windows\Sysnative\win32k.sys

2015-08-17 03:54:08     15113A4CD09E0F06894495FCE8BF2BF8    46080 ----a-w-      C:\Windows\Sysnative\atmlib.dll

2015-08-17 03:54:08     0365E7AED8A38CB5FFF1DFB4458C0593    41984 ----a-w-      C:\Windows\Sysnative\lpk.dll

2015-08-17 03:54:07     D4FB2E00F49711C9DD3E2C2646D7C767    2565120     ----a-w-      C:\Windows\Sysnative\d3d10warp.dll

2015-08-17 03:54:07     52DE81006E192EAA09B3BDE763D80BC8    14336 ----a-w-      C:\Windows\Sysnative\dciman32.dll

2015-08-17 03:54:06     B45F7BC413F905ECA9DE679E3FF09472    100864      ----a-w-      C:\Windows\Sysnative\fontsub.dll

2015-08-17 03:54:01     B32189BDFF6E577A92BAA61AD49264E6    193536      ----a-w-      C:\Windows\Sysnative\notepad.exe

2015-08-17 03:53:55     733BC760342A816D3B5A8CE2C7EF1D92    14177280    ----a-w-      C:\Windows\Sysnative\shell32.dll

2015-08-17 03:53:47     DE1B5089D48291BD81F6A5CCFB832E53    36864 ----a-w-      C:\Windows\Sysnative\wups.dll

2015-08-17 03:53:47     D1E38F98DDA581BF70B6A89882E6E6F6    12288 ----a-w-      C:\Windows\Sysnative\wu.upgrade.ps.dll

2015-08-17 03:53:47     C980982C7F8ECB462C52CBEC759CBBDC    3154944     ----a-w-      C:\Windows\Sysnative\wucltux.dll

2015-08-17 03:53:47     C0DA341908CC3A0209A63FBD4B521C2A    91136 ----a-w-      C:\Windows\Sysnative\WinSetupUI.dll

2015-08-17 03:53:47     B0FBE5C8E18EB3BD677846DAB54037D5    696320      ----a-w-      C:\Windows\Sysnative\wuapi.dll

2015-08-17 03:53:47     A6848EF3860E81A835AA4982ADBA1884    37888 ----a-w-      C:\Windows\Sysnative\wups2.dll

2015-08-17 03:53:47     7CFCC5210E226AA85F2A21098FA01F29    37376 ----a-w-      C:\Windows\Sysnative\wuapp.exe

2015-08-17 03:53:47     6FDC1FAD277AEF0A89B0D28F5675679C    139776      ----a-w-      C:\Windows\Sysnative\wuauclt.exe

2015-08-17 03:53:47     499034D7F1F6AF49F9EE12F8822793CB    2606080     ----a-w-      C:\Windows\Sysnative\wuaueng.dll

2015-08-17 03:53:47     1956D89C3E24A8388840489371B3A428    98304 ----a-w-      C:\Windows\Sysnative\wudriver.dll

2015-08-17 03:53:47     0F72B73EBE4F6F86EE569598D377165E    192000      ----a-w-      C:\Windows\Sysnative\wuwebv.dll

====== C:\Windows\Sysnative\drivers =====

2015-08-17 04:17:31     552FA62B0EFECD22D8D52499324BCA4F    290816      ----a-w-      C:\Windows\Sysnative\drivers\mrxsmb10.sys

2015-08-17 04:17:31     522A1595D5701800DD41B2D472F5AAED    155584      ----a-w-      C:\Windows\Sysnative\drivers\ksecpkg.sys

2015-08-17 04:17:24     B2081803D510DCE174992BA880EDCA70    159232      ----a-w-      C:\Windows\Sysnative\drivers\mrxsmb.sys

2015-08-17 04:17:24     97687971F9CB30E2633DE0F1296B9F61    129024      ----a-w-      C:\Windows\Sysnative\drivers\mrxsmb20.sys

2015-08-17 04:17:24     67050452C0118BAF2883928E6FCCFE47    94656 ----a-w-      C:\Windows\Sysnative\drivers\mountmgr.sys

2015-08-17 04:17:23     67A1743377EBB5D9A370A8C2086CFDCC    95680 ----a-w-      C:\Windows\Sysnative\drivers\ksecdd.sys

2015-08-17 02:54:26     9C3AC71A9934B884FAC567A8807E9C4D    31800 ----a-w-      C:\Windows\Sysnative\drivers\revoflt.sys

====== C:\Windows\Tasks ======

2015-08-19 04:41:40     786BFA1452A2A73D40CAE9CDC35779BA    2986  ----a-w-      C:\Windows\Sysnative\Tasks\{A8D0D52F-0A5F-4461-9071-C4FE16B2BE2A}

2015-08-19 04:35:52     786BFA1452A2A73D40CAE9CDC35779BA    2986  ----a-w-      C:\Windows\Sysnative\Tasks\{1EBEB595-4855-4E83-8BEE-D514D0C3217B}

2015-08-19 04:35:51     786BFA1452A2A73D40CAE9CDC35779BA    2986  ----a-w-      C:\Windows\Sysnative\Tasks\{5B9D3600-29BF-49C6-AF35-EEDBF3A8C6B6}

2015-08-19 04:35:47     786BFA1452A2A73D40CAE9CDC35779BA    2986  ----a-w-      C:\Windows\Sysnative\Tasks\{470F6448-0C04-4206-9943-D9E3ECF86455}

2015-08-17 19:14:22     04F0828429912D8E74E05E7BFF94D610    3208  ----a-w-      C:\Windows\Sysnative\Tasks\{C166220C-6429-4469-8088-803A49898511}

====== C:\Windows\Temp ======

======= C:\Program Files =====

2015-08-17 02:54:24     --------    d-----w-    C:\Program Files\VS Revo Group

======= C:\PROGRA~2 =====

======= C: =====

2015-08-17 20:29:38     D41D8CD98F00B204E9800998ECF8427E    0     ----a-w-    C:\autoexec.bat

2015-08-17 19:41:03     9A8883C75584AC778ADA42522454A9A6    324   ----a-w-      C:\AdwCleaner[S8].txt

2015-08-17 19:40:35     58ABE87D8A97868F9E07BA8CE212E50B    324   ----a-w-      C:\AdwCleaner[S7].txt

2015-08-17 19:37:33     E6212282921917485604F7AE96A7118F    325   ----a-w-      C:\AdwCleaner[S6].txt

2015-08-17 18:45:27     1D52BBD13882F692F3C778258C76E9D7    325   ----a-w-      C:\AdwCleaner[S5].txt

2015-08-17 18:33:54     17D721327046A7DBB81323EA0B6036B7    325   ----a-w-      C:\AdwCleaner[S4].txt

2015-08-17 18:24:54     F6AF8545B47AA6F6F081831BB7F59CD2    325   ----a-w-      C:\AdwCleaner[S3].txt

2015-08-17 18:04:14     D5E6C401DE8CA38885B1F0654800C628    325   ----a-w-      C:\AdwCleaner[S2].txt

2015-08-17 18:02:53     C1572201B45A281E46613DF3D3671319    325   ----a-w-      C:\AdwCleaner[S1].txt

====== C:\Users\Justin Daymude\AppData\Roaming ======

2015-08-17 15:41:31     --------    d-----w-    C:\Users\Justin Daymude\AppData\Roaming\VS Revo Group

2015-08-17 14:58:03     --------    d-----w-      C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Adobe

2015-08-17 02:54:48     --------    d-----w-    C:\Users\Justin Daymude\AppData\Local\VS Revo Group

====== C:\Users\Justin Daymude ======

2015-08-19 06:45:00     A0844C730F1091B491A8737404F4C914    347816      ----a-w-      C:\Users\Justin Daymude\Desktop\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe

2015-08-19 04:29:08     40152CB85BD788AF67684D341ED0CF79    1585664     ----a-w-      C:\Users\Justin Daymude\Desktop\AdwCleaner.exe

2015-08-17 15:43:44     594E23DD0288855CE2F2335F25C42E34    6609608     ----a-w-      C:\Users\Justin Daymude\Downloads\ccsetup508.exe

2015-08-17 13:03:27     --------    d-----r-    C:\Users\Justin Daymude\Searches

2015-08-17 13:03:27     --------    d-----r-    C:\Users\Justin Daymude\Saved Games

2015-08-17 13:03:27     --------    d-----r-    C:\Users\Justin Daymude\Links

2015-08-17 03:41:12     --------    d-----w-    C:\Users\Public\Documents\Dell

2015-08-17 02:54:27     --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2015-08-17 02:54:26     --------    d-----w-    C:\ProgramData\VS Revo Group

2015-08-17 02:50:52     F0D0DD8E42BEBA742C65FF479FE99C8D    11069616    ----a-w-      C:\Users\Justin Daymude\Downloads\RevoUninProSetup.exe

 

====== C: exe-files ==

2015-08-19 06:45:00     A0844C730F1091B491A8737404F4C914    347816      ----a-w-      C:\Users\Justin Daymude\Desktop\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe

2015-08-19 04:29:08     40152CB85BD788AF67684D341ED0CF79    1585664     ----a-w-      C:\Users\Justin Daymude\Desktop\AdwCleaner.exe

2015-08-17 18:55:07     64E42747CB3B719A7C7F7736AD948CFE    563296      ----a-w-      C:\Users\Justin Daymude\Desktop\All In One\chromeinstall-8u51.exe

2015-08-17 15:43:44     594E23DD0288855CE2F2335F25C42E34    6609608     ----a-w-      C:\Users\Justin Daymude\Downloads\ccsetup508.exe

2015-08-17 14:11:55     4DE2DED147EF15F8800D42F400D523B4    1450824     ----a-w-      C:\Users\Justin Daymude\AppData\Local\Chrome\User Data\recovery\101.3.28.1\ChromeRecovery.exe

2015-08-17 12:49:09     FC5D475D2F6E1A4BA7D9E546B9B6AF71    82968 ----a-w-    C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB3045305\GDR\x86\setup\1033\pfiles\sqlservr\100\setup\release\x86\setuparp.exe

2015-08-17 12:49:09     F1E94CCCD90389F3613F6DDC32CA57F7    46952 ----a-w-    C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB3045305\GDR\x86\setup\1033\pfiles\sqlservr\100\setup\release\x86\b0k-cfdu.exe

2015-08-17 12:49:09     C00B30CF2C4B13E8B6E35264C9573040    73376 ----a-w-    C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB3045305\GDR\x86\setup\1033\pfiles\sqlservr\100\setup\release\x86\setup100.exe

2015-08-17 12:49:09     5E964B1AA16F8E7EBF6F5F8076F14233    437920      ----a-w-      C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB3045305\GDR\x86\setup\1033\pfiles\sqlservr\100\setup\release\x86\qphmbavs.exe

2015-08-17 12:49:09     49CD68E8ABF40DD037F094B9C5A20906    51048 ----a-w-    C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB3045305\GDR\x86\setup\1033\pfiles\sqlservr\100\setup\release\x86\oax0i8iu.exe

2015-08-17 12:49:08     694418005D57D5B5533B527C372D36CF    46952 ----a-w-    C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB3045305\GDR\x86\setup\1033\pfiles\sqlservr\100\setup\release\x86\7bfmduuq.exe

2015-08-17 12:49:08     626EEFC690C4C842D8EC9B9250293143    116384      ----a-w-      C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB3045305\GDR\x86\setup\1033\pfiles\sqlservr\100\setup\release\setup.exe

2015-08-17 12:49:07     F1E94CCCD90389F3613F6DDC32CA57F7    46952 ----a-w-    C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB3045305\GDR\x86\fixsqlregistrykey_x64.exe

2015-08-17 12:49:07     C00B30CF2C4B13E8B6E35264C9573040    73376 ----a-w-    C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB3045305\GDR\x86\setup100.exe

2015-08-17 12:49:07     694418005D57D5B5533B527C372D36CF    46952 ----a-w-    C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB3045305\GDR\x86\fixsqlregistrykey_ia64.exe

2015-08-17 12:49:07     626EEFC690C4C842D8EC9B9250293143    116384      ----a-w-      C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB3045305\GDR\setup.exe

2015-08-17 12:49:07     5E964B1AA16F8E7EBF6F5F8076F14233    437920      ----a-w-      C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB3045305\GDR\x86\landingpage.exe

2015-08-17 12:49:07     49CD68E8ABF40DD037F094B9C5A20906    51048 ----a-w-    C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB3045305\GDR\x86\fixsqlregistrykey_x86.exe

2015-08-17 05:04:51     0C00E73AB18B2347C4667D36150F6987    174592      ----a-w-      C:\Windows\System32\ieUnatt.exe

2015-08-17 05:04:50     CBD28899C34B9AEF780C038B0443992C    384000      ----a-w-      C:\Program Files (x86)\Internet Explorer\ieinstal.exe

2015-08-17 05:04:50     638DCF3BE51C018420C2E2D662113DE2    677024      ----a-w-      C:\Program Files (x86)\Internet Explorer\iexplore.exe

2015-08-17 05:04:50     2287F9B4CFB4453A93D974E469AF1D2D    699040      ----a-w-      C:\Program Files\Internet Explorer\iexplore.exe

2015-08-17 05:04:50     0C7DBF1782ED489B704BC253A602B152    280576      ----a-w-      C:\Program Files\Internet Explorer\ieinstal.exe

2015-08-17 05:04:47     4AC582F3B8E82F94383585CFEDB56B5F    142848      ----a-w-      C:\Windows\SysWOW64\ieUnatt.exe

2015-08-17 05:04:44     B2D4ADEADE30313BAF39213B402E1337    146944      ----a-w-      C:\Program Files (x86)\Internet Explorer\ExtExport.exe

2015-08-17 05:04:44     9E45751413FD28577EDFCBCF54EE2B5B    120320      ----a-w-      C:\Program Files\Internet Explorer\ielowutil.exe

2015-08-17 05:04:44     9CE7928809DFD4B9858FF224AAECE0D3    118784      ----a-w-      C:\Program Files (x86)\Internet Explorer\ielowutil.exe

2015-08-17 05:04:44     43FAE3E2833B00E497810C79F246CA27    16384 ----a-w-      C:\Windows\System32\msfeedssync.exe

2015-08-17 05:04:43     F23ED09608A64BBCA850AAEB267AE920    47616 ----a-w-      C:\Windows\System32\mshta.exe

2015-08-17 05:04:43     0B81B3366B9B7644BD7456DFBB8312DA    15872 ----a-w-      C:\Windows\SysWOW64\msfeedssync.exe

2015-08-17 05:04:43     01DEDE18396204ABE19027BA9BA46A12    50176 ----a-w-      C:\Windows\SysWOW64\mshta.exe

2015-08-17 04:17:54     E99A30142A108B11381C47B0A30283B0    17344 ----a-w-      C:\Windows\System32\CompatTelRunner.exe

2015-08-17 04:17:32     B9A07A9807A4BAC067498CC8D77F3D4D    5568960     ----a-w-      C:\Windows\System32\ntoskrnl.exe

2015-08-17 04:17:30     DC18FFFF3175376ABD38E6D48309F7F9    3934656     ----a-w-      C:\Windows\SysWOW64\ntoskrnl.exe

2015-08-17 04:17:27     6C95D6264810F816E92780E7DB81F7B1    3989952     ----a-w-      C:\Windows\SysWOW64\ntkrnlpa.exe

2015-08-17 04:17:19     99D1FAA337A4EF3C33E256C79DC708F8    296960      ----a-w-      C:\Windows\System32\rstrui.exe

2015-08-17 04:17:19     354D59027DE2BFB3A63E8E7DBAF081D8    338432      ----a-w-      C:\Windows\System32\conhost.exe

2015-08-17 04:17:18     EBB9C6638109A3486EBA51D28837495C    64000 ----a-w-      C:\Windows\System32\auditpol.exe

2015-08-17 04:17:18     A2C5FAE51BC43B29525AAA5BF0B31259    50176 ----a-w-      C:\Windows\SysWOW64\auditpol.exe

2015-08-17 04:17:18     55C48343919A72B0C8F5C42E4C798FCA    112640      ----a-w-      C:\Windows\System32\smss.exe

2015-08-17 04:17:18     0D48E93C6BE3143C0198CB252B992D16    31232 ----a-w-      C:\Windows\System32\lsass.exe

2015-08-17 04:17:18     086A1544FACAA91CD6F95FC4CDE16913    25600 ----a-w-      C:\Windows\SysWOW64\setup16.exe

2015-08-17 04:17:10     832494A551C2B2CCB616B2BE13A696A1    7680  ----a-w-      C:\Windows\SysWOW64\instnm.exe

2015-08-17 04:17:09     03A179385219FD37CDFB3E603F912CA7    2048  ----a-w-      C:\Windows\SysWOW64\user.exe

2015-08-17 03:54:50     81CB8D34112178CE1826C86BA5F268C3    128000      ----a-w-      C:\Windows\System32\msiexec.exe

2015-08-17 03:54:49     F61A069A5517F85662ED9A6C5AD5445A    73216 ----a-w-      C:\Windows\SysWOW64\msiexec.exe

2015-08-17 03:54:49     0D9514850CC3A99A6600643F2888858B    112064      ----a-w-      C:\Windows\System32\consent.exe

2015-08-17 03:54:01     B32189BDFF6E577A92BAA61AD49264E6    193536      ----a-w-      C:\Windows\System32\notepad.exe

2015-08-17 03:54:01     B32189BDFF6E577A92BAA61AD49264E6    193536      ----a-w-      C:\Windows\notepad.exe

2015-08-17 03:54:01     A4F6DF0E33E644E802C8798ED94D80EA    179712      ----a-w-      C:\Windows\SysWOW64\notepad.exe

2015-08-17 03:53:47     7CFCC5210E226AA85F2A21098FA01F29    37376 ----a-w-      C:\Windows\System32\wuapp.exe

2015-08-17 03:53:47     742AC3EF3C7C30F0EBF628D6D03BB399    34816 ----a-w-      C:\Windows\SysWOW64\wuapp.exe

2015-08-17 03:53:47     6FDC1FAD277AEF0A89B0D28F5675679C    139776      ----a-w-      C:\Windows\System32\wuauclt.exe

2015-08-17 02:54:26     C1E5BFBDAB6B3439BBF3E8CDADD4A4A9    3689000     ----a-w-      C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoAppBar.exe

2015-08-17 02:54:26     04EFED15350A230218D3884C95C1931F    7151696     ----a-w-      C:\Program Files\VS Revo Group\Revo Uninstaller Pro\ruplp.exe

2015-08-17 02:54:25     F3E59ABD3B54A71BEE309488FC9EBCB4    16403488    ----a-w-      C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe

2015-08-17 02:54:25     7F3B3ABA994FBFCC90FF8FED64111CDB    81360 ----a-w-    C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoCmd.exe

2015-08-17 02:54:24     1D2AD5926FFA15FF1CFE597B559B1391    1276105     ----a-w-      C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe

2015-08-17 02:50:52     F0D0DD8E42BEBA742C65FF479FE99C8D    11069616    ----a-w-      C:\Users\Justin Daymude\Downloads\RevoUninProSetup.exe

=== C: other files ==

2015-08-21 00:09:17     0BE568FD1E7D6C6D64D2272649F5C716    111   ----a-w-    C:\Users\Justin Daymude\AppData\Local\Temp\scripttest.vbs

2015-08-17 20:29:38     D41D8CD98F00B204E9800998ECF8427E    0     ----a-w-    C:\autoexec.bat

2015-08-17 04:17:31     552FA62B0EFECD22D8D52499324BCA4F    290816      ----a-w-      C:\Windows\System32\drivers\mrxsmb10.sys

2015-08-17 04:17:31     522A1595D5701800DD41B2D472F5AAED    155584      ----a-w-      C:\Windows\System32\drivers\ksecpkg.sys

2015-08-17 04:17:24     B2081803D510DCE174992BA880EDCA70    159232      ----a-w-      C:\Windows\System32\drivers\mrxsmb.sys

2015-08-17 04:17:24     97687971F9CB30E2633DE0F1296B9F61    129024      ----a-w-      C:\Windows\System32\drivers\mrxsmb20.sys

2015-08-17 04:17:24     67050452C0118BAF2883928E6FCCFE47    94656 ----a-w-      C:\Windows\System32\drivers\mountmgr.sys

2015-08-17 04:17:23     67A1743377EBB5D9A370A8C2086CFDCC    95680 ----a-w-      C:\Windows\System32\drivers\ksecdd.sys

2015-08-17 03:54:13     F97A0CFC495C92FF2F6A03933157D115    3208192     ----a-w-      C:\Windows\System32\win32k.sys

2015-08-17 02:54:27     9C41DE96339224A51AB950A3E74FBDA4    28    ----a-w-    C:\Program Files\VS Revo Group\Revo Uninstaller Pro\reg_lp.bat

2015-08-17 02:54:26     9C3AC71A9934B884FAC567A8807E9C4D    31800 ----a-w-      C:\Windows\System32\drivers\revoflt.sys

2015-08-17 02:54:26     9C3AC71A9934B884FAC567A8807E9C4D    31800 ----a-w-    C:\Program Files\VS Revo Group\Revo Uninstaller Pro\revoflt.sys

 

==== Firefox Extensions ======================

 

==== Firefox Plugins ======================

 

 

==== Fake Chromium Profiles Check ======================

 

Fake profile C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome deleted

 

==== Chromium Look ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

 

SafeNSearch - Justin Daymude\AppData\Local\Chrome\User Data\Default\Extensions\ehemmnghgnfgljpejdfolmeidnkimkgc

 

==== Chromium Fix ======================

 

C:\Users\Justin Daymude\AppData\Local\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage deleted successfully

C:\Users\Justin Daymude\AppData\Local\Chrome\User Data\Default\Local Storage\http_search.safefinder.com_0.localstorage-journal deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page Restore"="http://g.msn.com/USCON/1"

"Use Search Asst"="yes"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="www.google.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]

"Default"="www.google.com"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"Default"="www.google.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEV7awbD8dIcI9CB9a_e9L6COR_kyzu2kxpHH4tzbntU-zHo2af2H-maqqeVFKqTosSecmyifKqXZ0j2QixuaOfjpgpae6FfEFJsXslQjZVH0A16rywPUU-2UCIdi2Uof8sTGNW2lSTYj5g,,&q={searchTerms}"

"SearchAssistant"="http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_CN_Cx0CEV7awbD8dIcI9CB9a_e9L6COR_kyzu2kxpHH4tzbntU-zHo2af2H-maqqeVFKqTosSecmyifKqXZ0j2QixuaOfjpgpae6FfEFJsXslQjZVH0A16rywPUU-2UCIdi2Uof8sTGNW2lSTYj5g,,&q={searchTerms}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page Restore"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Use Search Asst"="no"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="about:newtab"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="about:newtab"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\363FB0CBBA367FF4E81FEAD0F717B142 deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BingDesktop deleted successfully

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Justin Daymude\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Justin Daymude\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

 

==== Empty FireFox Cache ======================

 

No FireFox Cache found

 

==== Empty Chrome Cache ======================

 

C:\Users\Justin Daymude\AppData\Local\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Justin Daymude\AppData\Local\Temp will be emptied at reboot

C:\Users\TEMP\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\JUSTIN~1\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\Users\Justin Daymude\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

 

==== EOF on Thu 08/20/2015 at 18:47:08.92 ======================


Step3 AdwCleaner

 

# AdwCleaner v5.003 - Logfile created 20/08/2015 at 18:57:23

# Updated 20/08/2015 by Xplode

# Database : 2015-08-20.1 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Justin Daymude - JUSTINDAYMUDE

# Running from : C:\Users\Justin Daymude\Desktop\adwcleaner_5.003.exe

# Option : Cleaning

 

***** [ Services ] *****

 

[-] Service Deleted : Application Hosting

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\Program Files (x86)\Free Ride Games

[-] Folder Deleted : C:\Program Files (x86)\AVG\AVG10\Toolbar

[-] Folder Deleted : C:\Program Files (x86)\ProductUI

[-] Folder Deleted : C:\ProgramData\Application Hosting

[-] Folder Deleted : C:\Users\Justin Daymude\AppData\Roaming\Ask.com

 

***** [ Files ] *****

 

[-] File Deleted : C:\Users\Justin Daymude\AppData\Roaming\Mozilla\Firefox\Profiles\9cWf1Pvy.default\user.js

 

***** [ Shortcuts ] *****

 

[-] Shortcut Disinfected : C:\Users\Justin Daymude\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Chrome.lnk

 

***** [ Scheduled tasks ] *****

 

[-] Task Deleted : LaunchSignup

[-] Task Deleted : USTSPCO-USTSPCOOneClickCare

[-] Task Deleted : LAUNCH CDPCO

 

***** [ Registry ] *****

 

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}

[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search

[-] Key Deleted : HKCU\Software\APN PIP

[-] Key Deleted : HKCU\Software\BRS

[-] Key Deleted : HKCU\Software\PIP

[-] Key Deleted : HKCU\Software\Zugo

[-] Key Deleted : HKCU\Software\SevereWeatherAlerts

[-] Key Deleted : HKCU\Software\USTechSupport

[-] Key Deleted : HKCU\Software\ONESOFTPERDAY

[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar

[-] Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

[-] Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb

[-] Key Deleted : HKLM\SOFTWARE\PIP

[-] Key Deleted : HKLM\SOFTWARE\TBID

[-] Key Deleted : HKLM\SOFTWARE\Trymedia Systems

[-] Key Deleted : HKLM\SOFTWARE\W3I

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}

[!] Key Not Deleted : [x64] HKCU\Software\APN PIP

[!] Key Not Deleted : [x64] HKCU\Software\BRS

[!] Key Not Deleted : [x64] HKCU\Software\PIP

[!] Key Not Deleted : [x64] HKCU\Software\Zugo

[!] Key Not Deleted : [x64] HKCU\Software\SevereWeatherAlerts

[!] Key Not Deleted : [x64] HKCU\Software\USTechSupport

[!] Key Not Deleted : [x64] HKCU\Software\ONESOFTPERDAY

[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

[-] Key Deleted : [x64] HKLM\SOFTWARE\TBID

[-] Data Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

[-] Data Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

[-] Data Restored : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

[-] Data Restored : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

 

***** [ Web browsers ] *****

 

 

*************************

 

:: Proxy settings cleared

:: Winsock settings cleared

 

*************************

 

C:\AdwCleaner[S1].txt - [325 bytes] - [17/08/2015 12:02:53]

C:\AdwCleaner[S2].txt - [325 bytes] - [17/08/2015 12:04:14]

C:\AdwCleaner[S3].txt - [325 bytes] - [17/08/2015 12:24:54]

C:\AdwCleaner[S4].txt - [325 bytes] - [17/08/2015 12:33:54]

C:\AdwCleaner[S5].txt - [325 bytes] - [17/08/2015 12:45:27]

C:\AdwCleaner[S6].txt - [325 bytes] - [17/08/2015 13:37:33]

C:\AdwCleaner[S7].txt - [324 bytes] - [17/08/2015 13:40:35]

C:\AdwCleaner[S8].txt - [324 bytes] - [17/08/2015 13:41:03]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5277 bytes] ##########



#10 Red131313

Red131313
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 20 August 2015 - 08:17 PM

Step3 AdwCleaner

 

# AdwCleaner v5.003 - Logfile created 20/08/2015 at 18:57:23

# Updated 20/08/2015 by Xplode

# Database : 2015-08-20.1 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Justin Daymude - JUSTINDAYMUDE

# Running from : C:\Users\Justin Daymude\Desktop\adwcleaner_5.003.exe

# Option : Cleaning

 

***** [ Services ] *****

 

[-] Service Deleted : Application Hosting

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\Program Files (x86)\Free Ride Games

[-] Folder Deleted : C:\Program Files (x86)\AVG\AVG10\Toolbar

[-] Folder Deleted : C:\Program Files (x86)\ProductUI

[-] Folder Deleted : C:\ProgramData\Application Hosting

[-] Folder Deleted : C:\Users\Justin Daymude\AppData\Roaming\Ask.com

 

***** [ Files ] *****

 

[-] File Deleted : C:\Users\Justin Daymude\AppData\Roaming\Mozilla\Firefox\Profiles\9cWf1Pvy.default\user.js

 

***** [ Shortcuts ] *****

 

[-] Shortcut Disinfected : C:\Users\Justin Daymude\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\Chrome.lnk

 

***** [ Scheduled tasks ] *****

 

[-] Task Deleted : LaunchSignup

[-] Task Deleted : USTSPCO-USTSPCOOneClickCare

[-] Task Deleted : LAUNCH CDPCO

 

***** [ Registry ] *****

 

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}

[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search

[-] Key Deleted : HKCU\Software\APN PIP

[-] Key Deleted : HKCU\Software\BRS

[-] Key Deleted : HKCU\Software\PIP

[-] Key Deleted : HKCU\Software\Zugo

[-] Key Deleted : HKCU\Software\SevereWeatherAlerts

[-] Key Deleted : HKCU\Software\USTechSupport

[-] Key Deleted : HKCU\Software\ONESOFTPERDAY

[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar

[-] Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

[-] Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb

[-] Key Deleted : HKLM\SOFTWARE\PIP

[-] Key Deleted : HKLM\SOFTWARE\TBID

[-] Key Deleted : HKLM\SOFTWARE\Trymedia Systems

[-] Key Deleted : HKLM\SOFTWARE\W3I

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F6423EE4-93D8-FA04-D09D-A8598F6EFDFD}

[!] Key Not Deleted : [x64] HKCU\Software\APN PIP

[!] Key Not Deleted : [x64] HKCU\Software\BRS

[!] Key Not Deleted : [x64] HKCU\Software\PIP

[!] Key Not Deleted : [x64] HKCU\Software\Zugo

[!] Key Not Deleted : [x64] HKCU\Software\SevereWeatherAlerts

[!] Key Not Deleted : [x64] HKCU\Software\USTechSupport

[!] Key Not Deleted : [x64] HKCU\Software\ONESOFTPERDAY

[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

[-] Key Deleted : [x64] HKLM\SOFTWARE\TBID

[-] Data Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

[-] Data Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

[-] Data Restored : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]

[-] Data Restored : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Search [SearchAssistant]

 

***** [ Web browsers ] *****

 

 

*************************

 

:: Proxy settings cleared

:: Winsock settings cleared

 

*************************

 

C:\AdwCleaner[S1].txt - [325 bytes] - [17/08/2015 12:02:53]

C:\AdwCleaner[S2].txt - [325 bytes] - [17/08/2015 12:04:14]

C:\AdwCleaner[S3].txt - [325 bytes] - [17/08/2015 12:24:54]

C:\AdwCleaner[S4].txt - [325 bytes] - [17/08/2015 12:33:54]

C:\AdwCleaner[S5].txt - [325 bytes] - [17/08/2015 12:45:27]

C:\AdwCleaner[S6].txt - [325 bytes] - [17/08/2015 13:37:33]

C:\AdwCleaner[S7].txt - [324 bytes] - [17/08/2015 13:40:35]

C:\AdwCleaner[S8].txt - [324 bytes] - [17/08/2015 13:41:03]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5277 bytes] ##########



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:04 PM

Posted 22 August 2015 - 09:34 AM

Very good,

 

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:


settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.


esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

 

 

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 Red131313

Red131313
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 23 August 2015 - 10:11 PM

I am currently tied up for the next few days with work. I wanted to let you know I haven't forgot about this, or given up on it. I will be able to work on those steps in a couple of days. Once I have a chance to run the scans, I will post the results.



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:04 PM

Posted 24 August 2015 - 07:59 AM

OK. Thanks for letting me know. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 Red131313

Red131313
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 01 September 2015 - 06:14 PM

My business trip took longer than expected. I will be heading home tomorrow, and can continue to work on these steps by Thursday morning. Thank you for waiting.

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:04 PM

Posted 02 September 2015 - 07:53 AM

OK. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users