Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
14 replies to this topic

#1 jolivier

jolivier

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Iberia, Louisiana
  • Local time:02:04 AM

Posted 07 March 2016 - 07:30 PM

Please help me with what i need to delete. Something has to be during startup b/c i have already used Malware. My kids got something on this and its driving me crazy with all the popups.

 

Thanks a bunch!

 

 

 

Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18205)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Users\Kade\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Kade\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/WOL_WCP
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: RichMediaViewV1release101 - {37549e8c-92da-4bd2-8f08-c03a3d993f6b} - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release101\ie\RichMediaViewV1release101.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
O4 - HKLM\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ChromeHelper] C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\Kade\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
O4 - HKCU\..\Run: [PriceMeterW] "C:\Users\Kade\AppData\Local\PriceMeter\pricemeterw.exe"
O4 - HKCU\..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
O4 - Global Startup: SmartMediaConverter.lnk = C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O23 - Service: McAfee Application Installer Cleanup (0277031457158203) (0277031457158203mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\027703~1.EXE
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BOT4Service - Unknown owner - C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
O23 - Service: ChromeHelperUpdt - Unknown owner - C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hawkes Unattended Updater (HawkesUpdater) - Unknown owner - C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Boot Delay Start Service (McBootDelayStartSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: Intel Security PEF Service (PEFService) - Intel Security, Inc. - C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB13 - Rovi Corporation - C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 18685 bytes


BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 07 March 2016 - 08:45 PM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello :)

We don't use HiJack this logs anymore, as they tend to display inaccurate information sometimes. Let's get a look at your system with a more advanced tool, and we'll get to work. :thumbup2:


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 jolivier

jolivier
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Iberia, Louisiana
  • Local time:02:04 AM

Posted 07 March 2016 - 09:51 PM

FRST Log
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Kade (administrator) on KADE-PC (07-03-2016 20:45:34)
Running from C:\Users\Kade\Downloads
Loaded Profiles: Kade (Available Profiles: Kade)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SanDisk Corporation) C:\Users\Kade\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
() C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
() C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
() C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
() C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
(Hawkes Learning Systems                                                                                                                                                                                                                                                                                     ) C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.8.267.0\McCSPServiceHost.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe [506352 2011-06-12] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe [84464 2011-07-08] ()
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1885088 2012-02-23] (Affinegy, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [ChromeHelper] => C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe [737568 2014-05-08] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [723904 2016-01-08] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\Run: [SansaDispatch] => C:\Users\Kade\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2012-06-18] (SanDisk Corporation)
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\Run: [KGShareApp] => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-06-26] (Eastman Kodak Company)
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\Run: [PriceMeterW] => "C:\Users\Kade\AppData\Local\PriceMeter\pricemeterw.exe"
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4759896 2014-04-01] (PC Drivers Headquarters)
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\MountPoints2: {69cf4d19-46f3-11e1-a9f6-d067e51c7a05} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartMediaConverter.lnk [2014-04-14]
ShortcutTarget: SmartMediaConverter.lnk -> C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1DE6224E-F0BA-4BA7-999B-C6F1E6F48F22}: [DhcpNameServer] 192.0.0.3
Tcpip\..\Interfaces\{741A14D2-7639-42FD-933A-F7217475E6B6}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1400445486&from=tt4u&uid=ST31000524AS_9VPE1DZCXXXX9VPE1DZC&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1400445486&from=tt4u&uid=ST31000524AS_9VPE1DZCXXXX9VPE1DZC&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1400445486&from=tt4u&uid=ST31000524AS_9VPE1DZCXXXX9VPE1DZC&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1400445486&from=tt4u&uid=ST31000524AS_9VPE1DZCXXXX9VPE1DZC&q={searchTerms}
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/WOL_WCP
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=adk0102&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0F0BtDyC0EtA0ByDzyzytN0D0Tzu0SzzyDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyCzy0B0E0A0EtAtGzytBzzzytGyE0FyCyCtG0FtD0DtAtGyCyDyDtB0Fzy0Bzz0B0AyD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0FyByCzz0C0DtG0C0CzyyDtG0BzyyEtCtG0A0AyByBtGyB0F0EzyzztBtDtBtByDyC0A2Q&cr=1161119448&ir=
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_14_ie&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0F0BtDyC0EtA0ByDzyzytN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtA0CtAyDyDyCyBtG0FyEtA0CtG0CyByDyEtG0FtD0CtDtGyC0Dzy0FtCzzyC0D0CzzyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0FyByCzz0C0DtG0C0CzyyDtG0BzyyEtCtG0A0AyByBtGyB0F0EzyzztBtDtBtByDyC0A2Q&cr=1137269483&ir=
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_17_ie&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0F0BtDyC0EtA0ByDzyzytN0D0Tzu0SzzyEtBtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtAtCzz0DtCyC0CtGyB0D0CtDtGzz0CyDyEtGtB0B0CtDtGyB0FtC0BtDyByC0A0F0DyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0FyByCzz0C0DtG0C0CzyyDtG0BzyyEtCtG0A0AyByBtGyB0F0EzyzztBtDtBtByDyC0A2Q&cr=292293418&ir=
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2368598850-3429250015-1983696877-1000 -> DefaultScope {9B7F8FAB-4775-44A4-B388-F367656E8E83} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2368598850-3429250015-1983696877-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7w5iPtWzllio3e6rCrRL8Hujb5OUSVRdU219ReCJyoky1BlReoKGRGGTBlQtpDKWLh2IrTZO2QB-iNglS7dWUS1thXMVRz_LR9G7scGqyheVely0grkXXiusT_SSmERkRPlspZw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2368598850-3429250015-1983696877-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3332410&octid=EB_ORIGINAL_CTID&ISID=IC614A647-EB5B-41D8-B755-FE1E52EB8933&SearchSource=58&CUI=&UM=8&UP=SP58113DCA-D85C-4216-8715-D3CAF56C8857&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2368598850-3429250015-1983696877-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=5E2CF04DA2FB06E3&affID=127101&tsp=5253
SearchScopes: HKU\S-1-5-21-2368598850-3429250015-1983696877-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US739D20141021&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2368598850-3429250015-1983696877-1000 -> {9B7F8FAB-4775-44A4-B388-F367656E8E83} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-26] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-26] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-10] (Sun Microsystems, Inc.)
BHO-x32: Dell Toolbar -> {09B71986-2AC5-482d-B6CB-42EA34F4F85B} -> C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10] ()
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-26] (Microsoft Corporation)
BHO-x32: Rich Media View -> {37549e8c-92da-4bd2-8f08-c03a3d993f6b} -> C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release101\ie\RichMediaViewV1release101.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-26] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10] ()
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-01-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-01-08] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-10-10] (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2368598850-3429250015-1983696877-1000: @nsroblox.roblox.com/launcher -> C:\Users\Kade\AppData\Local\Roblox\Versions\version-a1b8c1edf45b4959\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2368598850-3429250015-1983696877-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Kade\AppData\Local\Roblox\Versions\version-a1b8c1edf45b4959\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-29] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ggfc_15_39&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0F0BtDyC0EtA0ByDzyzytN0D0Tzu0StCtAyCyEtN1L2XzutAtFtCtAtFtDtFtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StA0A0A0D0CyCyEtAtGzytByB0BtGyEtCyC0AtGzyyCyDzztG0B0A0F0AyEyC0AyD0DyDyEyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyC0AtC0CyDtD0DtGyByC0A0BtGyE0EyByDtG0B0AzytCtG0BtCyC0BzzyD0B0FtC0C0Bzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyEzy%26cr%3D410831732%26a%3Dwncy_ggfc_15_39%26os%3DWindows%2B7%2BHome%2BPremium","hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US739D20151113&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\21\NP_wtapp.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Kade\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
CHR Profile: C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (GTA V Countdown) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepaoenpeghejgmakifcnibemgeljclb [2014-08-07] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Frieven_s_Prox_1.8) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp [2014-06-14] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (TabCarousel) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddldimidiliclngjipajmjjiakhbcohn [2014-07-23] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Outlook365 Notifier) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhfemhokeipigjjdopkanibcilnbbjpf [2014-07-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (SiteAdvisor) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-08-10]
CHR Extension: (fbmemes) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmfcioabbebeebdcfkkbjaajjjffmngn [2014-10-17] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (ArcadeCake) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehadeafgjbogbeghjncelieafmgmcnn [2016-01-26]
CHR Extension: (MTG Finder) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\infiigcphjnhnkjagipboadmcdefhhld [2014-09-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Clean IMDb) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\ingodbhkemojiibhhbfhjaeaciikbiik [2014-07-07] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Wikipedia search) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmlmagkbjnbhonjmeihmahmeabaafc [2014-09-16] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (G Picture EXIF Viewer) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmdhcggjebefhdlpdjggelhnelnjefip [2014-07-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-29] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-02]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-02]
CHR HKLM-x32\...\Chrome\Extension: [mlelcpkapbmlgeocgbemahfnegmoicnl] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release101\ch\RichMediaViewV1release101.crx <not found>
 
Opera: 
=======
OPR Extension: (Frieven_s_Prox_1.8) - C:\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp [2014-06-14]
OPR Extension: (SmartSaver+ 8) - C:\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj [2014-04-21]
OPR Extension: (MediaPlayerplus) - C:\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-04-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0277031457158203mcinstcleanup; C:\Windows\TEMP\027703~1.EXE [918056 2015-11-27] (McAfee, Inc.)
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2011-02-09] ()
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1314848 2016-01-19] ()
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [21488 2011-07-15] ()
R2 ChromeHelperUpdt; C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe [284960 2014-05-08] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 HawkesUpdater; C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [8192 2003-04-18] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-02-25] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095664 2011-07-13] (Rovi Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 64af91bf; "C:\Windows\system32\rundll32.exe" "c:\progra~3\fastan~1\FastAndSafeSvc.dll",service
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\48230029.sys [119512 2014-06-01] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-28] (Riverbed Technology, Inc.)
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-07 20:45 - 2016-03-07 20:47 - 00038134 _____ C:\Users\Kade\Downloads\FRST.txt
2016-03-07 20:44 - 2016-03-07 20:45 - 00000000 ____D C:\FRST
2016-03-07 20:44 - 2016-03-07 20:44 - 02374144 _____ (Farbar) C:\Users\Kade\Downloads\FRST64.exe
2016-03-07 20:43 - 2016-03-07 20:43 - 01725440 _____ (Farbar) C:\Users\Kade\Downloads\FRST.exe
2016-03-07 20:02 - 2016-03-07 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-03-07 18:14 - 2016-03-07 18:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Kade\Downloads\HijackThis.exe
2016-03-06 15:03 - 2016-03-07 10:33 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-02-21 13:21 - 2016-02-21 13:21 - 00000000 ____D C:\ProgramData\Intel Security
2016-02-21 13:20 - 2016-02-21 13:20 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-02-18 18:04 - 2016-02-18 18:04 - 00144378 _____ C:\Users\Kade\Desktop\Amazon.pdf
2016-02-16 19:18 - 2016-02-16 19:18 - 00001926 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-02-16 19:18 - 2016-02-16 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-02-12 17:04 - 2016-03-07 18:13 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-02-10 06:28 - 2016-02-06 04:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-10 06:28 - 2016-02-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-10 06:28 - 2016-02-06 04:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-10 06:28 - 2016-02-06 04:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-10 06:28 - 2016-02-06 04:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-10 06:28 - 2016-02-06 04:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-10 06:28 - 2016-02-06 03:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-10 06:28 - 2016-02-06 03:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-10 06:28 - 2016-02-06 03:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-10 06:28 - 2016-02-06 03:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-10 06:28 - 2016-02-06 03:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-10 06:28 - 2016-02-06 03:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-10 06:28 - 2016-02-06 03:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-10 06:28 - 2016-02-06 02:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 06:28 - 2016-01-22 14:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-10 06:28 - 2016-01-22 14:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-10 06:28 - 2016-01-22 00:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-10 06:28 - 2016-01-22 00:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-10 06:28 - 2016-01-22 00:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 06:28 - 2016-01-22 00:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-10 06:28 - 2016-01-22 00:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-10 06:28 - 2016-01-22 00:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-10 06:28 - 2016-01-22 00:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-10 06:28 - 2016-01-22 00:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-10 06:28 - 2016-01-22 00:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 06:28 - 2016-01-22 00:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 06:28 - 2016-01-22 00:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-10 06:28 - 2016-01-22 00:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-10 06:28 - 2016-01-22 00:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-10 06:28 - 2016-01-22 00:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-10 06:28 - 2016-01-22 00:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 06:28 - 2016-01-22 00:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-10 06:28 - 2016-01-22 00:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-10 06:28 - 2016-01-22 00:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-10 06:28 - 2016-01-22 00:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 06:28 - 2016-01-22 00:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-10 06:28 - 2016-01-22 00:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-10 06:28 - 2016-01-22 00:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-10 06:28 - 2016-01-22 00:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-10 06:28 - 2016-01-22 00:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-10 06:28 - 2016-01-22 00:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-10 06:28 - 2016-01-21 23:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-10 06:28 - 2016-01-21 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-10 06:28 - 2016-01-21 23:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 06:28 - 2016-01-21 23:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-10 06:28 - 2016-01-21 23:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-10 06:28 - 2016-01-21 23:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-10 06:28 - 2016-01-21 23:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-10 06:28 - 2016-01-21 23:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-10 06:28 - 2016-01-21 23:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-10 06:28 - 2016-01-21 23:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-10 06:28 - 2016-01-21 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-10 06:28 - 2016-01-21 23:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-10 06:28 - 2016-01-21 23:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-10 06:28 - 2016-01-21 23:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 06:28 - 2016-01-21 23:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-10 06:28 - 2016-01-21 23:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-10 06:28 - 2016-01-21 23:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-10 06:28 - 2016-01-21 23:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 06:28 - 2016-01-21 23:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-10 06:28 - 2016-01-21 23:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-10 06:28 - 2016-01-21 23:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-10 06:28 - 2016-01-21 23:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-10 06:28 - 2016-01-21 23:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-10 06:28 - 2016-01-21 23:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 06:28 - 2016-01-21 23:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-10 06:28 - 2016-01-16 13:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-10 06:28 - 2016-01-16 12:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-10 06:28 - 2016-01-11 08:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-10 06:28 - 2016-01-11 08:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-10 06:28 - 2016-01-11 08:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-10 06:28 - 2016-01-11 08:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-10 06:28 - 2016-01-11 08:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-10 06:28 - 2016-01-06 13:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-10 06:28 - 2016-01-06 13:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-10 06:28 - 2016-01-06 12:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-10 06:27 - 2016-01-16 13:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 06:27 - 2016-01-16 12:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-10 06:27 - 2016-01-11 13:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-10 06:27 - 2016-01-11 13:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-10 06:27 - 2016-01-11 13:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-10 06:27 - 2016-01-11 12:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-10 06:27 - 2016-01-11 12:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-10 06:27 - 2016-01-11 12:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-10 06:27 - 2016-01-11 12:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-10 06:27 - 2016-01-11 12:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-10 06:27 - 2016-01-11 12:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-10 06:27 - 2016-01-11 12:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-10 06:27 - 2016-01-11 12:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-10 06:27 - 2016-01-11 12:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-10 06:27 - 2016-01-11 12:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-10 06:27 - 2016-01-11 12:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-10 06:27 - 2016-01-11 12:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-10 06:27 - 2016-01-11 12:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-10 06:27 - 2016-01-07 11:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 06:27 - 2016-01-07 11:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 06:27 - 2015-12-20 12:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-10 06:27 - 2015-12-20 12:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-10 06:27 - 2015-12-20 08:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-10 06:26 - 2016-01-22 00:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 06:26 - 2016-01-22 00:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-10 06:26 - 2016-01-22 00:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-10 06:26 - 2016-01-22 00:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 06:26 - 2016-01-22 00:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-10 06:26 - 2016-01-22 00:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-10 06:26 - 2016-01-22 00:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-10 06:26 - 2016-01-22 00:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-10 06:26 - 2016-01-22 00:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-10 06:26 - 2016-01-22 00:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-10 06:26 - 2016-01-22 00:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-10 06:26 - 2016-01-22 00:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-10 06:26 - 2016-01-22 00:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-10 06:26 - 2016-01-22 00:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-10 06:26 - 2016-01-22 00:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-10 06:26 - 2016-01-22 00:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-10 06:26 - 2016-01-22 00:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-10 06:26 - 2016-01-22 00:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-10 06:26 - 2016-01-22 00:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 06:26 - 2016-01-22 00:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 06:26 - 2016-01-22 00:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-10 06:26 - 2016-01-22 00:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 06:26 - 2016-01-22 00:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-10 06:26 - 2016-01-22 00:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 06:26 - 2016-01-22 00:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 06:26 - 2016-01-22 00:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-10 06:26 - 2016-01-22 00:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-10 06:26 - 2016-01-22 00:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-10 06:26 - 2016-01-22 00:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-10 06:26 - 2016-01-22 00:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 06:26 - 2016-01-22 00:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 06:26 - 2016-01-22 00:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-10 06:26 - 2016-01-22 00:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-10 06:26 - 2016-01-22 00:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-10 06:26 - 2016-01-22 00:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-10 06:26 - 2016-01-22 00:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 06:26 - 2016-01-22 00:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 06:26 - 2016-01-22 00:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-10 06:26 - 2016-01-22 00:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-10 06:26 - 2016-01-22 00:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 06:26 - 2016-01-22 00:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-10 06:26 - 2016-01-22 00:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-10 06:26 - 2016-01-22 00:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-10 06:26 - 2016-01-22 00:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-10 06:26 - 2016-01-22 00:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-10 06:26 - 2016-01-22 00:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-10 06:26 - 2016-01-22 00:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-10 06:26 - 2016-01-22 00:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-10 06:26 - 2016-01-22 00:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 06:26 - 2016-01-22 00:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 06:26 - 2016-01-22 00:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 06:26 - 2016-01-22 00:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 06:26 - 2016-01-22 00:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-10 06:26 - 2016-01-22 00:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 06:26 - 2016-01-22 00:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-10 06:26 - 2016-01-22 00:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 06:26 - 2016-01-22 00:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-10 06:26 - 2016-01-22 00:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 23:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-10 06:26 - 2016-01-21 23:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-10 06:26 - 2016-01-21 23:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-10 06:26 - 2016-01-21 23:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-10 06:26 - 2016-01-21 23:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-10 06:26 - 2016-01-21 23:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-10 06:26 - 2016-01-21 22:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-10 06:26 - 2016-01-21 22:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-10 06:26 - 2016-01-21 22:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-10 06:26 - 2016-01-21 22:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-10 06:26 - 2016-01-21 22:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-10 06:26 - 2016-01-21 22:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-10 06:26 - 2016-01-21 22:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-10 06:26 - 2016-01-21 22:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-10 06:26 - 2016-01-21 22:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-10 06:26 - 2016-01-21 22:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-10 06:26 - 2016-01-21 22:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 22:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 22:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 06:26 - 2016-01-21 22:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-07 20:43 - 2014-04-14 18:58 - 00000000 ____D C:\Program Files (x86)\SmartMediaConverter
2016-03-07 20:28 - 2014-04-14 18:58 - 00000280 _____ C:\Windows\Tasks\FF Watcher {E6A94E5F-21A8-43B7-9A3A-92F0507F2035}.job
2016-03-07 20:25 - 2014-05-23 19:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-07 20:07 - 2014-05-23 19:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-07 19:48 - 2009-07-13 22:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-07 19:48 - 2009-07-13 22:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-07 18:07 - 2014-05-23 19:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-07 11:24 - 2016-01-28 16:35 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2016-03-06 13:50 - 2015-08-11 17:38 - 00000000 ____D C:\Users\Kade\AppData\Local\CrashDumps
2016-03-05 00:11 - 2015-08-03 05:48 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-03-04 03:26 - 2013-10-13 10:24 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-03-04 03:24 - 2011-12-18 20:25 - 00000000 ____D C:\Users\Kade\AppData\Local\Nero
2016-03-04 03:23 - 2011-10-10 03:28 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-03-04 03:23 - 2011-10-10 03:28 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-03-04 03:23 - 2011-10-10 02:56 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-03-04 03:21 - 2015-09-28 17:06 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-04 03:20 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-04 03:02 - 2011-02-10 10:10 - 00775654 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-04 03:02 - 2009-07-13 23:13 - 00775654 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-04 03:02 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-03-02 20:35 - 2014-12-20 16:49 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-03-02 19:41 - 2012-01-25 19:02 - 00000000 ____D C:\Users\Kade\Documents\Jennifer
2016-02-29 17:40 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-02-26 06:17 - 2014-04-14 20:14 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-26 06:13 - 2014-04-14 20:07 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-26 03:00 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-26 03:00 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-24 17:22 - 2014-08-09 08:54 - 00000000 ____D C:\Users\Kade\AppData\LocalLow\RbxLogs
2016-02-21 13:24 - 2011-10-10 03:21 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-02-19 18:10 - 2014-05-23 19:38 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 18:10 - 2014-05-23 19:38 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 15:51 - 2015-07-14 12:52 - 00001354 _____ C:\Users\Kade\Desktop\ROBLOX Player.lnk
2016-02-18 15:51 - 2015-07-14 12:51 - 00000000 ____D C:\Users\Kade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-02-18 15:50 - 2015-07-14 12:51 - 00001173 _____ C:\Users\Kade\Desktop\ROBLOX Studio.lnk
2016-02-17 20:34 - 2011-10-10 03:21 - 00000000 ____D C:\ProgramData\McAfee
2016-02-17 20:28 - 2015-07-21 08:09 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-02-17 18:33 - 2014-05-18 15:20 - 00000000 ____D C:\ProgramData\ChromeHelper
2016-02-16 19:18 - 2015-11-24 20:07 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-02-12 18:34 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-02-11 19:40 - 2012-03-07 17:31 - 00002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2016-02-11 19:32 - 2009-07-13 23:08 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-11 19:28 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 17:29 - 2009-07-13 22:45 - 00484208 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-11 17:27 - 2014-12-10 03:20 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-11 17:27 - 2014-05-07 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-11 17:12 - 2013-08-15 18:47 - 00000000 ____D C:\Windows\system32\MRT
2016-02-11 17:04 - 2012-02-18 12:28 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-10 09:25 - 2014-05-23 19:37 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 09:25 - 2014-05-23 19:37 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-10 09:25 - 2014-05-23 19:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-07 01:00 - 2012-12-30 10:05 - 00000000 ____D C:\Users\Kade\AppData\Local\ElevatedDiagnostics
 
==================== Files in the root of some directories =======
 
2014-04-14 18:23 - 2014-04-14 19:00 - 0000314 _____ () C:\Users\Kade\AppData\Roaming\aps.uninstall.scan.results
2014-04-06 16:21 - 2014-04-21 16:55 - 0000119 _____ () C:\Users\Kade\AppData\Roaming\WB.CFG
2012-06-23 15:51 - 2012-06-23 15:51 - 0000000 _____ () C:\Users\Kade\AppData\Local\rx_image32.Cache
2011-12-25 10:15 - 2011-12-25 10:15 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2014-12-20 17:08 - 2014-12-20 17:08 - 0000178 _____ () C:\ProgramData\dlea.log
2013-02-07 18:00 - 2013-02-07 18:01 - 0000248 _____ () C:\ProgramData\dleaDiagnostics.log
2012-01-09 13:02 - 2014-10-02 19:14 - 0114090 _____ () C:\ProgramData\dleaJSW.log
2011-12-25 10:18 - 2014-12-20 17:08 - 0090821 _____ () C:\ProgramData\dleascan.log
2011-12-25 10:35 - 2011-12-25 10:35 - 0000252 _____ () C:\ProgramData\FastPics.log
2011-12-25 10:15 - 2011-12-25 10:15 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2014-05-29 17:09 - 2014-05-29 17:09 - 1124369 _____ () C:\ProgramData\SPL2A45.tmp
2014-09-21 09:00 - 2014-09-21 09:00 - 0563656 _____ () C:\ProgramData\SPL312D.tmp
2012-07-31 14:54 - 2012-07-31 14:54 - 0320908 _____ () C:\ProgramData\SPL3E66.tmp
2013-02-06 18:19 - 2013-02-06 18:19 - 36800605 _____ () C:\ProgramData\SPL5CBF.tmp
2013-02-04 21:35 - 2013-02-04 21:35 - 36800605 _____ () C:\ProgramData\SPL65C4.tmp
2014-09-21 09:34 - 2014-09-21 09:34 - 3234387 _____ () C:\ProgramData\SPL6D43.tmp
2013-02-04 21:32 - 2013-02-04 21:32 - 36800605 _____ () C:\ProgramData\SPL955.tmp
2014-05-29 17:34 - 2014-05-29 17:34 - 0238090 _____ () C:\ProgramData\SPLA9AD.tmp
2014-09-21 10:52 - 2014-09-21 10:52 - 0195565 _____ () C:\ProgramData\SPLC5CF.tmp
2011-12-25 10:15 - 2011-12-25 10:15 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some files in TEMP:
====================
C:\Users\Kade\AppData\Local\Temp\amsetup_activeris_default_010414_installer.exe
C:\Users\Kade\AppData\Local\Temp\DivXSetup.exe
C:\Users\Kade\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Kade\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Kade\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Kade\AppData\Local\Temp\fps12.exe
C:\Users\Kade\AppData\Local\Temp\helper.exe
C:\Users\Kade\AppData\Local\Temp\InstallAX64.exe
C:\Users\Kade\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Kade\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Kade\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Kade\AppData\Local\Temp\media.exe
C:\Users\Kade\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Kade\AppData\Local\Temp\MSNECD0.exe
C:\Users\Kade\AppData\Local\Temp\nsa9974.exe
C:\Users\Kade\AppData\Local\Temp\nsc5C41.exe
C:\Users\Kade\AppData\Local\Temp\nsm2ADE.exe
C:\Users\Kade\AppData\Local\Temp\nsm81AF.exe
C:\Users\Kade\AppData\Local\Temp\nss4DE0.tmp.exe
C:\Users\Kade\AppData\Local\Temp\nsuBD4A.exe
C:\Users\Kade\AppData\Local\Temp\nsx58C7.exe
C:\Users\Kade\AppData\Local\Temp\nsx7E93.exe
C:\Users\Kade\AppData\Local\Temp\Opera.exe
C:\Users\Kade\AppData\Local\Temp\optimizerpro.exe
C:\Users\Kade\AppData\Local\Temp\photostage_1.0.0.1_1.5.0.67_update_all.exe
C:\Users\Kade\AppData\Local\Temp\photostage_1.0.0.50_1.5.0.130_update_all.exe
C:\Users\Kade\AppData\Local\Temp\RhapInstTemp.exe
C:\Users\Kade\AppData\Local\Temp\setup.exe
C:\Users\Kade\AppData\Local\Temp\sp-downloader.exe
C:\Users\Kade\AppData\Local\Temp\speedupmypc.exe
C:\Users\Kade\AppData\Local\Temp\SPSetup.exe
C:\Users\Kade\AppData\Local\Temp\sqlite3.exe
C:\Users\Kade\AppData\Local\Temp\swa1_23.exe
C:\Users\Kade\AppData\Local\Temp\uninstall.exe
C:\Users\Kade\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Kade\AppData\Local\Temp\wajam_download.exe
C:\Users\Kade\AppData\Local\Temp\WiseUpdX.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-28 00:51
 
==================== End of FRST.txt ============================


#4 jolivier

jolivier
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Iberia, Louisiana
  • Local time:02:04 AM

Posted 07 March 2016 - 09:53 PM

Addition.txt Log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Kade (2016-03-07 20:47:50)
Running from C:\Users\Kade\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-19 02:00:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2368598850-3429250015-1983696877-500 - Administrator - Disabled)
Guest (S-1-5-21-2368598850-3429250015-1983696877-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2368598850-3429250015-1983696877-1002 - Limited - Enabled)
Kade (S-1-5-21-2368598850-3429250015-1983696877-1000 - Administrator - Enabled) => C:\Users\Kade
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.)
Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG5500 series User Registration (HKLM-x32\...\Canon MG5500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.10.1.3 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}) (Version: 1.2.0.94 - Dell)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Fast And Safe (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}) (Version:  - GTgroup) <==== ATTENTION
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Daybreak Games)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java™ 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.7080 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.173 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version:  - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
ROBLOX Player for Kade (HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Roxio Creator 2012 (HKLM-x32\...\{A07A0EEC-9EBC-4416-B74A-BABB48CBFD26}) (Version:  - )
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version:  - )
Sansa Updater (HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2368598850-3429250015-1983696877-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Kade\AppData\Local\Roblox\Versions\version-a1b8c1edf45b4959\RobloxProxy64.dll (ROBLOX Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05B58C69-7AFF-40FF-B3A2-3178909ED278} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
Task: {065A5BA9-D2EE-4C88-897F-CDCDA406974A} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {0B57856D-E670-4714-BF4F-3E452491732F} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {1B7D86FE-22F1-4B1A-A7FF-E0AD272BC49C} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {1FCE7C01-F286-42FE-8D16-2883F83070CD} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {20C2AE74-1B5B-4539-BB08-90FAF8509989} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {255D6018-E9CD-42FB-99E2-7EEEBBAFB81A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-29] (Microsoft Corporation)
Task: {2AA01242-01D2-4D09-8707-592308BB5765} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-01-12] (Dell Inc.)
Task: {2F80AC43-0B57-4E6B-98E0-50CB5BDFC69A} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
Task: {34A436C0-8A9D-4F53-BC00-A10809DFD415} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [2016-01-03] (McAfee, Inc.)
Task: {35A54C96-1120-44BB-890F-BB7CE707E8D4} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {4CB15489-16BB-48E3-B41D-5113BF60A1E4} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {6D13F551-2B31-4FEC-8FFF-60E5DD013FF1} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-12-29] (PC-Doctor, Inc.)
Task: {6D603F91-6BD6-4B7A-A5D0-EC6A5AEB4266} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-06-26] (Eastman Kodak Company)
Task: {7221BD68-086C-4A97-A726-060A89AB2CCC} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {7E219E29-5257-42E8-9EA4-1B5A3EE0CD51} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {7E6496F8-06A2-4B26-AEF7-252B3B252BAF} - System32\Tasks\PROPCCleanerSoftware_Popup => C:\Program Files (x86)\PRO PC Cleaner Software\Splash.exe <==== ATTENTION
Task: {8151D05C-8F71-4A2B-A881-FE1F9247D6A0} - System32\Tasks\PROPCCleanerSoftware_Start => C:\Program Files (x86)\PRO PC Cleaner Software\PROPCCleanerSoftware.exe <==== ATTENTION
Task: {85D97851-BE1D-4053-AE30-D9ED7A4C1FEE} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
Task: {8820D809-A0F7-4E10-B604-43CAE4EE005A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {8F2CB67C-4650-4B0F-A3AB-B4F683C88F43} - System32\Tasks\FF Watcher {E6A94E5F-21A8-43B7-9A3A-92F0507F2035} => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: {8FAB0573-F343-4260-B9D6-753F97981878} - System32\Tasks\UpdaterEX => C:\Users\Kade\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9886E46C-A723-4F07-9E31-E380C0255056} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A2121C09-60B7-45E6-9B54-009B9A3F4606} - System32\Tasks\pricemeterdownloader => C:\Users\Kade\AppData\Local\PriceMeter\pricemeterd.exe <==== ATTENTION
Task: {AE06F61C-3076-4A9F-8960-E3E079C8F2AA} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {B14FCBCF-D3B0-4AB5-A6DC-A5E6DE26D31C} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {C8A3D1EE-D6CF-4F6C-A3EF-9FC43808C183} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-12-29] (PC-Doctor, Inc.)
Task: {D2C33D48-C7E7-41D6-A5B1-81626CCF790F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {E38DB39A-392B-425B-A7BE-B79467FD6443} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-29] (Microsoft Corporation)
Task: {F27673C2-1816-49EE-A353-C6D3A32EDB8C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {F8670C88-A0CA-45D2-9264-E4A50C90F1B2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {FAA3B7D5-2683-402B-A4F5-69A5BF3B35D0} - System32\Tasks\{AB273C6A-8D0B-48F4-AAE7-F987B1F9A5A7} => pcalua.exe -a "C:\Program Files (x86)\Frieven_s_Prox_1.8\Uninstall.exe" -c /fcp=1
Task: {FDFA7A3F-85F8-417B-B72E-90DCB720A7DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Driver Support-RTMRules.job => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: C:\Windows\Tasks\Driver Support-RTMScan.job => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: C:\Windows\Tasks\Driver Support-RTMUpdater.job => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: C:\Windows\Tasks\FF Watcher {E6A94E5F-21A8-43B7-9A3A-92F0507F2035}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Kade\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-12-25 10:18 - 2009-12-31 00:17 - 00053760 _____ () C:\Windows\System32\DLEAPMON.DLL
2011-12-25 10:17 - 2009-01-13 07:15 - 05709824 _____ () C:\Windows\System32\DLEAOEM.DLL
2015-10-29 17:46 - 2015-09-01 10:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-02-01 11:50 - 2012-02-01 11:50 - 02195824 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
2011-10-10 04:23 - 2011-01-27 09:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-01 08:42 - 2014-04-01 08:42 - 00428416 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
2014-02-27 11:41 - 2014-02-27 11:41 - 00442816 _____ () C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe
2011-06-12 18:07 - 2011-06-12 18:07 - 00506352 _____ () C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
2012-02-01 11:50 - 2012-02-01 11:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2011-07-08 11:31 - 2011-07-08 11:31 - 00084464 _____ () C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
2012-02-01 11:50 - 2012-02-01 11:50 - 01850224 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
2011-02-09 16:36 - 2011-02-09 16:36 - 00457200 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2011-07-15 00:03 - 2011-07-15 00:03 - 00021488 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2014-05-08 07:26 - 2014-05-08 07:26 - 00284960 _____ () C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe
2014-04-14 20:07 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-08-21 18:31 - 2003-04-18 17:06 - 00008192 _____ () C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
2014-12-20 17:02 - 2012-03-27 21:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2011-10-10 02:57 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-02-01 11:44 - 2012-02-01 11:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
2015-10-29 17:46 - 2015-09-01 06:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2011-07-07 16:13 - 2011-07-07 16:13 - 00251688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll
2011-07-07 16:14 - 2011-07-07 16:14 - 00891688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll
2011-07-07 16:13 - 2011-07-07 16:13 - 00026408 _____ () C:\Program Files (x86)\Nero\SyncUP\AdbDetect.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2012-12-30 09:39 - 2010-08-22 20:01 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2012-12-30 09:39 - 2010-08-22 20:01 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2012-12-30 09:39 - 2010-08-22 20:01 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2012-12-30 09:39 - 2010-08-22 20:01 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2012-12-30 09:39 - 2010-08-22 19:32 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-30 09:39 - 2012-02-23 15:19 - 00669696 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2012-12-30 09:39 - 2012-02-23 15:57 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2015-09-28 17:08 - 2015-12-14 23:54 - 00782336 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-09-28 17:08 - 2015-07-03 10:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-09-28 17:08 - 2015-07-03 10:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-09-28 17:08 - 2015-07-03 10:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-09-28 17:08 - 2016-02-04 15:02 - 02546768 _____ () C:\Program Files (x86)\Steam\video.dll
2015-09-28 17:08 - 2015-09-23 18:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-09-28 17:08 - 2015-09-23 18:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-09-28 17:08 - 2015-09-23 18:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-09-28 17:08 - 2015-09-23 18:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-09-28 17:08 - 2015-09-23 18:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-09-28 17:08 - 2016-02-04 15:01 - 00802896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-09-28 17:08 - 2015-12-29 19:51 - 00208896 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-09-28 17:08 - 2016-01-05 19:52 - 48387872 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2011-07-15 00:03 - 2011-07-15 00:03 - 03297264 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2011-07-15 00:03 - 2011-07-15 00:03 - 00523248 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2011-07-15 00:03 - 2011-07-15 00:03 - 00107504 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2012-08-21 18:31 - 2012-11-02 11:10 - 00583240 _____ () C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\mia.lib
2016-03-04 03:22 - 2012-09-02 16:35 - 00101888 _____ () C:\Windows\TEMP\mia523\mEXEFunc.dll
2016-02-26 06:09 - 2016-02-26 06:09 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-05-07 09:05 - 2015-05-07 09:06 - 01754296 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\tmpod.dll
2016-02-26 06:09 - 2016-02-26 06:11 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2016-02-19 18:10 - 2016-02-17 22:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-19 18:10 - 2016-02-17 22:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
2016-02-19 18:10 - 2016-02-17 22:15 - 16808600 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2016-02-16 19:18 - 00000090 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kade\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D54DCC70-D235-429A-A69B-89EE2B1F4A27}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{4FCC3C22-C68F-4E53-ACEE-E5B9FB5F735B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EFE27F2B-CCFF-46C4-B782-ADFA6BAE1CEC}] => (Allow) LPort=2869
FirewallRules: [{BFF60E08-6A6A-466C-9A45-2755970F41B2}] => (Allow) LPort=1900
FirewallRules: [{62908EC6-4822-4C7C-88A5-27498DAF7FFD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{485B3460-B607-4C4B-AB55-CAC1E001A3A1}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{5D67F2A4-035C-4F1B-BC94-15CD0505087B}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{ED9C1D3C-4C9B-4807-9334-1CE89C40D996}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{5FADFAF8-9284-4558-AA10-13DF0FBFD184}] => (Allow) LPort=9700
FirewallRules: [{149022ED-6903-486C-97D5-6EA0CD4279B8}] => (Allow) LPort=9701
FirewallRules: [{EBC81505-62C2-44E7-8517-A6DD5E3EB7E5}] => (Allow) LPort=9702
FirewallRules: [{5E2A216F-9737-468D-936D-BF7D00ECFC96}] => (Allow) LPort=9700
FirewallRules: [{B49A593D-73F9-4AA9-AC2C-66EF21552413}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe
FirewallRules: [{92CE5A8F-96B3-48D9-A10B-58EFC3A79D5B}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe
FirewallRules: [{03FC4C5F-B03A-4F0C-8A8C-42C4A487951D}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe
FirewallRules: [{79E031E5-3360-4FCD-9770-90A62B74195E}] => (Allow) C:\Program Files (x86)\Dell V310-V510 Series\dleafax.exe
FirewallRules: [{83CB2CA0-4C39-491C-B3CB-73415F013B20}] => (Allow) C:\Program Files (x86)\Dell V310-V510 Series\dleafax.exe
FirewallRules: [{0F81B4D7-108E-4AB0-8644-7041AC63565C}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{6B06CFBB-C047-48AA-B78A-728E1756EBCB}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [TCP Query User{7DD1FB37-9758-4538-A14E-D4C930BCBBF2}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Block) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [UDP Query User{7CBDCDEB-52CC-417E-B77A-87EDE4169683}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Block) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [TCP Query User{41D11142-956F-4CF1-BF79-3F7FC91C9166}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Block) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [UDP Query User{F12E1B3C-1AF7-40BD-ADEC-65DED4771738}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe] => (Block) C:\program files (x86)\dell\dell datasafe online\nobuclient.exe
FirewallRules: [{A9E35FCE-62CF-4088-A5AE-DD366E3C0FE5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7CE3B07C-BEC1-4682-96FF-B4DDBA1E888A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{41F689B7-7006-4F75-8567-9074EFE72FB2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{04B55A9A-CFBC-4D9B-A480-3701BAFC8E43}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A12B6865-9636-4D0A-9509-A429151964E1}] => (Allow) LPort=5353
FirewallRules: [{AB0BC67F-F6E5-4315-A593-3A1BAF7D6178}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{F1615CA4-737F-458C-B5A6-F3B7279045F3}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{D3E89434-1DA0-498D-9952-4B638C5F38DF}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{0A93809F-9E7F-4421-97F4-65C96EA433C6}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
FirewallRules: [{14DD9DBB-0FDE-4464-A6FE-09E11184817D}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
FirewallRules: [{EC6068F0-D304-443C-9A2D-729AE87A9FF9}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{BC786AA7-839C-456F-9773-852FA79D3100}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{04E27B84-B2E6-4D5C-8C9A-7E2F79F76004}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{84999633-3157-46CB-821F-D6F3D207C687}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{39C66A84-B46B-45EC-9377-C1F1769EFF2E}] => (Allow) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{DE1215E5-9C77-4F95-8B91-0C2F3AD3A788}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{14B38D95-BC65-4C9E-90FE-1334EBE13F67}] => (Allow) C:\Program Files (x86)\Common Files\Nero\BDCore\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{C2BB422D-8712-4126-AF3B-4A7EBD65C1E7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{CE924ED3-3C11-41E8-9C37-65E408E1D02D}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{0AFDEED1-C1C0-4FA2-A9FB-CE544545F51D}] => (Allow) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
FirewallRules: [{756273F7-E39B-47E3-A770-DBA08208B491}] => (Allow) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
FirewallRules: [{F0D05147-7C64-438F-B6D5-3EA6C0044FAA}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{C29B0EE3-6215-451D-9EAF-94A0BF82AF7A}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{22595441-FE08-4687-AC9B-6118519DA3A1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F5C54860-5891-4C67-BC03-E50FE050439E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{73EEBC58-734C-4551-AAEA-25C868F71CA5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AC87DCB7-9E4C-4590-A954-0251E62D023F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AD123FD4-F2FE-4669-B821-8863F0531E44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{13224E67-A9BA-4ABE-8478-97E278BF864B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{AB16F77B-B217-4D1C-A774-E8CA7FBC024D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{004932E3-DF2D-4429-801A-341811065F07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{D4DC7CA1-38DD-4BDB-A02F-0A31FFF4C903}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{2BB558B4-F2F0-4A18-863D-483C1DD1ECEE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F2BA1D8E-E204-4641-9502-8BFDBAD50497}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F48715A1-DFEB-4926-8A03-25DF32346649}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{AFCC8C43-2AEC-4379-85B2-0B66DA41B9C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{3A9A3E33-8396-425F-BEEC-7F017D24D562}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{262EE4D9-273F-4935-85A0-321C3E1B4703}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{5DD75414-8F89-442E-BDA6-F54C840BDC41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{A37B438B-0724-4326-B2E5-FD3C634839B4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Teredo Tunneling Adapter #13
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/07/2016 08:39:58 PM) (Source: ChromeHelper) (EventID: 2) (User: )
Description: Can't parse JSON update object
 
Error: (03/07/2016 08:24:58 PM) (Source: ChromeHelper) (EventID: 2) (User: )
Description: Can't parse JSON update object
 
Error: (03/07/2016 08:09:57 PM) (Source: ChromeHelper) (EventID: 2) (User: )
Description: Can't parse JSON update object
 
Error: (03/07/2016 07:54:57 PM) (Source: ChromeHelper) (EventID: 2) (User: )
Description: Can't parse JSON update object
 
Error: (03/07/2016 07:39:57 PM) (Source: ChromeHelper) (EventID: 2) (User: )
Description: Can't parse JSON update object
 
Error: (03/07/2016 07:24:56 PM) (Source: ChromeHelper) (EventID: 2) (User: )
Description: Can't parse JSON update object
 
Error: (03/07/2016 07:09:55 PM) (Source: ChromeHelper) (EventID: 2) (User: )
Description: Can't parse JSON update object
 
Error: (03/07/2016 06:54:55 PM) (Source: ChromeHelper) (EventID: 2) (User: )
Description: Can't parse JSON update object
 
Error: (03/07/2016 06:39:55 PM) (Source: ChromeHelper) (EventID: 2) (User: )
Description: Can't parse JSON update object
 
Error: (03/07/2016 06:24:55 PM) (Source: ChromeHelper) (EventID: 2) (User: )
Description: Can't parse JSON update object
 
 
System errors:
=============
Error: (03/05/2016 12:10:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error: 
%%1053
 
Error: (03/05/2016 12:10:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the McAfee Boot Delay Start Service service to connect.
 
Error: (03/04/2016 03:22:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Fast And Safe service to connect.
 
Error: (03/03/2016 04:16:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Fast And Safe service to connect.
 
Error: (02/29/2016 05:48:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Fast And Safe service to connect.
 
Error: (02/28/2016 01:01:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error: 
%%1053
 
Error: (02/28/2016 01:01:32 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the McAfee Boot Delay Start Service service to connect.
 
Error: (02/22/2016 03:06:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error: 
%%1053
 
Error: (02/22/2016 03:06:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the McAfee Boot Delay Start Service service to connect.
 
Error: (02/22/2016 03:06:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
 
CodeIntegrity:
===================================
  Date: 2013-02-04 19:59:12.424
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:59:12.404
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:59:05.545
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:59:05.525
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:58:58.276
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:58:58.256
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:57:26.745
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:57:26.730
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:57:20.594
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:57:20.574
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 61%
Total physical RAM: 6056.63 MB
Available physical RAM: 2344.6 MB
Total Virtual: 12111.46 MB
Available Virtual: 8096.79 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:719.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 459A9B33)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#5 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 07 March 2016 - 10:52 PM

Hello :)

We have much to do, so I'm going to break it down into stages so as not to overwhelm you. There will be several more steps after these, so let's get started. :thumbup2:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Uninstalls, Chrome Reinstallation, and Opera Extension Removal

Program Uninstalls

Please uninstall the following program from your machine as it is an adware/malware related program.
  • Fast And Safe
Uninstall and Reinstall Chrome

We're going to have to uninstall and reinstall Chrome as the malware has altered a dll file in your current version as seen below in the box.



CHR Extension: (GTA V Countdown) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepaoenpeghejgmakifcnibemgeljclb [2014-08-07] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Frieven_s_Prox_1.8) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp [2014-06-14] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION


These are just a few of many entries in Chrome that have been altered. Please follow the instructions below to reinstall Chrome.


1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chromevia the Control Panel.
Note: When asked about user data or settings you must remove this also, so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome.
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.


Opera Extension Removal
  • Please remove the following extension from your Opera browser by following the instructions below.
  • Open Opera, and click Ctrl+Shift+E to open the browser extensions settings. You can also open this page via Settings > Extensions.
  • Once the list of Extensions is opened, please remove/disable the SmartSaver+ 8
Step 2: Fix with FRST

Note: Before performing this step, please move FRST64.exe from C:\Users\Kade\Downloads to your Desktop or the fix will not work. All tools must be run from the Desktop
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
C:\Program Files (x86)\Driver Support
() C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe
C:\Program Files (x86)\SmartMediaConverter
HKLM-x32\...\Run: [ChromeHelper] => C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe [737568 2014-05-08] ()
C:\Program Files (x86)\Common Files\ChromeHelper
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\Run: [PriceMeterW] => "C:\Users\Kade\AppData\Local\PriceMeter\pricemeterw.exe"
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4759896 2014-04-01] (PC Drivers Headquarters)
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\MountPoints2: {69cf4d19-46f3-11e1-a9f6-d067e51c7a05} - E:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartMediaConverter.lnk [2014-04-14]
ShortcutTarget: SmartMediaConverter.lnk -> C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1400445486&from=tt4u&uid=ST31000524AS_9VPE1DZCXXXX9VPE1DZC&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1400445486&from=tt4u&uid=ST31000524AS_9VPE1DZCXXXX9VPE1DZC&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1400445486&from=tt4u&uid=ST31000524AS_9VPE1DZCXXXX9VPE1DZC&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1400445486&from=tt4u&uid=ST31000524AS_9VPE1DZCXXXX9VPE1DZC&q={searchTerms}
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=adk0102&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0F0BtDyC0EtA0ByDzyzytN0D0Tzu0SzzyDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyCzy0B0E0A0EtAtGzytBzzzytGyE0FyCyCtG0FtD0DtAtGyCyDyDtB0Fzy0Bzz0B0AyD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0FyByCzz0C0DtG0C0CzyyDtG0BzyyEtCtG0A0AyByBtGyB0F0EzyzztBtDtBtByDyC0A2Q&cr=1161119448&ir=
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_14_ie&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0F0BtDyC0EtA0ByDzyzytN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtA0CtAyDyDyCyBtG0FyEtA0CtG0CyByDyEtG0FtD0CtDtGyC0Dzy0FtCzzyC0D0CzzyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0FyByCzz0C0DtG0C0CzyyDtG0BzyyEtCtG0A0AyByBtGyB0F0EzyzztBtDtBtByDyC0A2Q&cr=1137269483&ir=
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_17_ie&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0F0BtDyC0EtA0ByDzyzytN0D0Tzu0SzzyEtBtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtAtCzz0DtCyC0CtGyB0D0CtDtGzz0CyDyEtGtB0B0CtDtGyB0FtC0BtDyByC0A0F0DyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0FyByCzz0C0DtG0C0CzyyDtG0BzyyEtCtG0A0AyByBtGyB0F0EzyzztBtDtBtByDyC0A2Q&cr=292293418&ir=
SearchScopes: HKU\S-1-5-21-2368598850-3429250015-1983696877-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7w5iPtWzllio3e6rCrRL8Hujb5OUSVRdU219ReCJyoky1BlReoKGRGGTBlQtpDKWLh2IrTZO2QB-iNglS7dWUS1thXMVRz_LR9G7scGqyheVely0grkXXiusT_SSmERkRPlspZw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2368598850-3429250015-1983696877-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3332410&octid=EB_ORIGINAL_CTID&ISID=IC614A647-EB5B-41D8-B755-FE1E52EB8933&SearchSource=58&CUI=&UM=8&UP=SP58113DCA-D85C-4216-8715-D3CAF56C8857&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2368598850-3429250015-1983696877-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=5E2CF04DA2FB06E3&affID=127101&tsp=5253
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll => No File
C:\Program Files (x86)\Ask.com
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\21\NP_wtapp.dll => No File
CHR Plugin: (Unity Player) - C:\Users\Kade\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
R2 ChromeHelperUpdt; C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe [284960 2014-05-08] ()
S2 64af91bf; "C:\Windows\system32\rundll32.exe" "c:\progra~3\fastan~1\FastAndSafeSvc.dll",service
c:\progra~3\fastan~1
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
Task: {05B58C69-7AFF-40FF-B3A2-3178909ED278} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
Task: {0B57856D-E670-4714-BF4F-3E452491732F} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
Task: {1FCE7C01-F286-42FE-8D16-2883F83070CD} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Program Files (x86)\AnyProtectEx
Task: {35A54C96-1120-44BB-890F-BB7CE707E8D4} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {7E6496F8-06A2-4B26-AEF7-252B3B252BAF} - System32\Tasks\PROPCCleanerSoftware_Popup => C:\Program Files (x86)\PRO PC Cleaner Software\Splash.exe <==== ATTENTION
Task: {8151D05C-8F71-4A2B-A881-FE1F9247D6A0} - System32\Tasks\PROPCCleanerSoftware_Start => C:\Program Files (x86)\PRO PC Cleaner Software\PROPCCleanerSoftware.exe <==== ATTENTION
C:\Program Files (x86)\PRO PC Cleaner Software
Task: {85D97851-BE1D-4053-AE30-D9ED7A4C1FEE} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
Task: {8F2CB67C-4650-4B0F-A3AB-B4F683C88F43} - System32\Tasks\FF Watcher {E6A94E5F-21A8-43B7-9A3A-92F0507F2035} => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: {8FAB0573-F343-4260-B9D6-753F97981878} - System32\Tasks\UpdaterEX => C:\Users\Kade\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {A2121C09-60B7-45E6-9B54-009B9A3F4606} - System32\Tasks\pricemeterdownloader => C:\Users\Kade\AppData\Local\PriceMeter\pricemeterd.exe <==== ATTENTION
Task: {B14FCBCF-D3B0-4AB5-A6DC-A5E6DE26D31C} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Driver Support-RTMRules.job => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: C:\Windows\Tasks\Driver Support-RTMScan.job => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: C:\Windows\Tasks\Driver Support-RTMUpdater.job => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: C:\Windows\Tasks\FF Watcher {E6A94E5F-21A8-43B7-9A3A-92F0507F2035}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Kade\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

Fixlog.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#6 jolivier

jolivier
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Iberia, Louisiana
  • Local time:02:04 AM

Posted 09 March 2016 - 08:42 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Kade (2016-03-09 19:24:20) Run:1
Running from C:\Users\Kade\Desktop
Loaded Profiles: Kade (Available Profiles: Kade)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
C:\Program Files (x86)\Driver Support
() C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe
C:\Program Files (x86)\SmartMediaConverter
HKLM-x32\...\Run: [ChromeHelper] => C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe [737568 2014-05-08] ()
C:\Program Files (x86)\Common Files\ChromeHelper
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\Run: [PriceMeterW] => "C:\Users\Kade\AppData\Local\PriceMeter\pricemeterw.exe"
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4759896 2014-04-01] (PC Drivers Headquarters)
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\MountPoints2: {69cf4d19-46f3-11e1-a9f6-d067e51c7a05} - E:\LaunchU3.exe -a
AppInit_DLLs: C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartMediaConverter.lnk [2014-04-14]
ShortcutTarget: SmartMediaConverter.lnk -> C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1400445486&from=tt4u&uid=ST31000524AS_9VPE1DZCXXXX9VPE1DZC&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1400445486&from=tt4u&uid=ST31000524AS_9VPE1DZCXXXX9VPE1DZC&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1400445486&from=tt4u&uid=ST31000524AS_9VPE1DZCXXXX9VPE1DZC&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1400445486&from=tt4u&uid=ST31000524AS_9VPE1DZCXXXX9VPE1DZC&q={searchTerms}
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=adk0102&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0F0BtDyC0EtA0ByDzyzytN0D0Tzu0SzzyDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCyCzy0B0E0A0EtAtGzytBzzzytGyE0FyCyCtG0FtD0DtAtGyCyDyDtB0Fzy0Bzz0B0AyD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0FyByCzz0C0DtG0C0CzyyDtG0BzyyEtCtG0A0AyByBtGyB0F0EzyzztBtDtBtByDyC0A2Q&cr=1161119448&ir=
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_14_ie&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0F0BtDyC0EtA0ByDzyzytN0D0Tzu0SzztByBtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtA0CtAyDyDyCyBtG0FyEtA0CtG0CyByDyEtG0FtD0CtDtGyC0Dzy0FtCzzyC0D0CzzyDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0FyByCzz0C0DtG0C0CzyyDtG0BzyyEtCtG0A0AyByBtGyB0F0EzyzztBtDtBtByDyC0A2Q&cr=1137269483&ir=
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_17_ie&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0F0BtDyC0EtA0ByDzyzytN0D0Tzu0SzzyEtBtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtAtCzz0DtCyC0CtGyB0D0CtDtGzz0CyDyEtGtB0B0CtDtGyB0FtC0BtDyByC0A0F0DyCtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzy0FyByCzz0C0DtG0C0CzyyDtG0BzyyEtCtG0A0AyByBtGyB0F0EzyzztBtDtBtByDyC0A2Q&cr=292293418&ir=
SearchScopes: HKU\S-1-5-21-2368598850-3429250015-1983696877-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaklnKAlLcb2qZMruJE187No7dcs4Xl15URctwnk_FIJkNnuceapeF87LRT7w5iPtWzllio3e6rCrRL8Hujb5OUSVRdU219ReCJyoky1BlReoKGRGGTBlQtpDKWLh2IrTZO2QB-iNglS7dWUS1thXMVRz_LR9G7scGqyheVely0grkXXiusT_SSmERkRPlspZw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2368598850-3429250015-1983696877-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3332410&octid=EB_ORIGINAL_CTID&ISID=IC614A647-EB5B-41D8-B755-FE1E52EB8933&SearchSource=58&CUI=&UM=8&UP=SP58113DCA-D85C-4216-8715-D3CAF56C8857&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2368598850-3429250015-1983696877-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=5E2CF04DA2FB06E3&affID=127101&tsp=5253
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll => No File
C:\Program Files (x86)\Ask.com
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\21\NP_wtapp.dll => No File
CHR Plugin: (Unity Player) - C:\Users\Kade\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => No File
R2 ChromeHelperUpdt; C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe [284960 2014-05-08] ()
S2 64af91bf; "C:\Windows\system32\rundll32.exe" "c:\progra~3\fastan~1\FastAndSafeSvc.dll",service
c:\progra~3\fastan~1
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
Task: {05B58C69-7AFF-40FF-B3A2-3178909ED278} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
Task: {0B57856D-E670-4714-BF4F-3E452491732F} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
C:\Program Files (x86)\MyPC Backup
Task: {1FCE7C01-F286-42FE-8D16-2883F83070CD} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Program Files (x86)\AnyProtectEx
Task: {35A54C96-1120-44BB-890F-BB7CE707E8D4} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {7E6496F8-06A2-4B26-AEF7-252B3B252BAF} - System32\Tasks\PROPCCleanerSoftware_Popup => C:\Program Files (x86)\PRO PC Cleaner Software\Splash.exe <==== ATTENTION
Task: {8151D05C-8F71-4A2B-A881-FE1F9247D6A0} - System32\Tasks\PROPCCleanerSoftware_Start => C:\Program Files (x86)\PRO PC Cleaner Software\PROPCCleanerSoftware.exe <==== ATTENTION
C:\Program Files (x86)\PRO PC Cleaner Software
Task: {85D97851-BE1D-4053-AE30-D9ED7A4C1FEE} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-04-01] (PC Drivers Headquarters)
Task: {8F2CB67C-4650-4B0F-A3AB-B4F683C88F43} - System32\Tasks\FF Watcher {E6A94E5F-21A8-43B7-9A3A-92F0507F2035} => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: {8FAB0573-F343-4260-B9D6-753F97981878} - System32\Tasks\UpdaterEX => C:\Users\Kade\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {A2121C09-60B7-45E6-9B54-009B9A3F4606} - System32\Tasks\pricemeterdownloader => C:\Users\Kade\AppData\Local\PriceMeter\pricemeterd.exe <==== ATTENTION
Task: {B14FCBCF-D3B0-4AB5-A6DC-A5E6DE26D31C} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Driver Support-RTMRules.job => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: C:\Windows\Tasks\Driver Support-RTMScan.job => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: C:\Windows\Tasks\Driver Support-RTMUpdater.job => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: C:\Windows\Tasks\FF Watcher {E6A94E5F-21A8-43B7-9A3A-92F0507F2035}.job => C:\Program Files\V-bates\PrefHelper.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Kade\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End
 
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe => No running process found
C:\Program Files (x86)\Driver Support => moved successfully
C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe => No running process found
C:\Program Files (x86)\SmartMediaConverter => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ChromeHelper => value removed successfully
C:\Program Files (x86)\Common Files\ChromeHelper => moved successfully
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PriceMeterW => value removed successfully
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Support => value removed successfully
"HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69cf4d19-46f3-11e1-a9f6-d067e51c7a05}" => key removed successfully
HKCR\CLSID\{69cf4d19-46f3-11e1-a9f6-d067e51c7a05} => key not found. 
"C:\PROGRA~3\FASTAN~1\FASTAN~2.DLL" => Value data removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartMediaConverter.lnk => moved successfully
C:\Program Files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe => not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}" => key removed successfully
HKCR\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => key removed successfully
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => key not found. 
"HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => key removed successfully
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found. 
"HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
"HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => key removed successfully
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => key removed successfully
"C:\Program Files (x86)\Ask.com" => not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully
"HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value removed successfully
"HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => key removed successfully
C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\21\NP_wtapp.dll => not found.
C:\Users\Kade\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll => not found.
ChromeHelperUpdt => service removed successfully
64af91bf => service removed successfully
"c:\progra~3\fastan~1" => not found.
MBAMWebAccessControl => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05B58C69-7AFF-40FF-B3A2-3178909ED278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05B58C69-7AFF-40FF-B3A2-3178909ED278}" => key removed successfully
C:\Windows\System32\Tasks\Driver Support-RTMScan => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMScan" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B57856D-E670-4714-BF4F-3E452491732F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B57856D-E670-4714-BF4F-3E452491732F}" => key removed successfully
C:\Windows\System32\Tasks\LaunchSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => key removed successfully
"C:\Program Files (x86)\MyPC Backup" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FCE7C01-F286-42FE-8D16-2883F83070CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FCE7C01-F286-42FE-8D16-2883F83070CD}" => key removed successfully
C:\Windows\System32\Tasks\APSnotifierPP2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => key removed successfully
"C:\Program Files (x86)\AnyProtectEx" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35A54C96-1120-44BB-890F-BB7CE707E8D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35A54C96-1120-44BB-890F-BB7CE707E8D4}" => key removed successfully
C:\Windows\System32\Tasks\APSnotifierPP1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E6496F8-06A2-4B26-AEF7-252B3B252BAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E6496F8-06A2-4B26-AEF7-252B3B252BAF}" => key removed successfully
C:\Windows\System32\Tasks\PROPCCleanerSoftware_Popup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PROPCCleanerSoftware_Popup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8151D05C-8F71-4A2B-A881-FE1F9247D6A0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8151D05C-8F71-4A2B-A881-FE1F9247D6A0}" => key removed successfully
C:\Windows\System32\Tasks\PROPCCleanerSoftware_Start => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PROPCCleanerSoftware_Start" => key removed successfully
"C:\Program Files (x86)\PRO PC Cleaner Software" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85D97851-BE1D-4053-AE30-D9ED7A4C1FEE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85D97851-BE1D-4053-AE30-D9ED7A4C1FEE}" => key removed successfully
C:\Windows\System32\Tasks\Driver Support-RTMRules => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMRules" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F2CB67C-4650-4B0F-A3AB-B4F683C88F43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F2CB67C-4650-4B0F-A3AB-B4F683C88F43}" => key removed successfully
C:\Windows\System32\Tasks\FF Watcher {E6A94E5F-21A8-43B7-9A3A-92F0507F2035} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {E6A94E5F-21A8-43B7-9A3A-92F0507F2035}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FAB0573-F343-4260-B9D6-753F97981878}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FAB0573-F343-4260-B9D6-753F97981878}" => key removed successfully
C:\Windows\System32\Tasks\UpdaterEX => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2121C09-60B7-45E6-9B54-009B9A3F4606}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2121C09-60B7-45E6-9B54-009B9A3F4606}" => key removed successfully
C:\Windows\System32\Tasks\pricemeterdownloader => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pricemeterdownloader" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B14FCBCF-D3B0-4AB5-A6DC-A5E6DE26D31C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B14FCBCF-D3B0-4AB5-A6DC-A5E6DE26D31C}" => key removed successfully
C:\Windows\System32\Tasks\APSnotifierPP3 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => key removed successfully
C:\Windows\Tasks\APSnotifierPP1.job => moved successfully
C:\Windows\Tasks\APSnotifierPP2.job => moved successfully
C:\Windows\Tasks\APSnotifierPP3.job => moved successfully
C:\Windows\Tasks\Driver Support-RTMRules.job => moved successfully
C:\Windows\Tasks\Driver Support-RTMScan.job => moved successfully
C:\Windows\Tasks\Driver Support-RTMUpdater.job => moved successfully
C:\Windows\Tasks\FF Watcher {E6A94E5F-21A8-43B7-9A3A-92F0507F2035}.job => moved successfully
C:\Windows\Tasks\UpdaterEX.job => moved successfully
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => 12.3 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 19:29:24 ====


#7 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 09 March 2016 - 08:57 PM

Hello :)

The log looks good, let's continue. :thumbsup:

When you post these logs, please let me know how the machine is running.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Junkware Removal Tool

junkware-removal-tool_zpspjolgpuh.png Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\Program Files
Step 3: Fresh FRST Logs
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

Answer to my question.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#8 jolivier

jolivier
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Iberia, Louisiana
  • Local time:02:04 AM

Posted 09 March 2016 - 09:39 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Kade (Administrator) on Wed 03/09/2016 at 20:18:19.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 72 
 
Successfully deleted: C:\end (File) 
Successfully deleted: C:\ProgramData\a11c776ae3e6e6d1 (Folder) 
Successfully deleted: C:\ProgramData\ask (Folder) 
Successfully deleted: C:\ProgramData\babylon (Folder) 
Successfully deleted: C:\ProgramData\chromehelper (Folder) 
Successfully deleted: C:\ProgramData\esellerate (Folder) 
Successfully deleted: C:\ProgramData\pricemeterliveupdate (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\driverrestore (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\flvplayer (Folder) 
Successfully deleted: C:\ProgramData\wecarereminder (Folder) 
Successfully deleted: C:\user.js (File) 
Successfully deleted: C:\Users\Kade\AppData\Local\{1F221EAA-71B3-4657-A2B3-911A094CB374} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{22F5D06B-3AC3-4C79-AF85-DBE4578A301D} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{24E8DDD4-9044-4D63-8BC4-5C406A3D8E1B} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{3E29CE1D-35B8-4E73-A11A-40727D15EC24} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{4BAF0DB4-E843-4170-BF7A-E4ED8BA16B3B} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{5553A68C-7299-42A1-B9F6-FFCFCBE8FB1D} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{5AAD35CD-C129-4A33-907F-9F954813D5E4} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{636A1CAA-CFCF-4F6F-810F-A192F6D194D3} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{76D7FEC7-D17C-47BE-A696-9786CC08C75E} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{7742F9AA-0AB8-414F-8E25-6744E38BDD52} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{92DC2C87-4D92-40D4-9031-A2C5279B67C2} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{A96F5891-14B9-4B09-B50B-E398E1FA0D22} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{BD7694B1-D0FA-424B-9142-80986DCFD3D0} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{C3194FCE-D867-45AA-8286-AF82FAB8C003} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{C4E09D72-9C54-4168-B663-9C32465BF0E9} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{CF5829B7-5AF9-46B6-B498-6A37661B4ED5} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{DF475374-DA4E-4D55-B04B-7A64481CE633} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{E0801A0E-6620-45E9-B83D-005D43FBFDE4} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{E8F488AC-74D7-45AB-A8D7-CE9A7EB1026E} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\{FFEF78CE-F787-40F5-8352-87C629F13C85} (Empty Folder)
Successfully deleted: C:\Users\Kade\AppData\Local\com (Folder) 
Successfully deleted: C:\Users\Kade\AppData\Local\globalupdate (Folder) 
Successfully deleted: C:\Users\Kade\AppData\Local\packageaware (Folder) 
Successfully deleted: C:\Users\Kade\AppData\Local\pricemeterliveupdate (Folder) 
Successfully deleted: C:\Users\Kade\Appdata\LocalLow\asktoolbar (Folder) 
Successfully deleted: C:\Users\Kade\Appdata\LocalLow\mysearchdial (Folder) 
Successfully deleted: C:\Users\Kade\AppData\Roaming\babsolution (Folder) 
Successfully deleted: C:\Users\Kade\AppData\Roaming\compuclever (Folder) 
Successfully deleted: C:\Users\Kade\AppData\Roaming\getrighttogo (Folder) 
Successfully deleted: C:\Users\Kade\AppData\Roaming\suptab (Folder) 
Successfully deleted: C:\Users\Kade\AppData\Roaming\systweak (Folder) 
Successfully deleted: C:\Users\Kade\AppData\Roaming\updaterex (Folder) 
Successfully deleted: C:\Users\Kade\Documents\optimizer pro (Folder) 
Successfully deleted: C:\Users\Kade\Documents\propccleaner (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Program Files (x86)\bench (Folder) 
Successfully deleted: C:\Program Files (x86)\compuclever (Folder) 
Successfully deleted: C:\Program Files (x86)\file type helper (Folder) 
Successfully deleted: C:\Program Files (x86)\globalupdate (Folder) 
Successfully deleted: C:\Program Files\003 (Folder) 
Successfully deleted: C:\Program Files\quiknowledge (Folder) 
Successfully deleted: C:\ProgramData\SPL2A45.tmp (File) 
Successfully deleted: C:\ProgramData\SPL312D.tmp (File) 
Successfully deleted: C:\ProgramData\SPL3E66.tmp (File) 
Successfully deleted: C:\ProgramData\SPL5CBF.tmp (File) 
Successfully deleted: C:\ProgramData\SPL65C4.tmp (File) 
Successfully deleted: C:\ProgramData\SPL6D43.tmp (File) 
Successfully deleted: C:\ProgramData\SPL955.tmp (File) 
Successfully deleted: C:\ProgramData\SPLA9AD.tmp (File) 
Successfully deleted: C:\ProgramData\SPLC5CF.tmp (File) 
Successfully deleted: C:\Users\Kade\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7HWY7QQH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Kade\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DI0NTPUK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Kade\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JS95EDR9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Kade\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3FDZ9S2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\prefetch\FREEFILEVIEWER.CONSOLE.EXE-908085FF.pf (File) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7HWY7QQH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DI0NTPUK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JS95EDR9 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q3FDZ9S2 (Temporary Internet Files Folder) 
 
 
 
Registry: 8 
 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\HLNFD (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\HLSVC (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\QKSVC (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\WPM (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9E0BA30E-4399-46DF-86FA-45D9B07321D4} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37549e8c-92da-4bd2-8f08-c03a3d993f6b} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37549e8c-92da-4bd2-8f08-c03a3d993f6b} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/09/2016 at 20:20:11.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v5.101 - Logfile created 09/03/2016 at 20:25:12
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Kade - KADE-PC
# Running from : C:\Users\Kade\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[-] Service Deleted : 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\deal2dieAAlit
[-] Folder Deleted : C:\Program Files (x86)\dealStier
[-] Folder Deleted : C:\Program Files (x86)\easeytoshop
[-] Folder Deleted : C:\Program Files (x86)\FlexibleShoPupeeR
[-] Folder Deleted : C:\Program Files (x86)\ProSHopeper
[-] Folder Deleted : C:\Program Files (x86)\reealdeal
[J] Folder Not Deleted : C:\Program Files (x86)\deal2dieAAlit
[J] Folder Not Deleted : C:\Program Files (x86)\dealStier
[J] Folder Not Deleted : C:\Program Files (x86)\easeytoshop
[J] Folder Not Deleted : C:\Program Files (x86)\FlexibleShoPupeeR
[J] Folder Not Deleted : C:\Program Files (x86)\ProSHopeper
[J] Folder Not Deleted : C:\Program Files (x86)\reealdeal
[-] Folder Deleted : C:\ProgramData\getthediscount
[-] Folder Deleted : C:\ProgramData\WPM
[-] Folder Deleted : C:\ProgramData\deal2dieAAlit
[-] Folder Deleted : C:\ProgramData\dealStier
[-] Folder Deleted : C:\ProgramData\easeytoshop
[-] Folder Deleted : C:\ProgramData\FlexibleShoPupeeR
[-] Folder Deleted : C:\ProgramData\ProSHopeper
[-] Folder Deleted : C:\ProgramData\reealdeal
[J] Folder Not Deleted : C:\ProgramData\deal2dieAAlit
[J] Folder Not Deleted : C:\ProgramData\dealStier
[J] Folder Not Deleted : C:\ProgramData\easeytoshop
[J] Folder Not Deleted : C:\ProgramData\FlexibleShoPupeeR
[J] Folder Not Deleted : C:\ProgramData\ProSHopeper
[J] Folder Not Deleted : C:\ProgramData\reealdeal
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Media Converter
[-] Folder Deleted : C:\Users\Kade\AppData\LocalLow\buenosearch LTD
[-] Folder Deleted : C:\Users\Kade\AppData\Roaming\Activeris
[-] Folder Deleted : C:\Users\Kade\AppData\Roaming\Gameo
[-] Folder Deleted : C:\Users\Kade\AppData\Roaming\qone8
[-] Folder Deleted : C:\Users\Kade\AppData\Roaming\SmartMediaConverter
[-] Folder Deleted : C:\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
[-] Folder Deleted : C:\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj
[-] Folder Deleted : C:\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp
[J] Folder Not Deleted : C:\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj
[J] Folder Not Deleted : C:\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\PackageAware
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Kade\AppData\Roaming\aps.uninstall.scan.results
[-] File Deleted : C:\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\databases\chrome-extension_ceenmgoldhkkegcnlieacjjhndklllkp_0
[-] File Deleted : C:\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Local Extension Settings\ceenmgoldhkkegcnlieacjjhndklllkp
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : OpenCandyHelperRunOnce
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sonocontrol
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PriceMeterLiveUpdate.exe
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [SmartSaver+ 8-bg.exe]
[-] Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{64af91bf}
[-] Key Deleted : HKLM\SOFTWARE\Classes\easytoshoP.easytoshoP
[-] Key Deleted : HKLM\SOFTWARE\Classes\easytoshoP.easytoshoP.1.8
[-] Key Deleted : HKLM\SOFTWARE\Classes\FlexibbleShhoPper.FlexibbleShhoPper
[-] Key Deleted : HKLM\SOFTWARE\Classes\FlexibbleShhoPper.FlexibbleShhoPper.4.75
[-] Key Deleted : HKLM\SOFTWARE\Classes\reealdEal.reealdEal
[-] Key Deleted : HKLM\SOFTWARE\Classes\reealdEal.reealdEal.1.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\dealsteer.dealsteer
[-] Key Deleted : HKLM\SOFTWARE\Classes\dealsteer.dealsteer.1.7
[-] Key Deleted : HKLM\SOFTWARE\Classes\deael2dealiti.deael2dealiti
[-] Key Deleted : HKLM\SOFTWARE\Classes\deael2dealiti.deael2dealiti.2.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\PRoShopupeer.PRoShopupeer
[-] Key Deleted : HKLM\SOFTWARE\Classes\PRoShopupeer.PRoShopupeer.4.87
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BAB04997-93AD-4C13-805A-0409199700BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B6E533F-F78F-4525-B316-312BAF1295D1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EC77D09-02CB-4E1F-E3C4-FB141B2610B3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0C016416-9426-12C5-C545-98A05CE09AD5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22E236CD-84B9-2E8E-BFBE-9E97ADAD5217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35D8BA1B-7E68-C953-EC67-3118071865CA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{40BD531E-EFF8-FA4D-2654-BE678E44552A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75AA45C3-4730-5859-9181-284BAB3BA5E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2AB9E5B-C2B2-B978-924D-8FBDE9CFEB99}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E6772887-C1E1-405E-94BB-D8760A1CF8DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C016416-9426-12C5-C545-98A05CE09AD5}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22E236CD-84B9-2E8E-BFBE-9E97ADAD5217}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{35D8BA1B-7E68-C953-EC67-3118071865CA}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40BD531E-EFF8-FA4D-2654-BE678E44552A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75AA45C3-4730-5859-9181-284BAB3BA5E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2AB9E5B-C2B2-B978-924D-8FBDE9CFEB99}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0C016416-9426-12C5-C545-98A05CE09AD5}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{22E236CD-84B9-2E8E-BFBE-9E97ADAD5217}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{35D8BA1B-7E68-C953-EC67-3118071865CA}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40BD531E-EFF8-FA4D-2654-BE678E44552A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75AA45C3-4730-5859-9181-284BAB3BA5E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2AB9E5B-C2B2-B978-924D-8FBDE9CFEB99}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0C016416-9426-12C5-C545-98A05CE09AD5}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{22E236CD-84B9-2E8E-BFBE-9E97ADAD5217}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{35D8BA1B-7E68-C953-EC67-3118071865CA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{40BD531E-EFF8-FA4D-2654-BE678E44552A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{75AA45C3-4730-5859-9181-284BAB3BA5E6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D2AB9E5B-C2B2-B978-924D-8FBDE9CFEB99}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{59A062A1-5ECA-4A1A-BC44-B2A9283A8ACB}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{0C016416-9426-12C5-C545-98A05CE09AD5}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{22E236CD-84B9-2E8E-BFBE-9E97ADAD5217}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{35D8BA1B-7E68-C953-EC67-3118071865CA}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{40BD531E-EFF8-FA4D-2654-BE678E44552A}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{75AA45C3-4730-5859-9181-284BAB3BA5E6}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{D2AB9E5B-C2B2-B978-924D-8FBDE9CFEB99}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{708D0DD7-FBC0-4437-B525-C098F450A62C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{863fc7db-990a-4ebe-8c77-3180cc2f1852}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b54d30ee-d8c6-40a9-85ba-16d386e1bdd6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0C016416-9426-12C5-C545-98A05CE09AD5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22E236CD-84B9-2E8E-BFBE-9E97ADAD5217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{35D8BA1B-7E68-C953-EC67-3118071865CA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{40BD531E-EFF8-FA4D-2654-BE678E44552A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{75AA45C3-4730-5859-9181-284BAB3BA5E6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D2AB9E5B-C2B2-B978-924D-8FBDE9CFEB99}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9B41579A-1996-42F9-8F84-7B7786818CEF}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054d5c02-e4ab-4c4a-85ea-6499c9b2eaf9}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{863fc7db-990a-4ebe-8c77-3180cc2f1852}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b54d30ee-d8c6-40a9-85ba-16d386e1bdd6}
[-] Key Deleted : HKCU\Software\AnyProtect
[-] Key Deleted : HKCU\Software\BABSOLUTION
[-] Key Deleted : HKCU\Software\DriverRestore
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\FreeSoftToday
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\Headlight
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\Ironsource
[-] Key Deleted : HKCU\Software\Optimizer Pro
[-] Key Deleted : HKCU\Software\PriceMeterLiveUpdate
[-] Key Deleted : HKCU\Software\PriceMeterUpdater
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\Tuto4PC
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\UpdaterEX
[-] Key Deleted : HKCU\Software\wecarereminder
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Re_Markit
[-] Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
[-] Key Deleted : HKLM\SOFTWARE\Bench
[-] Key Deleted : HKLM\SOFTWARE\FlvPlayer
[-] Key Deleted : HKLM\SOFTWARE\Free_soft_today
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\mysearchdial
[-] Key Deleted : HKLM\SOFTWARE\PriceMeterLiveUpdate
[-] Key Deleted : HKLM\SOFTWARE\Quiknowledge
[-] Key Deleted : HKLM\SOFTWARE\SupTab
[-] Key Deleted : HKLM\SOFTWARE\supWPM
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKLM\SOFTWARE\Wpm
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{532970A2-464B-73CB-BBC4-F209EAD3EEBE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{614925F9-841A-53FE-A28F-DC30FA07239B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D831E399-50FE-84AE-F5F7-0A63AC282464}
[-] Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Mediaa_Play_AIR_1.4
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Mediaa_Play_AIR_1.4
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\MediaPlayerplus
[-] Key Deleted : HKU\S-1-5-19\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\S-1-5-20\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key Deleted : HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdncache-a.akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\mysearchdial.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\buenosearch.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\c.hoistsearch.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cdncache-a.akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hdapp1008-a.akamaihd.net
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hoistsearch.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\inst.shoppingate.info
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mmotraffic.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearchdial.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\portaldosites.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shoppingate.info
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\start.mysearchdial.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovi.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\us.yhs4.search.yahoo.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.buenosearch.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.portaldosites.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.reimageplus.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.shopathome.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: Firewall settings cleared
:: IPSec settings cleared
:: BITS queue cleared
:: IE policies deleted
:: Chrome policies deleted
 
*************************
 
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [24677 bytes] - [09/03/2016 20:25:12]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [23062 bytes] - [09/03/2016 20:23:04]
 
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [24865 bytes] ##########
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Kade (administrator) on KADE-PC (09-03-2016 20:32:31)
Running from C:\Users\Kade\Desktop
Loaded Profiles: Kade (Available Profiles: Kade)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
(Hawkes Learning Systems                                                                                                                                                                                                                                                                                     ) C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SanDisk Corporation) C:\Users\Kade\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
() C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
() C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.8.267.0\McCSPServiceHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe [506352 2011-06-12] ()
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe [84464 2011-07-08] ()
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1885088 2012-02-23] (Affinegy, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [723904 2016-01-08] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-08-01] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\Run: [SansaDispatch] => C:\Users\Kade\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2012-06-18] (SanDisk Corporation)
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\Run: [KGShareApp] => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-06-26] (Eastman Kodak Company)
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-08] (Valve Corporation)
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1DE6224E-F0BA-4BA7-999B-C6F1E6F48F22}: [DhcpNameServer] 192.0.0.3
Tcpip\..\Interfaces\{741A14D2-7639-42FD-933A-F7217475E6B6}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/WOL_WCP
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2368598850-3429250015-1983696877-1000 -> DefaultScope {9E0BA30E-4399-46DF-86FA-45D9B07321D4} URL = 
SearchScopes: HKU\S-1-5-21-2368598850-3429250015-1983696877-1000 -> {9B7F8FAB-4775-44A4-B388-F367656E8E83} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-26] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-26] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-10] (Sun Microsystems, Inc.)
BHO-x32: Dell Toolbar -> {09B71986-2AC5-482d-B6CB-42EA34F4F85B} -> C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10] ()
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-26] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
Toolbar: HKLM-x32 - Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll [2008-12-10] ()
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-01-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-01-08] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-10-10] (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-09] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2368598850-3429250015-1983696877-1000: @nsroblox.roblox.com/launcher -> C:\Users\Kade\AppData\Local\Roblox\Versions\version-a1b8c1edf45b4959\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2368598850-3429250015-1983696877-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Kade\AppData\Local\Roblox\Versions\version-a1b8c1edf45b4959\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-29] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-09]
CHR Extension: (Google Docs) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-09]
CHR Extension: (Google Drive) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-09]
CHR Extension: (YouTube) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-09]
CHR Extension: (Google Sheets) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-09]
CHR Extension: (SiteAdvisor) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-03-09]
CHR Extension: (Google Docs Offline) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-09]
CHR Extension: (Gmail) - C:\Users\Kade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-09]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-02]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-03-02]
CHR HKLM-x32\...\Chrome\Extension: [mlelcpkapbmlgeocgbemahfnegmoicnl] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release101\ch\RichMediaViewV1release101.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1314848 2016-01-19] ()
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [21488 2011-07-15] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 HawkesUpdater; C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [8192 2003-04-18] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-02-25] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095664 2011-07-13] (Rovi Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\48230029.sys [119512 2014-06-01] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-28] (Riverbed Technology, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-09 20:30 - 2016-03-09 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-03-09 20:28 - 2016-03-09 20:28 - 00025105 _____ C:\Users\Kade\Desktop\AdwCleaner[C1].txt
2016-03-09 20:21 - 2016-03-09 20:25 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-09 20:20 - 2016-03-09 20:20 - 01524224 _____ C:\Users\Kade\Desktop\AdwCleaner.exe
2016-03-09 20:20 - 2016-03-09 20:20 - 00007778 _____ C:\Users\Kade\Desktop\JRT.txt
2016-03-09 20:17 - 2016-03-09 20:17 - 01609216 _____ (Malwarebytes) C:\Users\Kade\Desktop\JRT.exe
2016-03-09 19:24 - 2016-03-09 19:29 - 00021035 _____ C:\Users\Kade\Desktop\Fixlog.txt
2016-03-09 19:13 - 2016-03-09 19:13 - 00002273 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-09 19:13 - 2016-03-09 19:13 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-09 19:12 - 2016-03-09 20:26 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-09 19:12 - 2016-03-09 20:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-09 19:12 - 2016-03-09 19:12 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-09 19:12 - 2016-03-09 19:12 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-09 19:11 - 2016-03-09 19:11 - 00000000 ____D C:\Users\Kade\AppData\Local\Deployment
2016-03-09 19:11 - 2016-03-09 19:11 - 00000000 ____D C:\Users\Kade\AppData\Local\Apps\2.0
2016-03-09 14:39 - 2016-03-09 14:39 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-03-08 17:17 - 2016-03-08 17:17 - 01109699 _____ C:\Users\Kade\Documents\IMG_20160308_0001_NEW.pdf
2016-03-08 17:16 - 2016-03-08 17:16 - 01120987 _____ C:\Users\Kade\Documents\IMG_20160308_0001.pdf
2016-03-08 16:13 - 2016-02-12 12:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-08 16:13 - 2016-02-12 12:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-08 16:13 - 2016-02-12 12:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-08 16:13 - 2016-02-12 12:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-08 16:13 - 2016-02-12 12:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-08 16:13 - 2016-02-12 12:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-08 16:13 - 2016-02-12 12:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-08 16:13 - 2016-02-12 12:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-08 16:13 - 2016-02-12 12:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-08 16:13 - 2016-02-12 12:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-08 16:13 - 2016-02-12 12:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-08 16:13 - 2016-02-12 12:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-08 16:13 - 2016-02-12 12:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-08 16:13 - 2016-02-12 12:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-08 16:13 - 2016-02-12 12:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-08 16:13 - 2016-02-12 12:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-08 16:13 - 2016-02-09 00:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-08 16:13 - 2016-02-09 00:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-08 16:13 - 2016-02-08 15:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-08 16:13 - 2016-02-08 14:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-08 16:13 - 2016-02-08 14:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-08 16:13 - 2016-02-08 14:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-08 16:13 - 2016-02-08 14:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-08 16:13 - 2016-02-08 14:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-08 16:13 - 2016-02-08 14:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-08 16:13 - 2016-02-08 14:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-08 16:13 - 2016-02-08 14:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-08 16:13 - 2016-02-08 14:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-08 16:13 - 2016-02-08 14:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-08 16:13 - 2016-02-08 14:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-08 16:13 - 2016-02-08 14:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-08 16:13 - 2016-02-08 14:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-08 16:13 - 2016-02-08 14:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-08 16:13 - 2016-02-08 14:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-08 16:13 - 2016-02-08 14:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-08 16:13 - 2016-02-08 14:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-08 16:13 - 2016-02-08 14:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-08 16:13 - 2016-02-08 14:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-08 16:13 - 2016-02-08 14:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-08 16:13 - 2016-02-08 14:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-08 16:13 - 2016-02-08 14:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-08 16:13 - 2016-02-08 14:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-08 16:13 - 2016-02-08 14:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-08 16:13 - 2016-02-08 14:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-08 16:13 - 2016-02-08 14:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-08 16:13 - 2016-02-08 14:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-08 16:13 - 2016-02-08 13:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-08 16:13 - 2016-02-08 13:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-08 16:13 - 2016-02-08 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-08 16:13 - 2016-02-08 12:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-08 16:13 - 2016-02-08 12:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-08 16:13 - 2016-02-08 12:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-08 16:13 - 2016-02-08 12:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-08 16:13 - 2016-02-08 12:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-08 16:13 - 2016-02-08 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-08 16:13 - 2016-02-08 12:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-08 16:13 - 2016-02-08 12:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-08 16:13 - 2016-02-08 12:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-08 16:13 - 2016-02-08 12:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-08 16:13 - 2016-02-08 12:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-08 16:13 - 2016-02-08 12:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-08 16:13 - 2016-02-08 12:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-08 16:13 - 2016-02-08 12:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-08 16:13 - 2016-02-08 12:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-08 16:13 - 2016-02-08 12:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-08 16:13 - 2016-02-08 12:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-08 16:13 - 2016-02-08 12:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-08 16:13 - 2016-02-08 11:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-08 16:13 - 2016-02-08 11:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-08 16:13 - 2016-02-08 11:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-08 16:13 - 2016-02-08 11:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-08 16:13 - 2016-02-08 11:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-08 16:13 - 2016-02-08 11:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-08 16:13 - 2016-02-08 11:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-08 16:13 - 2016-02-08 11:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-08 16:13 - 2016-02-08 11:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-08 16:13 - 2016-02-08 11:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-08 16:13 - 2016-02-08 11:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-08 16:13 - 2016-02-08 11:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-08 16:13 - 2016-02-08 11:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-08 16:13 - 2016-02-08 11:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-08 16:13 - 2016-02-08 10:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-08 16:13 - 2016-02-04 11:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-08 16:13 - 2016-02-03 12:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-08 16:13 - 2016-02-03 12:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-08 16:13 - 2016-02-03 12:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-08 16:13 - 2016-02-03 12:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-08 16:13 - 2016-02-03 12:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-08 16:13 - 2016-01-11 13:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-08 16:13 - 2015-11-19 08:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-08 16:13 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-08 16:12 - 2016-02-19 13:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-08 16:12 - 2016-02-19 12:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-08 16:12 - 2016-02-19 08:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-08 16:12 - 2016-02-11 12:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-08 16:12 - 2016-02-11 12:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-08 16:12 - 2016-02-11 12:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-08 16:12 - 2016-02-11 12:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-08 16:12 - 2016-02-11 12:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-08 16:12 - 2016-02-11 12:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-08 16:12 - 2016-02-11 12:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-08 16:12 - 2016-02-11 12:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-08 16:12 - 2016-02-11 12:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-08 16:12 - 2016-02-11 12:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-08 16:12 - 2016-02-11 12:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-08 16:12 - 2016-02-11 12:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-08 16:12 - 2016-02-11 12:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-08 16:12 - 2016-02-11 12:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-08 16:12 - 2016-02-11 12:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-08 16:12 - 2016-02-11 12:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-08 16:12 - 2016-02-11 12:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-08 16:12 - 2016-02-11 12:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-08 16:12 - 2016-02-11 12:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-08 16:12 - 2016-02-11 12:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-08 16:12 - 2016-02-11 12:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-08 16:12 - 2016-02-11 12:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-08 16:12 - 2016-02-11 12:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-08 16:12 - 2016-02-11 12:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-08 16:12 - 2016-02-11 12:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-08 16:12 - 2016-02-11 12:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-08 16:12 - 2016-02-11 12:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-08 16:12 - 2016-02-11 12:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-08 16:12 - 2016-02-11 12:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-08 16:12 - 2016-02-11 12:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-08 16:12 - 2016-02-11 12:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-08 16:12 - 2016-02-11 12:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-08 16:12 - 2016-02-11 12:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-08 16:12 - 2016-02-11 12:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-08 16:12 - 2016-02-11 12:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-08 16:12 - 2016-02-11 12:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-08 16:12 - 2016-02-11 12:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-08 16:12 - 2016-02-11 12:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-08 16:12 - 2016-02-11 12:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-08 16:12 - 2016-02-11 12:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-08 16:12 - 2016-02-11 12:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-08 16:12 - 2016-02-11 12:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-08 16:12 - 2016-02-11 12:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-08 16:12 - 2016-02-11 12:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-08 16:12 - 2016-02-11 12:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-08 16:12 - 2016-02-11 12:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 11:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-08 16:12 - 2016-02-11 11:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-08 16:12 - 2016-02-11 11:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-08 16:12 - 2016-02-11 11:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-08 16:12 - 2016-02-11 11:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-08 16:12 - 2016-02-11 11:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-08 16:12 - 2016-02-11 11:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-08 16:12 - 2016-02-11 11:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-08 16:12 - 2016-02-11 11:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-08 16:12 - 2016-02-11 11:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-08 16:12 - 2016-02-11 11:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-08 16:12 - 2016-02-11 11:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-08 16:12 - 2016-02-11 11:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-08 16:12 - 2016-02-11 11:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-08 16:12 - 2016-02-11 11:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-08 16:12 - 2016-02-11 08:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-08 16:12 - 2016-02-09 03:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-08 16:12 - 2016-02-09 03:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-08 16:12 - 2016-02-09 03:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-08 16:12 - 2016-02-09 03:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-08 16:12 - 2016-02-09 03:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-08 16:12 - 2016-02-09 03:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-08 16:12 - 2016-02-09 03:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-08 16:12 - 2016-02-09 03:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-08 16:12 - 2016-02-09 03:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-08 16:12 - 2016-02-09 03:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-08 16:12 - 2016-02-09 03:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-08 16:12 - 2016-02-05 12:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-08 16:12 - 2016-02-05 12:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-08 16:12 - 2016-02-05 12:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-08 16:12 - 2016-02-05 12:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-08 16:12 - 2016-02-05 12:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-08 16:12 - 2016-02-05 12:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-08 16:12 - 2016-02-05 12:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-08 16:12 - 2016-02-05 11:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-08 16:12 - 2016-02-05 11:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-08 16:12 - 2016-02-05 11:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-08 16:12 - 2016-02-05 08:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-08 16:12 - 2016-02-05 08:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-08 16:12 - 2016-02-05 08:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-08 16:12 - 2016-02-04 19:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-08 16:12 - 2016-02-04 12:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-07 20:47 - 2016-03-07 20:49 - 00043707 _____ C:\Users\Kade\Desktop\Addition.txt
2016-03-07 20:45 - 2016-03-09 20:32 - 00026509 _____ C:\Users\Kade\Desktop\FRST.txt
2016-03-07 20:44 - 2016-03-09 20:32 - 00000000 ____D C:\FRST
2016-03-07 20:44 - 2016-03-07 20:44 - 02374144 _____ (Farbar) C:\Users\Kade\Desktop\FRST64.exe
2016-03-07 18:14 - 2016-03-07 18:14 - 00388608 _____ (Trend Micro Inc.) C:\Users\Kade\Downloads\HijackThis.exe
2016-02-21 13:21 - 2016-02-21 13:21 - 00000000 ____D C:\ProgramData\Intel Security
2016-02-21 13:20 - 2016-02-21 13:20 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-02-18 18:04 - 2016-02-18 18:04 - 00144378 _____ C:\Users\Kade\Desktop\Amazon.pdf
2016-02-16 19:18 - 2016-02-16 19:18 - 00001926 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-02-16 19:18 - 2016-02-16 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-02-12 17:04 - 2016-03-09 18:19 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-02-10 06:28 - 2016-01-06 13:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-10 06:28 - 2016-01-06 13:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-10 06:28 - 2016-01-06 12:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-10 06:27 - 2016-01-16 13:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 06:27 - 2016-01-16 12:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-10 06:27 - 2016-01-07 11:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 06:27 - 2015-12-20 12:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-10 06:27 - 2015-12-20 12:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-10 06:27 - 2015-12-20 08:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-10 06:26 - 2016-01-22 00:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-10 06:26 - 2016-01-22 00:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 06:26 - 2016-01-22 00:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 06:26 - 2016-01-22 00:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 06:26 - 2016-01-22 00:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-10 06:26 - 2016-01-22 00:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-10 06:26 - 2016-01-22 00:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-10 06:26 - 2016-01-22 00:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 06:26 - 2016-01-22 00:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 06:26 - 2016-01-22 00:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 06:26 - 2016-01-22 00:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 06:26 - 2016-01-22 00:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-10 06:26 - 2016-01-21 23:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-10 06:26 - 2016-01-21 23:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-10 06:26 - 2016-01-21 23:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-09 20:29 - 2013-10-13 10:24 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-03-09 20:27 - 2015-09-28 17:06 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-09 20:27 - 2011-10-10 03:28 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2016-03-09 20:27 - 2011-10-10 03:28 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2016-03-09 20:27 - 2011-10-10 02:56 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-03-09 20:26 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-09 20:25 - 2014-05-23 19:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-09 20:04 - 2009-07-13 22:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-09 20:04 - 2009-07-13 22:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-09 19:49 - 2011-12-18 20:25 - 00000000 ____D C:\Users\Kade\AppData\Local\Nero
2016-03-09 19:33 - 2014-04-14 18:17 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-03-09 19:13 - 2014-05-23 19:37 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-09 19:10 - 2014-11-20 17:42 - 00000000 __SHD C:\Users\Kade\AppData\LocalLow\EmieBrowserModeList
2016-03-09 19:10 - 2014-04-21 16:39 - 00000000 __SHD C:\Users\Kade\AppData\LocalLow\EmieUserList
2016-03-09 19:10 - 2014-04-21 16:35 - 00000000 __SHD C:\Users\Kade\AppData\LocalLow\EmieSiteList
2016-03-09 19:08 - 2009-07-13 23:08 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-09 19:06 - 2014-05-14 09:23 - 00000000 ____D C:\Users\Kade\AppData\Local\Google
2016-03-09 19:04 - 2014-11-20 17:42 - 00000000 __SHD C:\Users\Kade\AppData\Local\EmieBrowserModeList
2016-03-09 19:04 - 2014-04-21 16:36 - 00000000 __SHD C:\Users\Kade\AppData\Local\EmieUserList
2016-03-09 19:04 - 2014-04-21 16:36 - 00000000 __SHD C:\Users\Kade\AppData\Local\EmieSiteList
2016-03-09 18:58 - 2012-01-25 19:02 - 00000000 ____D C:\Users\Kade\Documents\Jennifer
2016-03-09 18:53 - 2013-08-15 18:47 - 00000000 ____D C:\Windows\system32\MRT
2016-03-09 04:11 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-03-09 03:38 - 2009-07-13 23:13 - 00783532 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-09 03:38 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-03-09 03:30 - 2009-07-13 22:45 - 00484208 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-09 03:00 - 2014-12-10 03:20 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-09 03:00 - 2012-02-18 12:28 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-08 17:17 - 2014-12-20 16:49 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-03-06 13:50 - 2015-08-11 17:38 - 00000000 ____D C:\Users\Kade\AppData\Local\CrashDumps
2016-03-05 00:11 - 2015-08-03 05:48 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-03-04 03:02 - 2011-02-10 10:10 - 00775654 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-29 17:40 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-02-26 06:17 - 2014-04-14 20:14 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-26 06:13 - 2014-04-14 20:07 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-26 03:00 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-26 03:00 - 2015-04-05 02:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-24 17:22 - 2014-08-09 08:54 - 00000000 ____D C:\Users\Kade\AppData\LocalLow\RbxLogs
2016-02-21 13:24 - 2011-10-10 03:21 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-02-18 15:51 - 2015-07-14 12:52 - 00001354 _____ C:\Users\Kade\Desktop\ROBLOX Player.lnk
2016-02-18 15:51 - 2015-07-14 12:51 - 00000000 ____D C:\Users\Kade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-02-18 15:50 - 2015-07-14 12:51 - 00001173 _____ C:\Users\Kade\Desktop\ROBLOX Studio.lnk
2016-02-17 20:34 - 2011-10-10 03:21 - 00000000 ____D C:\ProgramData\McAfee
2016-02-17 20:28 - 2015-07-21 08:09 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-02-16 19:18 - 2015-11-24 20:07 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-02-11 19:40 - 2012-03-07 17:31 - 00002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2016-02-11 19:28 - 2010-11-21 01:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-11 17:27 - 2014-05-07 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-10 09:25 - 2014-05-23 19:37 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 09:25 - 2014-05-23 19:37 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-10 09:25 - 2014-05-23 19:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
==================== Files in the root of some directories =======
 
2014-04-06 16:21 - 2014-04-21 16:55 - 0000119 _____ () C:\Users\Kade\AppData\Roaming\WB.CFG
2012-06-23 15:51 - 2012-06-23 15:51 - 0000000 _____ () C:\Users\Kade\AppData\Local\rx_image32.Cache
2011-12-25 10:15 - 2011-12-25 10:15 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2014-12-20 17:08 - 2014-12-20 17:08 - 0000178 _____ () C:\ProgramData\dlea.log
2013-02-07 18:00 - 2013-02-07 18:01 - 0000248 _____ () C:\ProgramData\dleaDiagnostics.log
2012-01-09 13:02 - 2014-10-02 19:14 - 0114090 _____ () C:\ProgramData\dleaJSW.log
2011-12-25 10:18 - 2014-12-20 17:08 - 0090821 _____ () C:\ProgramData\dleascan.log
2011-12-25 10:35 - 2011-12-25 10:35 - 0000252 _____ () C:\ProgramData\FastPics.log
2011-12-25 10:15 - 2011-12-25 10:15 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2011-12-25 10:15 - 2011-12-25 10:15 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some files in TEMP:
====================
C:\Users\Kade\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-09 00:37
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Kade (2016-03-09 20:32:51)
Running from C:\Users\Kade\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-12-19 02:00:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2368598850-3429250015-1983696877-500 - Administrator - Disabled)
Guest (S-1-5-21-2368598850-3429250015-1983696877-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2368598850-3429250015-1983696877-1002 - Limited - Enabled)
Kade (S-1-5-21-2368598850-3429250015-1983696877-1000 - Administrator - Enabled) => C:\Users\Kade
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.)
Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG5500 series User Registration (HKLM-x32\...\Canon MG5500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell DataSafe Online (HKLM-x32\...\{C53BCCBE-9268-4C09-82E9-611444A73B3F}) (Version: 2.10.1.3 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}) (Version: 1.2.0.94 - Dell)
Dell Update (HKLM-x32\...\{90437913-9D4D-4D9D-B438-B8664DF851E9}) (Version: 1.7.1007.0 - Dell Inc.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Daybreak Games)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java™ 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.7080 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.173 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version:  - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
ROBLOX Player for Kade (HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Roxio Creator 2012 (HKLM-x32\...\{A07A0EEC-9EBC-4416-B74A-BABB48CBFD26}) (Version:  - )
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version:  - )
Sansa Updater (HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\...\Sansa Updater) (Version: 1.313 - SanDisk Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2368598850-3429250015-1983696877-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Kade\AppData\Local\Roblox\Versions\version-a1b8c1edf45b4959\RobloxProxy64.dll (ROBLOX Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1B7D86FE-22F1-4B1A-A7FF-E0AD272BC49C} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {255D6018-E9CD-42FB-99E2-7EEEBBAFB81A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-29] (Microsoft Corporation)
Task: {2AA01242-01D2-4D09-8707-592308BB5765} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-01-12] (Dell Inc.)
Task: {2F80AC43-0B57-4E6B-98E0-50CB5BDFC69A} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
Task: {34A436C0-8A9D-4F53-BC00-A10809DFD415} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [2016-01-03] (McAfee, Inc.)
Task: {6D603F91-6BD6-4B7A-A5D0-EC6A5AEB4266} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-06-26] (Eastman Kodak Company)
Task: {7221BD68-086C-4A97-A726-060A89AB2CCC} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {7E219E29-5257-42E8-9EA4-1B5A3EE0CD51} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {866D881B-E28C-4582-AF4A-B288A5574727} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {8820D809-A0F7-4E10-B604-43CAE4EE005A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {9886E46C-A723-4F07-9E31-E380C0255056} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AE06F61C-3076-4A9F-8960-E3E079C8F2AA} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {B89E3EDF-C50E-41BA-9EBD-3504E7BD66A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-09] (Google Inc.)
Task: {C61B039C-651F-4E0D-905A-845B46F2DCEC} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-16] (McAfee, Inc.)
Task: {E38DB39A-392B-425B-A7BE-B79467FD6443} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-29] (Microsoft Corporation)
Task: {E701DB3E-198D-4162-9EE5-DF8C118773E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-09] (Google Inc.)
Task: {F27673C2-1816-49EE-A353-C6D3A32EDB8C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {F8670C88-A0CA-45D2-9264-E4A50C90F1B2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {FAA3B7D5-2683-402B-A4F5-69A5BF3B35D0} - System32\Tasks\{AB273C6A-8D0B-48F4-AAE7-F987B1F9A5A7} => pcalua.exe -a "C:\Program Files (x86)\Frieven_s_Prox_1.8\Uninstall.exe" -c /fcp=1
Task: {FDFA7A3F-85F8-417B-B72E-90DCB720A7DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-12-25 10:18 - 2009-12-31 00:17 - 00053760 _____ () C:\Windows\System32\DLEAPMON.DLL
2011-12-25 10:17 - 2009-01-13 07:15 - 05709824 _____ () C:\Windows\System32\DLEAOEM.DLL
2015-10-29 17:46 - 2015-09-01 10:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-07-15 00:03 - 2011-07-15 00:03 - 00021488 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2014-04-14 20:07 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-08-21 18:31 - 2003-04-18 17:06 - 00008192 _____ () C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
2014-12-20 17:02 - 2012-03-27 21:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2011-10-10 02:57 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-10-10 04:23 - 2011-01-27 09:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-12 18:07 - 2011-06-12 18:07 - 00506352 _____ () C:\Program Files (x86)\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
2012-08-21 14:20 - 2012-08-21 14:20 - 00067496 _____ () C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
2012-02-01 11:50 - 2012-02-01 11:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2011-07-08 11:31 - 2011-07-08 11:31 - 00084464 _____ () C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
2012-12-30 09:39 - 2012-02-23 15:57 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-07-15 00:03 - 2011-07-15 00:03 - 03297264 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2011-07-15 00:03 - 2011-07-15 00:03 - 00523248 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2011-07-15 00:03 - 2011-07-15 00:03 - 00107504 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2012-08-21 18:31 - 2012-11-02 11:10 - 00583240 _____ () C:\Program Files (x86)\Hawkes Learning Systems\Hawkes Update Service Manager\mia.lib
2016-03-09 20:26 - 2012-09-02 16:35 - 00101888 _____ () C:\Windows\TEMP\mia2\mEXEFunc.dll
2015-09-28 17:08 - 2016-02-09 19:17 - 00782336 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-09-28 17:08 - 2015-07-03 10:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-09-28 17:08 - 2015-07-03 10:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-09-28 17:08 - 2015-07-03 10:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-09-28 17:08 - 2016-03-08 13:49 - 02547792 _____ () C:\Program Files (x86)\Steam\video.dll
2015-09-28 17:08 - 2016-02-08 17:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-09-28 17:08 - 2016-02-08 17:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-09-28 17:08 - 2016-02-08 17:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-09-28 17:08 - 2016-02-08 17:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-09-28 17:08 - 2016-02-08 17:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-09-28 17:08 - 2016-03-08 13:49 - 00802896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 03:34 - 2016-02-17 16:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2015-10-29 17:46 - 2015-09-01 06:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2012-12-30 09:39 - 2010-08-22 20:01 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2012-12-30 09:39 - 2010-08-22 20:01 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2012-12-30 09:39 - 2010-08-22 20:01 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2012-12-30 09:39 - 2010-08-22 20:01 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2012-12-30 09:39 - 2010-08-22 19:32 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2012-12-30 09:39 - 2012-02-23 15:19 - 00669696 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2015-09-28 17:08 - 2016-02-08 19:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2016-02-16 19:18 - 00000090 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kade\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A5CCDC7B-528E-413A-AAF2-97AEC16062DB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6138CAC8-A501-4D13-B46F-3D492E5DC7BD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3BC3C0B6-2A63-451A-982E-7031D708C55B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C5A3A974-3AE1-4E3C-9A40-71580F7FD23B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Teredo Tunneling Adapter #13
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/09/2016 08:29:21 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed
 
Error: (03/09/2016 08:28:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2
 
Error: (03/09/2016 08:28:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/09/2016 08:27:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (03/09/2016 08:27:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}
 
Error: (03/09/2016 08:27:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Uninstall key is not found for product {90140011-0066-0409-0000-0000000FF1CE}
 
Error: (03/09/2016 08:27:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}
 
Error: (03/09/2016 08:27:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Uninstall key is not found for product {90140011-0066-0409-0000-0000000FF1CE}
 
Error: (03/09/2016 08:27:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}
 
Error: (03/09/2016 08:27:23 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Uninstall key is not found for product {90140011-0066-0409-0000-0000000FF1CE}
 
 
System errors:
=============
Error: (03/09/2016 08:28:37 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (03/09/2016 08:25:40 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (03/09/2016 08:25:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/09/2016 08:25:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (03/09/2016 08:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (03/09/2016 08:25:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Nero Update service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/09/2016 08:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/09/2016 08:25:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/09/2016 08:25:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/09/2016 08:25:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2013-02-04 19:59:12.424
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:59:12.404
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:59:05.545
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:59:05.525
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:58:58.276
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:58:58.256
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:57:26.745
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:57:26.730
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:57:20.594
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-02-04 19:57:20.574
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 34%
Total physical RAM: 6056.63 MB
Available physical RAM: 3948.27 MB
Total Virtual: 12111.46 MB
Available Virtual: 9860.74 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:916.66 GB) (Free:732.26 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 459A9B33)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#9 jolivier

jolivier
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Iberia, Louisiana
  • Local time:02:04 AM

Posted 09 March 2016 - 09:41 PM

It is running so much faster without popup screens continuously. I wish I knew how to read all what you figured out, amazing! Thanks for your help. 

 

How does everything look now?



#10 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 09 March 2016 - 10:12 PM

It is running so much faster without popup screens continuously. I wish I knew how to read all what you figured out, amazing! Thanks for your help. 
 
How does everything look now?


You're quite welcome, it's looking good. We do have a few more scans to run, as I believe in being thorough. :)

Let's run some scans for remnants and orphans that may be hanging around. :thumbup2:

One quick note: The ESET scan can some times take hours to run.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the program and select Update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.




Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#11 jolivier

jolivier
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Iberia, Louisiana
  • Local time:02:04 AM

Posted 12 March 2016 - 07:14 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ab23d4fbb9fffd4d916296e75777f880
# end=init
# utc_time=2016-03-12 04:16:42
# local_time=2016-03-12 10:16:42 (-0600, Central Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 28548
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ab23d4fbb9fffd4d916296e75777f880
# end=updated
# utc_time=2016-03-12 04:30:02
# local_time=2016-03-12 10:30:02 (-0600, Central Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=ab23d4fbb9fffd4d916296e75777f880
# engine=28548
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-03-12 06:32:58
# local_time=2016-03-12 12:32:58 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='*McAfee*'
# compatibility_mode=5133 16777214 100 100 935286 95038284 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 83095456 209351028 0 0
# scanned=485951
# found=103
# cleaned=0
# scan_time=7376
sh=0362A93343AC81A82E6AF5A13EFCD5EACFAC6F45 ft=1 fh=6bdffa61752fbab7 vn="a variant of MSIL/Adware.StrongVault.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\SmartMediaConverter\SmartMediaConverterApp.exe"
sh=B6416189314997F40D8AFACBEE26FDAF2E1BFBF5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\1.js.vir"
sh=CC111C8D5AEECAE3872D57D27C7015333473DBA9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\102.js.vir"
sh=3C02C1198777BE5BA10D93C67F6CD34557EC171B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\104.js.vir"
sh=F4868E75E21D37FCBC9A5871B6B120EB3E4600DF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\14.js.vir"
sh=AB6ACA64226D66FE7899782ECE54524EECCAE1C0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\184.js.vir"
sh=32FE8D811A0CD3B7424FD03880F6FE6C32781264 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\19.js.vir"
sh=C9B7E8A653B8DEAE096052F45242BFCFEAA6695C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\191.js.vir"
sh=3D8FEB274B1F910633E0EE3966A82AE9DCBD406A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\21.js.vir"
sh=59D71DA7AA8E5657F010779D014A5F84CB05A8A9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\223.js.vir"
sh=C8557AC5B84210EEDA1C94EA2A6349BB474169D5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\242.js.vir"
sh=BD9D45C9251542EDF2AAA8531C364D7D572A473C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\263.js.vir"
sh=05589D2DD1C20694B6B4FA8C1CD4C2A70CE8A61F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\267.js.vir"
sh=A61F2AB2BDA3DF4EA26FB96BFA4BAA4BEFA99E6A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\28.js.vir"
sh=D0C91B4ACE84473BFACA534FF1542F34C843F213 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\47.js.vir"
sh=BDCFA8379825B1BC17A13BDF73B7384DE46E7C3B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\64.js.vir"
sh=898ABFBE2BE495D7D9E173654696AB94C8B3343D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\91.js.vir"
sh=B74EAE26DB8397445B78046E76870B52E904CA46 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\93.js.vir"
sh=778B8C980A33D3679264BE3920E6F15D75731E06 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.N potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\extensionData\plugins\97.js.vir"
sh=A33E167D3828FFAAFE430FBF245650989257C2A1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\js\background.js.vir"
sh=D7FE306EB39D64F7994917931E25229A5B156640 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.R potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\js\main.js.vir"
sh=832ADA6E9B2673CA1DE314A566FF76316F0A2997 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\js\api\chrome.js.vir"
sh=F4FE303A5886572113DF4DA3579956CEBB907F56 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\js\api\cookie.js.vir"
sh=FD2A3FEFF97D325433D2011C5ED5755B6D6A8FAA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\js\api\message.js.vir"
sh=F12AB7ECE7B656776B6C51962B568E2ABCDE1D4D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\js\api\monitor.js.vir"
sh=B3ABD3CAA6ADACF7A87576C3F949A2C023F51456 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\js\lib\bg_app_api.js.vir"
sh=6B8D57805A81A0C2A68E87C410FF89D15BB71CC9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\js\lib\cookie_store.js.vir"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\js\lib\crossriderAPI.js.vir"
sh=EDB82EF0A2AC160256F1A5C49F0778E3A42AC559 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\js\lib\events.js.vir"
sh=902E327ADBC89F0A47999D10E7F6F6554CFCC0F4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\js\lib\onBGDocumentLoad.js.vir"
sh=5744BFAC44C6540538D3B879BEA31EFCE5DCAC7C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\js\lib\reports.js.vir"
sh=BE038417E468CAA3BBA91CFFD2F554922504407C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\js\lib\util.js.vir"
sh=D88F73897D0415B880A52D98AACBCBA8372956B2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp\1.26.18_0\js\lib\xhr.js.vir"
sh=B6416189314997F40D8AFACBEE26FDAF2E1BFBF5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\1.js.vir"
sh=030B6D450876C142620068CB6E9E7ACE78121494 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\102.js.vir"
sh=3C02C1198777BE5BA10D93C67F6CD34557EC171B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\104.js.vir"
sh=F4868E75E21D37FCBC9A5871B6B120EB3E4600DF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\14.js.vir"
sh=48CAB8E59966EFAE16143DD07D034A50BB531EC4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\180.js.vir"
sh=8A0256CE1F62120FBC5E935E5E15F3C66882865C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\19.js.vir"
sh=195C22D7E9C0E4519BACDC4B79757604FBBFAB36 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\191.js.vir"
sh=6169B704CC4B32846BAF909AF767C1F5B92344C3 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\193.js.vir"
sh=3D8FEB274B1F910633E0EE3966A82AE9DCBD406A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\21.js.vir"
sh=67CDDE3A9E665B9F584AFD7F1044B05BA8732829 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\211.js.vir"
sh=AA2E35CACD14FE9E88BD49DD51D2D4C719212DF5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\223.js.vir"
sh=9B63AB6BCF7F2637D84447B899D85FF9FDC17DB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\246.js.vir"
sh=A61F2AB2BDA3DF4EA26FB96BFA4BAA4BEFA99E6A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\28.js.vir"
sh=D0C91B4ACE84473BFACA534FF1542F34C843F213 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\47.js.vir"
sh=BDCFA8379825B1BC17A13BDF73B7384DE46E7C3B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\64.js.vir"
sh=4F1C38F649CC3DF6B317972621DE7C6317D076AE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\91.js.vir"
sh=5CEF9D50BB57A262305E113715FCC406B5ADB4AF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\93.js.vir"
sh=778B8C980A33D3679264BE3920E6F15D75731E06 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.N potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\extensionData\plugins\97.js.vir"
sh=5A9221C8DC841E76BBC2951C6811FC18DAE1AAF0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\js\background.js.vir"
sh=D7FE306EB39D64F7994917931E25229A5B156640 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.R potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\js\main.js.vir"
sh=832ADA6E9B2673CA1DE314A566FF76316F0A2997 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\js\api\chrome.js.vir"
sh=F4FE303A5886572113DF4DA3579956CEBB907F56 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\js\api\cookie.js.vir"
sh=FD2A3FEFF97D325433D2011C5ED5755B6D6A8FAA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\js\api\message.js.vir"
sh=F12AB7ECE7B656776B6C51962B568E2ABCDE1D4D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\js\api\monitor.js.vir"
sh=B3ABD3CAA6ADACF7A87576C3F949A2C023F51456 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\js\lib\bg_app_api.js.vir"
sh=6B8D57805A81A0C2A68E87C410FF89D15BB71CC9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\js\lib\cookie_store.js.vir"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\js\lib\crossriderAPI.js.vir"
sh=EDB82EF0A2AC160256F1A5C49F0778E3A42AC559 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\js\lib\events.js.vir"
sh=902E327ADBC89F0A47999D10E7F6F6554CFCC0F4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\js\lib\onBGDocumentLoad.js.vir"
sh=528BD1AF3119A6710E31B2AB22A1F160B7FBEA84 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\js\lib\reports.js.vir"
sh=BE038417E468CAA3BBA91CFFD2F554922504407C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\js\lib\util.js.vir"
sh=D88F73897D0415B880A52D98AACBCBA8372956B2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj\1.26.27_0\js\lib\xhr.js.vir"
sh=B6416189314997F40D8AFACBEE26FDAF2E1BFBF5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\1.js.vir"
sh=0DC46B661D15C4BA03E9D2DCA3FD8F575EB69697 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\102.js.vir"
sh=01D69135EE92DAC22B8061E1BDD909E2C88CEA69 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\103.js.vir"
sh=3C02C1198777BE5BA10D93C67F6CD34557EC171B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\104.js.vir"
sh=F4868E75E21D37FCBC9A5871B6B120EB3E4600DF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.O potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\14.js.vir"
sh=9BC486308A70EB78E98CEB64CBB584319BB66326 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\155.js.vir"
sh=BAD93D23ED37C2C78AAA083DAD19E31AAA15DC64 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\184.js.vir"
sh=8A0256CE1F62120FBC5E935E5E15F3C66882865C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\19.js.vir"
sh=BB1A54FAEB59D0CB7177AD3B9492ADD5D802C42F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\191.js.vir"
sh=C1EB6A69219A2338DF815E20D227C1BBA07AC67D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\195.js.vir"
sh=3D8FEB274B1F910633E0EE3966A82AE9DCBD406A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\21.js.vir"
sh=D8FB0617FC62AA200F84FB5419E250665A478FD6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\211.js.vir"
sh=67B8E2F5795ACA6F0881858B03E97701396AA1DC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\233.js.vir"
sh=91A4B4795A4690C1D27CB8FD966010107DEEE0C6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\242.js.vir"
sh=9B63AB6BCF7F2637D84447B899D85FF9FDC17DB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.K potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\246.js.vir"
sh=A61F2AB2BDA3DF4EA26FB96BFA4BAA4BEFA99E6A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\28.js.vir"
sh=D0C91B4ACE84473BFACA534FF1542F34C843F213 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.M potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\47.js.vir"
sh=BDCFA8379825B1BC17A13BDF73B7384DE46E7C3B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.P potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\64.js.vir"
sh=4F1C38F649CC3DF6B317972621DE7C6317D076AE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\91.js.vir"
sh=C6062611EB06724DAF41F98932275F202F2AAADA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\93.js.vir"
sh=778B8C980A33D3679264BE3920E6F15D75731E06 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.N potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\extensionData\plugins\97.js.vir"
sh=5A9221C8DC841E76BBC2951C6811FC18DAE1AAF0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.E potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\js\background.js.vir"
sh=D7FE306EB39D64F7994917931E25229A5B156640 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.R potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\js\main.js.vir"
sh=832ADA6E9B2673CA1DE314A566FF76316F0A2997 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\js\api\chrome.js.vir"
sh=F4FE303A5886572113DF4DA3579956CEBB907F56 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\js\api\cookie.js.vir"
sh=FD2A3FEFF97D325433D2011C5ED5755B6D6A8FAA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\js\api\message.js.vir"
sh=F12AB7ECE7B656776B6C51962B568E2ABCDE1D4D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\js\api\monitor.js.vir"
sh=B3ABD3CAA6ADACF7A87576C3F949A2C023F51456 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\js\lib\bg_app_api.js.vir"
sh=6B8D57805A81A0C2A68E87C410FF89D15BB71CC9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.H potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\js\lib\cookie_store.js.vir"
sh=CCE2C38E8E351E54EF7624D60D5C8E8943A8C1D9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\js\lib\crossriderAPI.js.vir"
sh=EDB82EF0A2AC160256F1A5C49F0778E3A42AC559 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\js\lib\events.js.vir"
sh=902E327ADBC89F0A47999D10E7F6F6554CFCC0F4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\js\lib\onBGDocumentLoad.js.vir"
sh=528BD1AF3119A6710E31B2AB22A1F160B7FBEA84 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\js\lib\reports.js.vir"
sh=BE038417E468CAA3BBA91CFFD2F554922504407C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\js\lib\util.js.vir"
sh=D88F73897D0415B880A52D98AACBCBA8372956B2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.G potentially unwanted application" ac=I fn="C:\Program Files (x86)\AdwCleaner\FileQuarantine\C\Users\Kade\AppData\Roaming\Opera Software\Opera Stable\Extensions\majjphhgppkndjjkmhhnbgafooenebhd\1.26.22_0\js\lib\xhr.js.vir"
sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=E1AE05435E3F9F7579FA3EB67A63B2F3DBCD554A ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\Installer\155f91.msi"
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/12/2016
Scan Time: 9:51 AM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.12.02
Rootkit Database: v2016.02.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kade
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 432965
Time Elapsed: 22 min, 21 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 318
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, Quarantined, [4e942165623754e2676840b2649fb947], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, Quarantined, [984ad2b431689e98933c01f1e320e020], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2DB72826-670D-45A2-9A09-C203C36951D8}, Quarantined, [2cb60a7c1287c670ed7ce61a9d677090], 
PUP.Optional.WeatherAlerts, HKLM\SOFTWARE\MICROSOFT\TRACING\WAUpdater_RASAPI32, Quarantined, [835fe3a391089b9b65c8d29e956f25db], 
PUP.Optional.WeatherAlerts, HKLM\SOFTWARE\MICROSOFT\TRACING\WAUpdater_RASMANCS, Quarantined, [c31fa5e115845cdab875fa76b84cb64a], 
PUP.Optional.WeatherAlerts, HKLM\SOFTWARE\MICROSOFT\TRACING\WeatherAlerts_RASAPI32, Quarantined, [01e11571b9e075c12509422eec187a86], 
PUP.Optional.WeatherAlerts, HKLM\SOFTWARE\MICROSOFT\TRACING\WeatherAlerts_RASMANCS, Quarantined, [15cd4244d8c148eeb47ae58b7094b64a], 
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\WOW6432NODE\PRO PC Cleaner Software, Quarantined, [637f394ddbbefa3cabe8b06dc53f4db3], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, Quarantined, [6c76a5e1742551e507c86290ef145da3], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, Quarantined, [09d9bccacccd9d995e7116dcda2949b7], 
PUP.Optional.RichMediaView, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\MLELCPKAPBMLGEOCGBEMAHFNEGMOICNL, Quarantined, [5f83e4a20396072f304e1b047f8552ae], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2DB72826-670D-45A2-9A09-C203C36951D8}, Quarantined, [da08018549509b9b1a4fb64aed1707f9], 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AdvancedSystemProtector_RASAPI32, Quarantined, [548e7115fa9f171f25d9fd3c30d4ae52], 
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AdvancedSystemProtector_RASMANCS, Quarantined, [7a68e6a0cacf7abc86788aaf80848b75], 
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PROPCCleanerSoftware_RASAPI32, Quarantined, [21c1780ececb4ceafd904bd2659f25db], 
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PROPCCleanerSoftware_RASMANCS, Quarantined, [d1110581d7c200361578a677fd07b34d], 
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [6c76572fa8f12016cadaa787f50e25db], 
PUP.Optional.Feven, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Frieven_s_Prox_1.8, Quarantined, [05dd1a6cd8c15bdb8a1834d1f1138977], 
PUP.Optional.ProPCCleaner, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\PROPCCleanerSoftwareConfig, Quarantined, [29b9b2d47a1fe94d0547e755e222a55b], 
PUP.Optional.ProPCCleaner, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\PROPCCleanerSoftwareLanguage, Quarantined, [d30f89fdd1c8e6502f5a2feebe4650b0], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{054D5C02-E4AB-4C4A-85EA-6499C9B2EAF9}, Quarantined, [d1111f67cacfd6603d0d49b7ae56ef11], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1025148A-9411-44F1-95A7-3686DE2060F2}, Quarantined, [38aaea9c58410234a9a0c63a758fc43c], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{108A16EB-9954-4AC7-AE8D-4E284251B4FE}, Quarantined, [61812c5acacf62d48dbcce3217edbb45], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11DA7E82-CB00-494D-80D9-553A64848ECA}, Quarantined, [02e0dcaa6b2ed36335147b859f65837d], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11DFD1CB-326C-47CD-A255-C253CB43D984}, Quarantined, [5a88dcaa6336a294074304fcf90b24dc], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{120A2403-1BE5-43DF-872B-A07A4781C2C7}, Quarantined, [ad35aed88a0f0e28bf8b06fad52f58a8], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{12E1ED6B-41B1-4545-AE8D-91DD3AC866E8}, Quarantined, [bc262264dfba38fe1832728ed92ba25e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{139870D7-7970-4FD4-B891-87C1B9179BD5}, Quarantined, [28ba05812d6cbf77de6b2fd143c1e61a], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1399359B-9FC2-4279-81D8-C1ED9FE6B484}, Quarantined, [6b772f5728716dc93f0a41bf22e207f9], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{13F9E471-35BA-44EA-BCC4-83E4ABA367B1}, Quarantined, [796935510c8daf879faadb257b89827e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14013697-DC2A-4BB3-BEB3-727E5AF41590}, Quarantined, [30b203836534f73f0f3b649c758f718f], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{143E7B05-CBB6-4234-B2E2-D1882AA19595}, Quarantined, [7969bacc99003bfbb4959b6558acd22e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14BDB8BC-382C-47EA-9FE1-E3E8AA84447F}, Quarantined, [4a98f0964e4b3402fd4c8779b1537789], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14FD7410-DCCD-4318-8BAE-C1545970C9DC}, Quarantined, [6f73b8ce0099ed4969e0857b5aaade22], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{163548E2-5BD5-425B-B696-6C9EF174BE38}, Quarantined, [6c76d4b23762ee48e7636a96a064a15f], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{166935B1-3BA2-4D25-B412-A1768C24EF5F}, Quarantined, [11d1fe886a2f191d7ad04cb4be46e31d], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{16722D54-DFBE-42FA-B037-8E4AD946E349}, Quarantined, [3da5f78f990059dde06987797490b44c], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1695A449-8787-48D6-ACF3-4BFA573EEE9D}, Quarantined, [eef4473ffa9f2c0a0b3f817f10f422de], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{17543A66-52B3-43D8-B42E-7DA250E59D71}, Quarantined, [f2f0eb9b9efb1d194604f709b0549769], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{18E5756E-6436-41CA-9681-D414B9EFA3A0}, Quarantined, [ecf6c7bfe9b0a88ed377f10fb450966a], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1939D2FF-BB13-45C3-98D3-A21845DA5793}, Quarantined, [449e1373e0b9d75fdd6c5ca480842cd4], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{198D7BD0-38B4-4AFB-9E1E-9B388FC7AF11}, Quarantined, [4d9520663c5d60d612380ff124e01de3], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{19AD1820-3531-4F7F-976F-8FB34EB96540}, Quarantined, [23bf7115efaae056ec5d8080798b02fe], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1A20166F-6F65-4B72-90EB-B945B5E39042}, Quarantined, [ecf6691db9e0152178d104fcdb2942be], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B30C71F-45D9-43DD-8843-9BE7E1511882}, Quarantined, [c61ce6a0732687af74d56898b94b946c], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1BC7290A-A025-48EF-813D-26F6898EB891}, Quarantined, [20c2f2946e2bcd69ce7bac5431d3b24e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1CD3724E-422F-450B-93FF-A15FBAA8A9F1}, Quarantined, [0fd31c6a4a4ffd39a7a32ed2e71de31d], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1CD91F01-56F4-4A2A-B148-E0A59F884D15}, Quarantined, [b32fa7df2a6f68cebc8d29d7b54f27d9], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1DCE95B0-D27A-4122-A0E0-AB56D8C1C4B8}, Quarantined, [9250bacc059471c5f753f10fd72db749], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1E99A07C-60DD-4254-9A21-FFED99C5DB11}, Quarantined, [d21000861782e94d01484db3dd27a25e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1FFA6063-9398-47F5-B149-D9708CB633A0}, Quarantined, [21c1572f3f5a49ed8bbfb14f1ce84cb4], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{206AD984-9CFD-4B2A-AF37-756324B98359}, Quarantined, [7d656224f0a9d1651f2a867a0bf9867a], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{20AE6453-1AE0-4A95-BBAE-F2E07A9B6CF8}, Quarantined, [b62cff87aeebb28466e316ea36ced32d], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{20DF9906-CD9F-46A8-BEE2-A962BC7B5DC0}, Quarantined, [4d955a2c1c7d1d193218738d1fe5e51b], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{212C3E0E-1E29-44EE-B420-9A84402B2B2A}, Quarantined, [07dbceb8891064d22129a65a4cb8ae52], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{226998D1-7958-4619-ACC9-76F823EDC354}, Quarantined, [d1111274a2f7b97d450526daed1723dd], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{23531485-F9C1-4D62-84A2-56B3C7CB47CD}, Quarantined, [2db5c6c0326764d22f1a8e72e81c837d], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2367061B-1ED7-4BDF-9379-3CF7F7A5ECA6}, Quarantined, [c81a2a5ca8f1f046b694877949bb659b], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{25B6A51B-CC13-49BE-B2BF-8945D3E54460}, Quarantined, [954d3d49475247ef71d9c43cde2643bd], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{25DB8C2B-FDA7-463A-91F6-1E1ED59B3FB8}, Quarantined, [ecf60a7c297010268dbd18e88c78718f], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26972ACC-C157-4A73-B97B-D26E798021BC}, Quarantined, [9d45780e2f6a280e440525db7c88a15f], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2710C2B4-E0DC-4077-A7CD-361EED6CC339}, Quarantined, [2ab8ef97b6e3f4421f2b857bdd27619f], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2761D65A-BEA2-472E-B474-A9AFD3948C40}, Quarantined, [db077115debbf83e9dac40c0ec186c94], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{27B89EC3-2FFB-45A0-8F3D-64DB4BF719C3}, Quarantined, [a73b1274a6f352e4cb7f16ea5fa5eb15], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2A110EBA-8B7C-41FE-99AB-78D03F929098}, Quarantined, [776b03831188013593b66b95dc2855ab], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2A4C4663-7974-40C6-96EB-BAD4392D5940}, Quarantined, [974b176fd2c77eb8d277e51b33d1c43c], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2A64E5CA-43DA-41AB-9A8B-D4FCD33D2FDC}, Quarantined, [fae892f45247e452a5a4c93763a1fa06], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2B72CEB0-E86F-4A84-BBCB-6E9FAF6B1BEA}, Quarantined, [865c92f46831c76f4108e020c143a25e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2C44E379-FFD3-44D5-8B2E-23E192E07E20}, Quarantined, [41a14c3a0e8bef470f3aa060be4620e0], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2D19E0F2-755E-4941-B974-89C0E5D04B44}, Quarantined, [b72bdfa7ecade74fdf6a52ae7b89e61a], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2DB72826-670D-45A2-9A09-C203C36951D8}, Quarantined, [964c275f7d1cde58d37532ce947042be], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E5E03C5-2821-41F1-B0B9-DEFCD6ECC22F}, Quarantined, [9b47d9ad55443cfae268c43cce36a35d], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2F3FA7EA-F85D-4A5D-A996-5FF434EAAF67}, Quarantined, [f3efa4e20d8ccb6b0347d82831d303fd], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2F65467F-E42F-4412-ADFB-ABF120DA7112}, Quarantined, [2db55234366366d04900bb45c34147b9], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{30C14EB7-65DA-40C3-9BCF-FDAEAE6C7775}, Quarantined, [8c569de9811876c056f330d05da752ae], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3146E951-4F6D-4EA3-AC28-AD85E8133FE2}, Quarantined, [f0f28006d7c21d194dfcfb05c63e916f], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{317D7155-23EA-41D4-BADF-EDF945864069}, Quarantined, [e7fb8df9c8d1af870149c63ab0548a76], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3195F094-A8EE-4415-8828-A7165A25EBE1}, Quarantined, [786ad8aea1f8fa3c05448d736d9727d9], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{32140BDB-EA88-4DBF-94B6-CF28734A3490}, Quarantined, [00e29aec7b1e41f590b9eb15b94b659b], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{32B30D68-7C21-4552-B11E-8699F645B6D1}, Quarantined, [8e54b6d009900a2c2c1e35cbd232f20e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{32C5E6DB-8524-43FB-AD76-F645253DD180}, Quarantined, [db07ed999aff5cdab09ad030e0240000], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3330DD82-9E37-43ED-9F14-1DD566FBD6CA}, Quarantined, [16ccbec84257b97d1b2f01ff23e19f61], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{34931CCC-FC76-415F-A2FB-79F7A496D44A}, Quarantined, [61815531c8d1fa3ca7a26b95d133827e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{35ADB11D-80E9-43F4-BB3C-42A619311FE3}, Quarantined, [e20004829702c274c881728edf25ff01], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36449CD0-1503-406A-B47A-FB1733BDD03C}, Quarantined, [1bc776106831ce68ea5f6d934bb9768a], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36F2266F-369E-41FF-ACEE-5EE983A6DF62}, Quarantined, [f3efa7df8217ed49a3a63ac6d2322bd5], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{38357BD4-A5FF-4D7C-B3EB-FDD4B76ECCE6}, Quarantined, [02e0b3d3693045f13019649ca95b659b], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{38F8F620-DB52-4F66-AC40-8A104C375FEE}, Quarantined, [2cb61c6ac3d6ae88d1783cc43dc757a9], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3905C9F6-558C-4E9B-A67E-CA9A43DC5266}, Quarantined, [e0028501b5e451e5410953ad30d4a957], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{39F75E91-7D8A-4ADB-9E72-E2E39CBD165C}, Quarantined, [0cd6097d86134ee8c9817f8119ebc33d], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A13CA7D-7C66-48E5-8423-F8BA8BBFD4DF}, Quarantined, [2fb381054f4a0a2ce56432ceed17956b], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A8DACF4-15AA-465A-A939-BD77608ADC78}, Quarantined, [7d65c9bdc7d2cc6aa7a347b946bee917], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3AF9E0A0-2144-43F9-94EC-B3C57ECF84B5}, Quarantined, [3da5b3d348512f079cad768abc48f010], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3BA7C4B6-3062-4CE3-82C1-D69CD41DFA16}, Quarantined, [ac363f47c2d7a096c881867a09fb916f], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3BAF2B79-90F2-4DE8-9822-FAECFF39579B}, Quarantined, [f9e9ceb81a7f57df1e2cfc0407fd7987], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3C03C5B1-275E-4430-B9F2-68AC2D54142A}, Quarantined, [f3ef10768d0cf0460841b9470ff5956b], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3C5D1DA2-5414-4E93-B33C-B56127EE8BB9}, Quarantined, [c41ee5a1bedb85b1a4a64eb2c4400af6], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3F9268EC-7322-4A83-AD33-879F13A57DCB}, Quarantined, [fae87d09a5f448ee81c98b7513f109f7], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{406FA04C-2813-4305-8995-C110CB3A3FD4}, Quarantined, [b03292f44b4e1521b59422de8e765ca4], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{410168FD-6044-47AC-8A33-556B23D71F60}, Quarantined, [cb170b7b58413bfb17324fb1739129d7], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4119E015-DA06-4AAE-9A9F-F947EB122313}, Quarantined, [cb1726600099d066ae9bed13f60e6799], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{41D64D08-102A-4EFF-ADA4-CE5E50692CAC}, Quarantined, [c51dd9adc5d4b1853614966a7c8818e8], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{431F520E-A9D9-4578-BA92-146DE871B382}, Quarantined, [17cb1f67debb9a9ccb7e49b7ea1a13ed], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{433CC5C8-5A45-47A6-B246-9454A990AB7C}, Quarantined, [79697511b7e2be78331758a8ee165ea2], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{43B02975-5898-46FE-98E5-7313C9383487}, Quarantined, [eff3abdba0f9e2542524629efe06fa06], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{43E18574-2387-49C2-AD7E-4EEA312B8484}, Quarantined, [2cb600860b8e7fb776d342bed0344fb1], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{43F8C80D-7C3D-4130-A19D-936630508DC2}, Quarantined, [e7fb0185b6e31d19dd6d8e7281832bd5], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44732AAC-6DF0-4498-BB4D-A3F4A4EE1831}, Quarantined, [6082d4b28910fe38d179f60af4102fd1], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44E7429F-1AD5-4B9B-8193-2C2F381192A7}, Quarantined, [71711076edacb086f85143bd857fb44c], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45B9D6D5-5807-4D62-BCB3-37DDFC1FC174}, Quarantined, [cf1363233465072ff4560ff10ff50ef2], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{462A888A-1FC0-44B0-A599-2D51E951A114}, Quarantined, [c919741252470a2c9cae5ba5956f7090], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{489B17A1-5D28-4033-BC46-412049176DC8}, Quarantined, [eef4fa8cddbcaa8c420709f71ce8926e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4930E86B-2B08-4D32-93BE-5111BD324375}, Quarantined, [a63ceb9bc6d36ec8b099e21e43c1946c], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{49E151C2-10BC-4C74-81A5-8AD24FA057B7}, Quarantined, [4b976026376242f498b1649c788c05fb], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B6581C4-2586-470E-9598-88513050D9C8}, Quarantined, [2db5fc8a2a6f5dd9a7a33fc1b84c36ca], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4C0FD059-7CBB-4295-B47A-D43E5D96F925}, Quarantined, [2db55531d8c11e189fabfa06877d26da], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{506E1600-7C68-404C-B04B-D2DBDD375D72}, Quarantined, [1fc316709108ed493217827e7c8818e8], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{50EC9D7C-6AE6-4F2C-8E3A-9170EE15B871}, Quarantined, [b72bea9c158486b0074233cdeb199a66], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{52068EB5-BA48-4C4F-B462-7FA583FB315F}, Quarantined, [2db52561a2f7dd5998b13ec24eb616ea], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{532A61D1-6B72-464D-81F3-7F92CDA2641B}, Quarantined, [a83adbaba8f182b4c48623ddd82c6898], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5336CDDB-107C-4323-BA7A-B5B8841B9D11}, Quarantined, [36ace2a4ebaebc7a9eacf60a9074a25e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{53F27C79-2DA3-476D-B1B8-F67A59EA5C99}, Quarantined, [e3ff434319802a0c60e9d82808fcde22], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{56140F45-7462-49E2-9F49-201B517BED62}, Quarantined, [4c96c2c4e9b0c076a2a8926ed331df21], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5723B447-C104-4B62-8913-CD858EC03238}, Quarantined, [e3ffa5e16534f0462c1daf51768e5fa1], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5860F43E-B7C6-4519-8A82-BB92E93D30DE}, Quarantined, [59897412fc9d69cd3b0f9b6511f334cc], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{59924DBB-455F-4D88-B0F6-4BFBBFE44C66}, Quarantined, [c220dfa73366092d3911ec14b64e946c], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{59AEE8B4-525F-48F7-A9BD-33A582425DD6}, Quarantined, [d60c96f01a7fa591da7018e845bf14ec], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5B870139-24EC-473F-8EBD-99A9B8924B25}, Quarantined, [8c563d495d3c2610d07a8d739b69d52b], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5BE0C281-DD6E-4BDF-AA59-C5291EF11EC1}, Quarantined, [81613452514892a48cbe39c77e862fd1], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5BF3DCDE-AE69-4178-9858-F5FEBCB8ECD0}, Quarantined, [2bb771158910b97dbb8e7b8522e28e72], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5C71DD7E-C544-4CA4-B9D1-2AE35E543477}, Quarantined, [18ca9beba6f384b25eec42be0bf94db3], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5D5D81B3-90D5-4636-BDD3-DCC2CED896B4}, Quarantined, [be248bfbb9e0d75f58f1d729b84cbd43], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5D7DB25A-93D5-4019-968D-222BA7347EFA}, Quarantined, [9c46bcca6d2cbb7bc684ba46e61e7a86], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5D919200-131B-42EF-BFE2-ED60D6174225}, Quarantined, [b82afa8cc0d9171f65e58f71c341ff01], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5E5CD8F0-B037-4063-903D-12ACF8F15A12}, Quarantined, [a43eec9ab5e42610cb7ea65aa4607e82], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5F36077B-365C-49F0-874C-624C2CE0AD1A}, Quarantined, [e8fac4c2d2c79c9a22271fe13dc7cd33], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{608DB1E8-416C-4F7B-A6D8-B7B5253932C5}, Quarantined, [52905a2cbddc62d4a4a64fb1c2429769], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{618ECD06-956A-4C0F-97C4-78C964DE3928}, Quarantined, [34aea7dfe8b152e47fcb46ba74909d63], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{61E9F122-305F-42B9-9872-79A18F78BAD6}, Quarantined, [1fc37412831653e38dbc9b65b351cb35], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6209525A-186D-4DD6-BAF7-B6728753508D}, Quarantined, [944e790d1386e056e6635fa113f1e31d], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6560A2D9-A5B3-4A77-9E4C-58C4C66E2328}, Quarantined, [ecf6f88eecad79bd4efb1be5ec18ae52], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{67722950-34D1-4864-94ED-76C6155022DF}, Quarantined, [e101176f7623ae8850f9a858a55fbd43], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{679A5437-B7B1-4D28-985A-C49C1B223446}, Quarantined, [d40e2a5c8217d3634dfc49b7e61e2cd4], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{681254A4-F254-4A7B-8FF5-E02A18456ECA}, Quarantined, [9a48671f9306de5864e58a76986c7e82], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{694877B2-F7CE-4719-9558-F190DD45A6D2}, Quarantined, [e10188fe534669cd75d547b9e71d60a0], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C429B75-7053-4836-9D85-C187516F734F}, Quarantined, [13cf2e58584141f5400a2ad6956fdc24], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C9374F7-61D6-4D4E-9CA5-75774D566A82}, Quarantined, [2ab8ef972376ef4770da827e0301de22], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6DFCA02A-B844-4BA5-92C5-981A34AB94BD}, Quarantined, [82609fe73762063075d53ec2d4308e72], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A7B8F1-DBDF-430F-9C32-C41CE51ABFE1}, Quarantined, [1ec40086aaef1620dc6d17e9d92b55ab], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{754B804A-BDB7-4053-981B-994591583AD4}, Quarantined, [c31f216547520a2cd57525db0df7fb05], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{76E6FC64-2560-4793-BB4C-B667802AEEED}, Quarantined, [38aa9aec6831d561034609f710f41de3], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{778C5E2E-2D0A-4E70-8CB6-AEA9184A893B}, Quarantined, [8f53cdb9693022143e0c80806e964cb4], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7857A6B8-D4C8-4F95-BB77-3545F134E8C4}, Quarantined, [f1f1fd899207b2842920679950b46c94], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79A291CA-E3CE-4EAE-8B24-89A64D565E33}, Quarantined, [05ddd1b50b8e44f23416718fbf45dd23], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79F807CD-8543-4C23-BF6F-72E4EA9B5843}, Quarantined, [eaf8a2e42178d165381235cb8f75f10f], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7A194813-B3DF-48CF-9843-1AD7A94A5350}, Quarantined, [6c761175e7b246f03713cb3562a2fe02], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7A3B3243-BBFC-48D7-AC8D-914A4ED3D3D9}, Quarantined, [0ed4bdc9c9d085b1a4a6c33d1de7629e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D13DBC9-B258-418E-8A63-79C9724BC150}, Quarantined, [6b77dfa79504c2743f0add2317ed6a96], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D14FA72-3A3C-4C85-88A7-7C5B23E696C3}, Quarantined, [568ced9968318fa73c0e639dc440be42], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7E4C6117-72EE-4788-B558-CDCA7A94EB85}, Quarantined, [08dadda97326999d4208db2561a34bb5], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8095C6E3-CC4D-4229-9033-38677054636A}, Quarantined, [9f43b2d44d4c36001d2d19e7bc48ec14], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{81F32664-C696-4EB0-B06C-BE3B8A189C10}, Quarantined, [04de780e8f0a3ff7c782629eec18c63a], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{82A615FD-1ACC-47CC-98A8-C915E760E9A4}, Quarantined, [a83ad0b6851437ff331625db63a16e92], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{835669AA-C1F3-4E72-A15B-1095F09E67E6}, Quarantined, [578bdaac4f4a49edc68449b738cc6c94], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{83F8966D-3E3F-4486-829F-E07B355F5E41}, Quarantined, [f2f06c1aa7f226101d2dc73908fc15eb], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8481A81A-3097-4593-B637-38A1D4975863}, Quarantined, [f3ef186e3663f2442b1fb7498e7652ae], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{860F7A6C-87A0-4D08-BD23-646333313DA3}, Quarantined, [0bd7632346532b0b5eec09f743c17c84], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{863FC7DB-990A-4EBE-8C77-3180CC2F1852}, Quarantined, [80620680643573c3f9512fd143c17f81], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{86DFE656-8A39-46F2-B94F-8BF196AA7CDC}, Quarantined, [c81a6620d6c3152170d9b94712f257a9], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{87ABBCA6-AD77-43A5-B871-A470CCCFCD49}, Quarantined, [1fc35c2af7a283b3ff4a27d9dd2751af], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8836378B-6E3F-4FE3-A26F-211A9A80C75D}, Quarantined, [17cb9cea633658de51f812ee47bda858], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89C1465D-1A65-44A9-A353-FCB314A9F7ED}, Quarantined, [0cd687ff851445f1d079ea169c680000], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8AA56F3B-54D1-4B66-A9E2-52866E2E8A35}, Quarantined, [38aaef97d8c15dd90a3f4fb1be46a55b], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8AB2FDD9-EDFF-4575-8824-E6FF8B51B712}, Quarantined, [f3ef21657d1c92a4db6ff90740c412ee], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8B8D16D8-9842-4DAB-A7A7-9B6DF9199E8A}, Quarantined, [25bd533319802412ff4af50b52b232ce], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8C3282FE-34E5-49A2-B2AC-866BF7F772CF}, Quarantined, [ce1421650f8a68ce2e1cd8289b69ae52], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8CFD7E27-1ADC-4207-9BDC-CF88DE2CB4BE}, Quarantined, [b929077f83163402a3a7b64a857ff30d], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8DEBEE0B-BD69-456F-A527-EA2E3A5C8EAB}, Quarantined, [29b98cfa4752c27490ba6b957b89837d], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8F0431C8-CC53-4D5F-B38F-8F39E2D1E84D}, Quarantined, [667cd3b3673254e2e5640cf444c08f71], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8F622240-5A61-415F-9913-8D6F52A63296}, Quarantined, [89596026d3c642f4b89149b7d3317c84], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8FC0A3AD-6675-4472-993B-BA8AC2FF3FB2}, Quarantined, [439f21654e4b53e33613ef11a460f10f], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9113A02F-8CB0-435B-B560-49ABF16CD227}, Quarantined, [9b478ff7d3c6cb6b8ac0a35df60e03fd], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{91DC7D58-8D4A-42E7-A11D-1E80B3C94542}, Quarantined, [af332165d1c849ed2227aa560cf87a86], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{921A485D-3E44-4E43-962C-2B5C54BF9B5E}, Quarantined, [af33add9554465d187c3847c867e29d7], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93838704-275C-4ADE-AEEA-C0C95D403243}, Quarantined, [c41ef88e44552e08f654e0204bb907f9], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{938A4E20-E8DF-4AAC-9F5A-25E5817F27EB}, Quarantined, [c71bbdc9d9c0aa8c64e519e7fa0ac63a], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93AA40B3-AE33-45D9-9AF9-60AECA106264}, Quarantined, [df03493d4c4d5bdb98b1b24e1de7f010], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9566E85F-771B-49A3-A2EE-92F7F9FDC89F}, Quarantined, [479b374f9bfee4524dfd857b0004d729], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{96024BAA-CDA0-43D3-85E7-7890A7605BCF}, Quarantined, [9a488ef87a1fb97db496da2634d056aa], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{96611303-7004-436F-B5CB-106E62D0F6F2}, Quarantined, [885a30563f5a80b6202a5fa1c73dbf41], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{96845C84-4165-42DB-A8BE-AC25BEA392E4}, Quarantined, [03df99ed73260333ae9c8d73a85c48b8], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9711B443-4215-4C74-9D60-654BD112384F}, Quarantined, [a63c543231683afc103950b07094c63a], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{975183CF-BE25-4665-BDA8-6CD8C1F713B1}, Quarantined, [5b8794f271283afcee5b1fe1a75d847c], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{979E6560-6A0D-432F-A616-A458732533E2}, Quarantined, [af33f4920f8a75c10d3c4db39c6833cd], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{97E45CCC-51EA-4E77-8DDE-E5A99FE5B0E4}, Quarantined, [e6fc92f4a4f5cd69c387d927df25ce32], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{983A0A36-419D-4970-8524-95A86C23F924}, Quarantined, [00e26f173d5cc86e72d7fa06768e5ca4], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{98E3E479-4B29-4B50-BDDA-F2E210824B4B}, Quarantined, [a939a0e6acedbd798bbf2bd5d52f916f], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99903285-A502-4D91-98F2-D3AB36E641C9}, Quarantined, [b131ef976f2ae05602488779ff0549b7], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9B38E088-9EE2-470C-B3C3-8049BB648BA5}, Quarantined, [dc067511aeeb8fa7d87233cd689c2bd5], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9D07B7A4-EAA0-4587-B0C6-15CFD568FEDC}, Quarantined, [588a40463465221471d858a84eb6da26], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9E1FA9DD-DDCE-422F-B253-569AE47DC8F3}, Quarantined, [fbe7c5c18712b77f1633f709ab59748c], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A0115B0B-3642-4302-90DB-A6DC6E33C8F1}, Quarantined, [07dbe3a3c6d333034208857b6f957b85], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A2EF9939-28F9-4481-A4F9-AD7E86FB57F0}, Quarantined, [7b670f776d2c50e6c0891ae641c323dd], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A381E73D-B344-4903-A164-B472EE2357ED}, Quarantined, [7c66493d8712ab8b4bfed52b2cd81ee2], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A4CF3076-C5F1-42C7-B67E-C65799762D99}, Quarantined, [e9f98bfb9306c274bc8eae52778d1fe1], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A4EBEADD-C35A-4F21-9F64-3A80CEE29B76}, Quarantined, [d60c8105980178bed1789c648e76b848], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A57E2ABF-F259-4CAB-8087-AB839E745091}, Quarantined, [df03bec86d2c73c37bcf39c77d87f20e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A6C2046B-ABBC-449F-8036-CC631070EE5C}, Quarantined, [756da6e0d6c3c274ff4bcf31af550df3], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A8E4B000-2D32-483F-B09C-26289549BD45}, Quarantined, [d80ab8ced9c0a690a4a5ca36c83c39c7], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AA329377-C44D-4B0F-947E-E75E7A6C1266}, Quarantined, [52900d791b7ea3938fba629e8e76a55b], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AA4FA462-3D08-408D-B517-877C787241CF}, Quarantined, [974b36502d6c3afc430699673dc708f8], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AAFEC6D1-EC38-4A35-9A88-B050E7916132}, Quarantined, [fae8ef972e6b53e380c9ac5447bd7d83], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AB53C436-504D-4C3D-B4F2-24E91EA469AB}, Quarantined, [bf232e58732683b368e156aa50b49769], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC5EF9DA-8E63-4843-9428-AEA48957A61C}, Quarantined, [4c967412a1f86bcb38113cc4b0549f61], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AD59DB04-F11C-4460-9976-1C632796B09C}, Quarantined, [3fa3acda7029b3833b0e67994fb539c7], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ADEF03D9-4A1D-4FA9-B542-55D1EC6F18B5}, Quarantined, [5a88e3a39aff1620272223dd867e27d9], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AEBE90E5-6C99-46A1-8472-DD6319C23BF5}, Quarantined, [22c0aadcd4c584b2d673a9578b795fa1], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AF6AC92B-7C03-4E5A-9F81-29FF998CCDC5}, Quarantined, [756da8de49508babf1598b7533d155ab], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AFDE673C-6FA0-4708-A141-A993BEBDCB6C}, Quarantined, [677b9de9cfca78bedd6d09f7ae569070], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B1DA4F03-B92F-4F78-A610-1C5162354F5A}, Quarantined, [edf5e1a5415872c444066d936a9a0df3], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B224C3A2-74F7-4BF6-BDB9-4B803558BDE2}, Quarantined, [f6ec2a5cbbde7abc23274eb2c24220e0], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B400B430-548E-4DFB-ABE5-7F991245A34A}, Quarantined, [9d4521652d6c8bab0a3fec14a0649d63], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B54D30EE-D8C6-40A9-85BA-16D386E1BDD6}, Quarantined, [b82a028423760e282f1931cf24e08f71], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B57F10D9-A9BC-4A58-8320-157D6E7567F8}, Quarantined, [29b910766d2c6bcbd277e11fbf45a957], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B78248AA-7624-49AC-9475-349225C7ED44}, Quarantined, [19c9295dd8c18da9ef5a40c054b0d22e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B88492DA-2F52-47ED-B737-1B5282F145C6}, Quarantined, [31b16b1ba1f815210b3f778930d418e8], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B9083B0F-D6B0-4758-8FA7-4C75BEDD6FE2}, Quarantined, [0ad891f5a2f758dead9cd62af80ccc34], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAA1D441-64B7-401E-AE1E-2CA19367DFB4}, Quarantined, [934f6422732657dfeb5eaf5155af3bc5], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAF590D4-5F0F-4BE5-9C34-AE8C811DD596}, Quarantined, [ca18a7df4d4c0c2ae466e41c59ab7b85], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BBA63DA4-85C7-4195-B182-F6662E62DF6B}, Quarantined, [588afd890a8f2f07d872d32deb1924dc], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BC16A178-60A7-4E4E-85C7-2F232A62E274}, Quarantined, [b52d98ee9801ac8a83c7a7597d8703fd], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BE363D87-43E3-45F7-A946-96EEB875178D}, Quarantined, [a939dbab8d0c3600252531cf7193e020], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BE8443F6-9FE2-4F10-B346-AB5BC8F1154D}, Quarantined, [40a26422a5f4d75fe3667e82917317e9], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BEC4795C-C4B3-4FA1-A41F-F660FDDFE7E8}, Quarantined, [bb2794f2c7d2aa8ce169ed13af557888], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BF3A4260-C090-4543-8663-F654D517728F}, Quarantined, [9250721407924ee82822af51947040c0], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BF6DB1D9-3403-4672-866C-C646BA6F87CE}, Quarantined, [ecf6a3e36a2f0531e267bc44a262fc04], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BFC9909E-DFAE-406A-AC32-7A1E1FB235DA}, Quarantined, [fbe732545247be78f6536e92976d44bc], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C05E4CCD-C95F-4FDD-A5C3-26E07687D9BC}, Quarantined, [1ac8e2a4dabfe74fe6637c84ce367888], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C081E00F-1A3B-4392-91A6-9538BD6F32A7}, Quarantined, [d012f09666333006391158a8f80cd729], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C0B330D4-8789-4DBF-A767-E0B8F47ED855}, Quarantined, [469c80069009d165a5a4da26bc482fd1], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C0CDC210-C6B8-4E06-99F9-12B867635A28}, Quarantined, [d111d5b13e5b2e08b891b64a927247b9], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C143D7AD-72FD-4F44-8760-4F87C83BF527}, Quarantined, [8161f294aced9b9b91b8f20e0afa03fd], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C1E7C391-7EA1-425E-955D-AC7EC84FEA31}, Quarantined, [aa38c0c639605dd94306eb1560a48f71], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C22A3522-2D13-480A-86B8-F88C7CCDA881}, Quarantined, [1dc5483e643540f6f059f808bf4554ac], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C247D983-B486-47B0-90FC-FA6D7BA318BE}, Quarantined, [509202842c6d0b2b7bce0bf5679d56aa], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C27D19D2-92B4-41AF-A3CD-F2F489A849D8}, Quarantined, [f1f16620a9f0e35378d19d63de26a957], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C62EDC06-70BE-4F81-A4F4-B0A0D592E613}, Quarantined, [df0303839603112567e243bd58acb54b], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7EE43C7-566C-4426-A374-8F541EEDC884}, Quarantined, [4999dcaa3366e2541b2e3ec239cbdf21], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C82D5523-ABEE-4F09-8ED8-77E3C533DB20}, Quarantined, [cf13780e8c0d3cfad574c53b7e86768a], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CA2A1BD8-D408-4EF6-98AA-962C9C1A6D4B}, Quarantined, [13cf35514653e74f13366a96f0146f91], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CA803163-AFEE-4A39-A3FF-44EFBB53D244}, Quarantined, [835f493d8f0a5fd7400a13edd72def11], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CAA1EF73-A9D0-47ED-9BB5-2DF7CF35911F}, Quarantined, [9a48d2b4efaafc3a3515ff013fc5b050], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CABE065D-54E1-4ACC-97ED-E0C75E67A4DF}, Quarantined, [16ccc9bdd8c1a591c882f8080cf8d42c], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CADFEC86-D03A-4C4D-B9A0-DA80D7873E53}, Quarantined, [1cc67511dfba1f17a7a26898ad57fc04], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CB5FD853-A4AB-4DDB-BE9C-10D5D627F23F}, Quarantined, [aa388ff7f4a55fd7202a4db324e0d927], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CB95DA45-E8B6-464B-A9B2-C5CD1D61372A}, Quarantined, [fbe7ee98d1c8ba7c6fdbf20e857f6e92], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CBBBABF2-90DE-4E69-BE9B-E68556C81A4F}, Quarantined, [d11199edd5c4da5c143545bb19eb9868], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CBE69D0A-9CB8-4C72-A332-C61A9838328F}, Quarantined, [29b90d796b2ebd7905449c641be95da3], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD1C0F6F-9DF9-4DE5-BDA2-315C605610BC}, Quarantined, [e7fb0d79c3d67db969e05aa6f212a25e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CED63300-8140-4887-B2F6-952BB47D6C25}, Quarantined, [7072b2d4d9c0999ded5d36ca8d7708f8], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CF635538-4338-438E-9C94-71EEDE694574}, Quarantined, [0ad8c4c27029a39332186799cb3908f8], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D0469264-E423-4587-8F5C-3F38B2C66116}, Quarantined, [ce14473fb9e051e51535827ee81cdb25], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1638D80-2C08-4087-9BB2-287F7D238AC9}, Quarantined, [a33f6521aaef7eb82128a35def15ad53], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D222B4C1-C52C-4A24-8BED-9CA2D39B205C}, Quarantined, [1ec4a0e68a0f191d89c0ba4624e0fd03], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D3489638-C36F-479D-9076-DC684E627459}, Quarantined, [8f53d7afa8f1d5615dec936deb1905fb], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D365C9CC-62F9-4A6F-B855-50C74FAE24B1}, Quarantined, [c31f3b4b6237ca6cc089ff01887c936d], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D4AFFC84-E7ED-460B-8610-E872D55C834C}, Quarantined, [10d2f6906a2ff93da9a17f811fe5728e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D57EBB10-9529-4CDE-A0ED-6C19F5FC2BD0}, Quarantined, [568ce5a1e0b9fc3ab595c040857fc63a], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D7090EB5-D6DF-48EE-8B48-22D557C64D39}, Quarantined, [558d6f17a0f9ed49ed5cf7090301e41c], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D999A5F8-B531-4236-B351-8138FE2156A1}, Quarantined, [7b673f474b4e9e980f3b5fa106fe2dd3], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DACE0926-CFA7-4B95-A475-F8BC24A8AD42}, Quarantined, [3da57115a3f6a591202aca36a1635ca4], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB7703A9-AEE4-4B49-9456-1AF6239AE7AE}, Quarantined, [c2200f7789101a1cf45603fdbb496e92], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DCF55406-B41B-4635-B8FF-DB3149507335}, Quarantined, [34aecdb90495d95d83c66a96dd2748b8], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DD1DBB7F-3003-4920-84C5-40B3D8965445}, Quarantined, [81612d59366335011831a15fe61e9070], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DD3F5AEB-9C64-440C-A213-A4ECBA81B442}, Quarantined, [33af45419dfcb77fa6a40ef2669ecd33], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DF095EF1-804B-40E5-9435-E226CC2222C4}, Quarantined, [d50dbcca3b5e60d668e155abf50fe21e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DFE1FED6-4EFB-4562-BCAD-50DD10781FFC}, Quarantined, [be24b3d38c0db581d575aa56ef15b64a], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E2AB09BC-46D0-412E-9E9C-AF7363465197}, Quarantined, [db07e79f980165d183c738c82fd5827e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E304B69E-C3DC-49FF-BD1A-E6FD11EBF44E}, Quarantined, [8f53681ea9f0b482b09a20e0c044bc44], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E40C7C21-E6EA-429A-931F-7D63C14898FE}, Quarantined, [c1216323405942f445046a960df74cb4], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E42314A6-E619-40D4-87D3-321CB4C961CE}, Quarantined, [a0429beb8c0d50e686c4a65aad57cb35], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E48545A2-5492-4626-A7D6-87CC5DF1BFFE}, Quarantined, [974bcbbb4554c86eed5d30d040c458a8], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E596FE2D-5F5E-42B4-8AD9-3928A64DF996}, Quarantined, [e9f9384eebaebf77f65457a9d1338779], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E619FDEB-43AF-48FB-A998-1B3E58D985B2}, Quarantined, [8062572f9bfef046b694eb15f4104ab6], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E8640214-C0FA-4A5C-A626-C017D0E1AB24}, Quarantined, [7c669ee8524766d0fb4ed62a13f1f709], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E8707F55-A338-45E0-99F8-8FD26ED877BA}, Quarantined, [5191e4a2e1b81b1b2f1b956bab599868], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E8AC11BF-9896-4512-A032-457FE2BE33D1}, Quarantined, [a43e582e8d0c979f2a1f4db39f650cf4], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E9514164-EBFD-4680-9016-D9CEA830BB89}, Quarantined, [d30fe89ea8f1cf672b1f08f805ffe818], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EA525B69-1EB3-452A-BFFE-82BE66A2375C}, Quarantined, [776b7412821794a2153436ca8c78b749], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EAE39D56-9B05-4844-9DD0-D9DBCFC29CA2}, Quarantined, [ffe34541bedb8caa4cfebc448c7852ae], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EBC86C2D-7D34-4CCA-80DE-7B532BB14672}, Quarantined, [1cc692f48811d75f70daff01e024ef11], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ECD30808-F2EE-4C3E-AEDA-F0976710F2BB}, Quarantined, [9f43c2c443568bab55f45fa141c3d22e], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ED283292-B9FE-42BD-9DCD-1951E652E057}, Quarantined, [9d45295dc8d141f53613be4218ecb749], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EE283366-ED78-4DE8-ADE9-D0FAF8A410F8}, Quarantined, [d210681e0198db5bdf6ac838ca3a32ce], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EE3A2A97-D569-480B-856B-D9EF362C6ADF}, Quarantined, [cc162066c5d4a88e4604ca36d2328a76], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F011D300-7D14-4AF7-88CB-86A5119ADDE1}, Quarantined, [f3ef2b5ba3f693a37bce8c749b69d729], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F0455F67-94BF-4008-94F5-CF59AE5BC1D8}, Quarantined, [5b87285e28712b0b5bee6d9320e456aa], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F0C96A28-345B-40D3-9ACB-859AB08A42FD}, Quarantined, [28ba7e08c0d933035eebad53ed1752ae], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F1042CE8-F316-4DFD-B297-D760B7A07C82}, Quarantined, [3ca6a4e2e1b816203b0ec0405fa524dc], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F338B87F-2B65-4307-B345-1EDFA83A17B6}, Quarantined, [d1117b0becad9e98183207f954b0d927], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F39C5DCF-1724-428F-BBC1-EBACA5753FF9}, Quarantined, [25bd9fe7c9d0e74fce7c8779be4638c8], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F53596B0-E6F0-4541-8A84-1220CDF76E82}, Quarantined, [c61c513575242115bb8f1ce4df257987], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F59B6886-6C8D-4399-8983-18DB87626A92}, Quarantined, [974b4f37cbce62d4d278a15f2bd9e020], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F6EE71DB-80B8-41DF-8EBC-E287255C78AF}, Quarantined, [d111bdc9b3e655e1d57501ffa65e03fd], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F8831910-3EFF-4B90-A635-CC2ACA845372}, Quarantined, [df03b2d471289d99cb7e8d73d33123dd], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F994B19A-4B3F-4C27-A8F2-EC9C3A4652A4}, Quarantined, [a63cc2c40594b77f123867998381cc34], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FA8BFC3B-FB07-4EE9-A2FC-60B223C51AF7}, Quarantined, [92502c5a3e5bba7c59f1817fed1730d0], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FAB037AF-F26C-4636-88FB-F36FCFDDF8AC}, Quarantined, [cb174b3b0d8ccf6758f2ba469e66da26], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FAEEBAFF-21AC-4120-9A9C-AABEA88FA03C}, Quarantined, [ba28fc8a514813235cede61ad4307a86], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FAF8CA18-4F2A-4376-85A5-46B365575744}, Quarantined, [3fa34541cccd84b21b2e6a96bb49f10f], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FBAF4B0C-15CC-48A1-978D-6BFECEC199FB}, Quarantined, [40a2018541583df95ced03fd679dfa06], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FBDCCB21-7D6E-4B96-AEED-D07F4C5F4DBF}, Quarantined, [459d4a3c7c1d69cdc8817888de264fb1], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FD7380D9-22A6-4C3E-B05C-5EA6778CA3CB}, Quarantined, [30b2d6b0e6b3a98d1e2c669af212fa06], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FEC8A0C8-E070-44B7-ABFD-BEB55D56BF20}, Quarantined, [954d6224e6b3280e2228fd03e81cc838], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FF4C48A7-426C-4796-8ECD-38634F65EA73}, Quarantined, [c121dea838614de92f1ba25ea361ef11], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FFA05D0F-3468-45E8-9A50-BE99325CD094}, Quarantined, [6c76bec80f8ad165eb5e33cd8a7a51af], 
PUP.Optional.SmartMediaConverter, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\SMARTMEDIACONVERTER\SmartMediaConverterApp, Quarantined, [25bd4f37c1d88da95f8c6db7b84ce11f], 
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\SYSTWEAK\ssd, Quarantined, [7b672264425759dd1291e44a60a32ed2], 
 
Registry Values: 299
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2db72826-670d-45a2-9a09-c203c36951d8}|AppName, MediaPlayerplus-bg.exe, Quarantined, [2cb60a7c1287c670ed7ce61a9d677090]
PUP.Optional.RichMediaView, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mlelcpkapbmlgeocgbemahfnegmoicnl|path, C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release101\ch\RichMediaViewV1release101.crx, Quarantined, [5f83e4a20396072f304e1b047f8552ae]
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2db72826-670d-45a2-9a09-c203c36951d8}|AppName, MediaPlayerplus-bg.exe, Quarantined, [da08018549509b9b1a4fb64aed1707f9]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{054d5c02-e4ab-4c4a-85ea-6499c9b2eaf9}|AppName, MediaPlayerplus-codedownloader.exe, Quarantined, [d1111f67cacfd6603d0d49b7ae56ef11]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1025148A-9411-44F1-95A7-3686DE2060F2}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [38aaea9c58410234a9a0c63a758fc43c]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{108A16EB-9954-4AC7-AE8D-4E284251B4FE}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [61812c5acacf62d48dbcce3217edbb45]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11DA7E82-CB00-494D-80D9-553A64848ECA}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [02e0dcaa6b2ed36335147b859f65837d]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11DFD1CB-326C-47CD-A255-C253CB43D984}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [5a88dcaa6336a294074304fcf90b24dc]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{120A2403-1BE5-43DF-872B-A07A4781C2C7}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [ad35aed88a0f0e28bf8b06fad52f58a8]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{12E1ED6B-41B1-4545-AE8D-91DD3AC866E8}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [bc262264dfba38fe1832728ed92ba25e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{139870D7-7970-4FD4-B891-87C1B9179BD5}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [28ba05812d6cbf77de6b2fd143c1e61a]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1399359B-9FC2-4279-81D8-C1ED9FE6B484}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [6b772f5728716dc93f0a41bf22e207f9]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{13F9E471-35BA-44EA-BCC4-83E4ABA367B1}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [796935510c8daf879faadb257b89827e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14013697-DC2A-4BB3-BEB3-727E5AF41590}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [30b203836534f73f0f3b649c758f718f]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{143E7B05-CBB6-4234-B2E2-D1882AA19595}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [7969bacc99003bfbb4959b6558acd22e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14BDB8BC-382C-47EA-9FE1-E3E8AA84447F}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [4a98f0964e4b3402fd4c8779b1537789]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{14FD7410-DCCD-4318-8BAE-C1545970C9DC}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [6f73b8ce0099ed4969e0857b5aaade22]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{163548E2-5BD5-425B-B696-6C9EF174BE38}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [6c76d4b23762ee48e7636a96a064a15f]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{166935B1-3BA2-4D25-B412-A1768C24EF5F}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [11d1fe886a2f191d7ad04cb4be46e31d]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{16722D54-DFBE-42FA-B037-8E4AD946E349}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [3da5f78f990059dde06987797490b44c]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1695A449-8787-48D6-ACF3-4BFA573EEE9D}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [eef4473ffa9f2c0a0b3f817f10f422de]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{17543A66-52B3-43D8-B42E-7DA250E59D71}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [f2f0eb9b9efb1d194604f709b0549769]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{18E5756E-6436-41CA-9681-D414B9EFA3A0}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [ecf6c7bfe9b0a88ed377f10fb450966a]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1939D2FF-BB13-45C3-98D3-A21845DA5793}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [449e1373e0b9d75fdd6c5ca480842cd4]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{198D7BD0-38B4-4AFB-9E1E-9B388FC7AF11}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [4d9520663c5d60d612380ff124e01de3]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{19AD1820-3531-4F7F-976F-8FB34EB96540}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [23bf7115efaae056ec5d8080798b02fe]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1A20166F-6F65-4B72-90EB-B945B5E39042}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [ecf6691db9e0152178d104fcdb2942be]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1B30C71F-45D9-43DD-8843-9BE7E1511882}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [c61ce6a0732687af74d56898b94b946c]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1BC7290A-A025-48EF-813D-26F6898EB891}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [20c2f2946e2bcd69ce7bac5431d3b24e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1CD3724E-422F-450B-93FF-A15FBAA8A9F1}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [0fd31c6a4a4ffd39a7a32ed2e71de31d]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1CD91F01-56F4-4A2A-B148-E0A59F884D15}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [b32fa7df2a6f68cebc8d29d7b54f27d9]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1DCE95B0-D27A-4122-A0E0-AB56D8C1C4B8}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [9250bacc059471c5f753f10fd72db749]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1E99A07C-60DD-4254-9A21-FFED99C5DB11}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [d21000861782e94d01484db3dd27a25e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{1FFA6063-9398-47F5-B149-D9708CB633A0}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [21c1572f3f5a49ed8bbfb14f1ce84cb4]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{206AD984-9CFD-4B2A-AF37-756324B98359}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [7d656224f0a9d1651f2a867a0bf9867a]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{20AE6453-1AE0-4A95-BBAE-F2E07A9B6CF8}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [b62cff87aeebb28466e316ea36ced32d]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{20DF9906-CD9F-46A8-BEE2-A962BC7B5DC0}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [4d955a2c1c7d1d193218738d1fe5e51b]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{212C3E0E-1E29-44EE-B420-9A84402B2B2A}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [07dbceb8891064d22129a65a4cb8ae52]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{226998D1-7958-4619-ACC9-76F823EDC354}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [d1111274a2f7b97d450526daed1723dd]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{23531485-F9C1-4D62-84A2-56B3C7CB47CD}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [2db5c6c0326764d22f1a8e72e81c837d]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2367061B-1ED7-4BDF-9379-3CF7F7A5ECA6}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [c81a2a5ca8f1f046b694877949bb659b]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{25B6A51B-CC13-49BE-B2BF-8945D3E54460}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [954d3d49475247ef71d9c43cde2643bd]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{25DB8C2B-FDA7-463A-91F6-1E1ED59B3FB8}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [ecf60a7c297010268dbd18e88c78718f]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{26972ACC-C157-4A73-B97B-D26E798021BC}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [9d45780e2f6a280e440525db7c88a15f]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2710C2B4-E0DC-4077-A7CD-361EED6CC339}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [2ab8ef97b6e3f4421f2b857bdd27619f]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2761D65A-BEA2-472E-B474-A9AFD3948C40}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [db077115debbf83e9dac40c0ec186c94]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{27B89EC3-2FFB-45A0-8F3D-64DB4BF719C3}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [a73b1274a6f352e4cb7f16ea5fa5eb15]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2A110EBA-8B7C-41FE-99AB-78D03F929098}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [776b03831188013593b66b95dc2855ab]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2A4C4663-7974-40C6-96EB-BAD4392D5940}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [974b176fd2c77eb8d277e51b33d1c43c]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2A64E5CA-43DA-41AB-9A8B-D4FCD33D2FDC}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [fae892f45247e452a5a4c93763a1fa06]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2B72CEB0-E86F-4A84-BBCB-6E9FAF6B1BEA}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [865c92f46831c76f4108e020c143a25e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2C44E379-FFD3-44D5-8B2E-23E192E07E20}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [41a14c3a0e8bef470f3aa060be4620e0]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2D19E0F2-755E-4941-B974-89C0E5D04B44}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [b72bdfa7ecade74fdf6a52ae7b89e61a]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2db72826-670d-45a2-9a09-c203c36951d8}|AppName, MediaPlayerplus-bg.exe, Quarantined, [964c275f7d1cde58d37532ce947042be]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E5E03C5-2821-41F1-B0B9-DEFCD6ECC22F}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [9b47d9ad55443cfae268c43cce36a35d]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2F3FA7EA-F85D-4A5D-A996-5FF434EAAF67}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [f3efa4e20d8ccb6b0347d82831d303fd]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2F65467F-E42F-4412-ADFB-ABF120DA7112}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [2db55234366366d04900bb45c34147b9]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{30C14EB7-65DA-40C3-9BCF-FDAEAE6C7775}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [8c569de9811876c056f330d05da752ae]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3146E951-4F6D-4EA3-AC28-AD85E8133FE2}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [f0f28006d7c21d194dfcfb05c63e916f]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{317D7155-23EA-41D4-BADF-EDF945864069}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [e7fb8df9c8d1af870149c63ab0548a76]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3195F094-A8EE-4415-8828-A7165A25EBE1}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [786ad8aea1f8fa3c05448d736d9727d9]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{32140BDB-EA88-4DBF-94B6-CF28734A3490}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [00e29aec7b1e41f590b9eb15b94b659b]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{32B30D68-7C21-4552-B11E-8699F645B6D1}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [8e54b6d009900a2c2c1e35cbd232f20e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{32C5E6DB-8524-43FB-AD76-F645253DD180}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [db07ed999aff5cdab09ad030e0240000]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3330DD82-9E37-43ED-9F14-1DD566FBD6CA}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [16ccbec84257b97d1b2f01ff23e19f61]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{34931CCC-FC76-415F-A2FB-79F7A496D44A}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [61815531c8d1fa3ca7a26b95d133827e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{35ADB11D-80E9-43F4-BB3C-42A619311FE3}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [e20004829702c274c881728edf25ff01]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36449CD0-1503-406A-B47A-FB1733BDD03C}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [1bc776106831ce68ea5f6d934bb9768a]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{36F2266F-369E-41FF-ACEE-5EE983A6DF62}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [f3efa7df8217ed49a3a63ac6d2322bd5]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{38357BD4-A5FF-4D7C-B3EB-FDD4B76ECCE6}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [02e0b3d3693045f13019649ca95b659b]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{38F8F620-DB52-4F66-AC40-8A104C375FEE}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [2cb61c6ac3d6ae88d1783cc43dc757a9]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3905C9F6-558C-4E9B-A67E-CA9A43DC5266}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [e0028501b5e451e5410953ad30d4a957]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{39F75E91-7D8A-4ADB-9E72-E2E39CBD165C}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [0cd6097d86134ee8c9817f8119ebc33d]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A13CA7D-7C66-48E5-8423-F8BA8BBFD4DF}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [2fb381054f4a0a2ce56432ceed17956b]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3A8DACF4-15AA-465A-A939-BD77608ADC78}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [7d65c9bdc7d2cc6aa7a347b946bee917]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3AF9E0A0-2144-43F9-94EC-B3C57ECF84B5}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [3da5b3d348512f079cad768abc48f010]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3BA7C4B6-3062-4CE3-82C1-D69CD41DFA16}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [ac363f47c2d7a096c881867a09fb916f]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3BAF2B79-90F2-4DE8-9822-FAECFF39579B}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [f9e9ceb81a7f57df1e2cfc0407fd7987]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3C03C5B1-275E-4430-B9F2-68AC2D54142A}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [f3ef10768d0cf0460841b9470ff5956b]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3C5D1DA2-5414-4E93-B33C-B56127EE8BB9}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [c41ee5a1bedb85b1a4a64eb2c4400af6]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{3F9268EC-7322-4A83-AD33-879F13A57DCB}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [fae87d09a5f448ee81c98b7513f109f7]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{406FA04C-2813-4305-8995-C110CB3A3FD4}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [b03292f44b4e1521b59422de8e765ca4]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{410168FD-6044-47AC-8A33-556B23D71F60}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [cb170b7b58413bfb17324fb1739129d7]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4119E015-DA06-4AAE-9A9F-F947EB122313}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [cb1726600099d066ae9bed13f60e6799]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{41D64D08-102A-4EFF-ADA4-CE5E50692CAC}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [c51dd9adc5d4b1853614966a7c8818e8]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{431F520E-A9D9-4578-BA92-146DE871B382}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [17cb1f67debb9a9ccb7e49b7ea1a13ed]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{433CC5C8-5A45-47A6-B246-9454A990AB7C}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [79697511b7e2be78331758a8ee165ea2]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{43B02975-5898-46FE-98E5-7313C9383487}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [eff3abdba0f9e2542524629efe06fa06]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{43E18574-2387-49C2-AD7E-4EEA312B8484}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [2cb600860b8e7fb776d342bed0344fb1]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{43F8C80D-7C3D-4130-A19D-936630508DC2}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [e7fb0185b6e31d19dd6d8e7281832bd5]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44732AAC-6DF0-4498-BB4D-A3F4A4EE1831}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [6082d4b28910fe38d179f60af4102fd1]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{44E7429F-1AD5-4B9B-8193-2C2F381192A7}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [71711076edacb086f85143bd857fb44c]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{45B9D6D5-5807-4D62-BCB3-37DDFC1FC174}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [cf1363233465072ff4560ff10ff50ef2]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{462A888A-1FC0-44B0-A599-2D51E951A114}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [c919741252470a2c9cae5ba5956f7090]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{489B17A1-5D28-4033-BC46-412049176DC8}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [eef4fa8cddbcaa8c420709f71ce8926e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4930E86B-2B08-4D32-93BE-5111BD324375}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [a63ceb9bc6d36ec8b099e21e43c1946c]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{49E151C2-10BC-4C74-81A5-8AD24FA057B7}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [4b976026376242f498b1649c788c05fb]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B6581C4-2586-470E-9598-88513050D9C8}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [2db5fc8a2a6f5dd9a7a33fc1b84c36ca]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4C0FD059-7CBB-4295-B47A-D43E5D96F925}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [2db55531d8c11e189fabfa06877d26da]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{506E1600-7C68-404C-B04B-D2DBDD375D72}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [1fc316709108ed493217827e7c8818e8]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{50EC9D7C-6AE6-4F2C-8E3A-9170EE15B871}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [b72bea9c158486b0074233cdeb199a66]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{52068EB5-BA48-4C4F-B462-7FA583FB315F}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [2db52561a2f7dd5998b13ec24eb616ea]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{532A61D1-6B72-464D-81F3-7F92CDA2641B}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [a83adbaba8f182b4c48623ddd82c6898]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5336CDDB-107C-4323-BA7A-B5B8841B9D11}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [36ace2a4ebaebc7a9eacf60a9074a25e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{53F27C79-2DA3-476D-B1B8-F67A59EA5C99}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [e3ff434319802a0c60e9d82808fcde22]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{56140F45-7462-49E2-9F49-201B517BED62}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [4c96c2c4e9b0c076a2a8926ed331df21]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5723B447-C104-4B62-8913-CD858EC03238}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [e3ffa5e16534f0462c1daf51768e5fa1]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5860F43E-B7C6-4519-8A82-BB92E93D30DE}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [59897412fc9d69cd3b0f9b6511f334cc]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{59924DBB-455F-4D88-B0F6-4BFBBFE44C66}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [c220dfa73366092d3911ec14b64e946c]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{59AEE8B4-525F-48F7-A9BD-33A582425DD6}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [d60c96f01a7fa591da7018e845bf14ec]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5B870139-24EC-473F-8EBD-99A9B8924B25}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [8c563d495d3c2610d07a8d739b69d52b]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5BE0C281-DD6E-4BDF-AA59-C5291EF11EC1}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [81613452514892a48cbe39c77e862fd1]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5BF3DCDE-AE69-4178-9858-F5FEBCB8ECD0}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [2bb771158910b97dbb8e7b8522e28e72]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5C71DD7E-C544-4CA4-B9D1-2AE35E543477}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [18ca9beba6f384b25eec42be0bf94db3]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5D5D81B3-90D5-4636-BDD3-DCC2CED896B4}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [be248bfbb9e0d75f58f1d729b84cbd43]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5D7DB25A-93D5-4019-968D-222BA7347EFA}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [9c46bcca6d2cbb7bc684ba46e61e7a86]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5D919200-131B-42EF-BFE2-ED60D6174225}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [b82afa8cc0d9171f65e58f71c341ff01]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5E5CD8F0-B037-4063-903D-12ACF8F15A12}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [a43eec9ab5e42610cb7ea65aa4607e82]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5F36077B-365C-49F0-874C-624C2CE0AD1A}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [e8fac4c2d2c79c9a22271fe13dc7cd33]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{608DB1E8-416C-4F7B-A6D8-B7B5253932C5}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [52905a2cbddc62d4a4a64fb1c2429769]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{618ECD06-956A-4C0F-97C4-78C964DE3928}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [34aea7dfe8b152e47fcb46ba74909d63]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{61E9F122-305F-42B9-9872-79A18F78BAD6}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [1fc37412831653e38dbc9b65b351cb35]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6209525A-186D-4DD6-BAF7-B6728753508D}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [944e790d1386e056e6635fa113f1e31d]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6560A2D9-A5B3-4A77-9E4C-58C4C66E2328}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [ecf6f88eecad79bd4efb1be5ec18ae52]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{67722950-34D1-4864-94ED-76C6155022DF}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [e101176f7623ae8850f9a858a55fbd43]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{679A5437-B7B1-4D28-985A-C49C1B223446}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [d40e2a5c8217d3634dfc49b7e61e2cd4]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{681254A4-F254-4A7B-8FF5-E02A18456ECA}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [9a48671f9306de5864e58a76986c7e82]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{694877B2-F7CE-4719-9558-F190DD45A6D2}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [e10188fe534669cd75d547b9e71d60a0]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C429B75-7053-4836-9D85-C187516F734F}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [13cf2e58584141f5400a2ad6956fdc24]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6C9374F7-61D6-4D4E-9CA5-75774D566A82}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [2ab8ef972376ef4770da827e0301de22]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6DFCA02A-B844-4BA5-92C5-981A34AB94BD}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [82609fe73762063075d53ec2d4308e72]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A7B8F1-DBDF-430F-9C32-C41CE51ABFE1}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [1ec40086aaef1620dc6d17e9d92b55ab]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{754B804A-BDB7-4053-981B-994591583AD4}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [c31f216547520a2cd57525db0df7fb05]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{76E6FC64-2560-4793-BB4C-B667802AEEED}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [38aa9aec6831d561034609f710f41de3]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{778C5E2E-2D0A-4E70-8CB6-AEA9184A893B}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [8f53cdb9693022143e0c80806e964cb4]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7857A6B8-D4C8-4F95-BB77-3545F134E8C4}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [f1f1fd899207b2842920679950b46c94]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79A291CA-E3CE-4EAE-8B24-89A64D565E33}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [05ddd1b50b8e44f23416718fbf45dd23]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{79F807CD-8543-4C23-BF6F-72E4EA9B5843}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [eaf8a2e42178d165381235cb8f75f10f]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7A194813-B3DF-48CF-9843-1AD7A94A5350}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [6c761175e7b246f03713cb3562a2fe02]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7A3B3243-BBFC-48D7-AC8D-914A4ED3D3D9}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [0ed4bdc9c9d085b1a4a6c33d1de7629e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D13DBC9-B258-418E-8A63-79C9724BC150}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [6b77dfa79504c2743f0add2317ed6a96]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D14FA72-3A3C-4C85-88A7-7C5B23E696C3}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [568ced9968318fa73c0e639dc440be42]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7E4C6117-72EE-4788-B558-CDCA7A94EB85}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [08dadda97326999d4208db2561a34bb5]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8095C6E3-CC4D-4229-9033-38677054636A}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [9f43b2d44d4c36001d2d19e7bc48ec14]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{81F32664-C696-4EB0-B06C-BE3B8A189C10}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [04de780e8f0a3ff7c782629eec18c63a]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{82A615FD-1ACC-47CC-98A8-C915E760E9A4}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [a83ad0b6851437ff331625db63a16e92]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{835669AA-C1F3-4E72-A15B-1095F09E67E6}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [578bdaac4f4a49edc68449b738cc6c94]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{83F8966D-3E3F-4486-829F-E07B355F5E41}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [f2f06c1aa7f226101d2dc73908fc15eb]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8481A81A-3097-4593-B637-38A1D4975863}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [f3ef186e3663f2442b1fb7498e7652ae]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{860F7A6C-87A0-4D08-BD23-646333313DA3}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [0bd7632346532b0b5eec09f743c17c84]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{863fc7db-990a-4ebe-8c77-3180cc2f1852}|AppName, SmartSaver+ 8-codedownloader.exe, Quarantined, [80620680643573c3f9512fd143c17f81]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{86DFE656-8A39-46F2-B94F-8BF196AA7CDC}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [c81a6620d6c3152170d9b94712f257a9]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{87ABBCA6-AD77-43A5-B871-A470CCCFCD49}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [1fc35c2af7a283b3ff4a27d9dd2751af]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8836378B-6E3F-4FE3-A26F-211A9A80C75D}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [17cb9cea633658de51f812ee47bda858]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{89C1465D-1A65-44A9-A353-FCB314A9F7ED}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [0cd687ff851445f1d079ea169c680000]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8AA56F3B-54D1-4B66-A9E2-52866E2E8A35}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [38aaef97d8c15dd90a3f4fb1be46a55b]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8AB2FDD9-EDFF-4575-8824-E6FF8B51B712}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [f3ef21657d1c92a4db6ff90740c412ee]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8B8D16D8-9842-4DAB-A7A7-9B6DF9199E8A}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [25bd533319802412ff4af50b52b232ce]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8C3282FE-34E5-49A2-B2AC-866BF7F772CF}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [ce1421650f8a68ce2e1cd8289b69ae52]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8CFD7E27-1ADC-4207-9BDC-CF88DE2CB4BE}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [b929077f83163402a3a7b64a857ff30d]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8DEBEE0B-BD69-456F-A527-EA2E3A5C8EAB}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [29b98cfa4752c27490ba6b957b89837d]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8F0431C8-CC53-4D5F-B38F-8F39E2D1E84D}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [667cd3b3673254e2e5640cf444c08f71]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8F622240-5A61-415F-9913-8D6F52A63296}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [89596026d3c642f4b89149b7d3317c84]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8FC0A3AD-6675-4472-993B-BA8AC2FF3FB2}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [439f21654e4b53e33613ef11a460f10f]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9113A02F-8CB0-435B-B560-49ABF16CD227}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [9b478ff7d3c6cb6b8ac0a35df60e03fd]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{91DC7D58-8D4A-42E7-A11D-1E80B3C94542}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [af332165d1c849ed2227aa560cf87a86]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{921A485D-3E44-4E43-962C-2B5C54BF9B5E}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [af33add9554465d187c3847c867e29d7]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93838704-275C-4ADE-AEEA-C0C95D403243}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [c41ef88e44552e08f654e0204bb907f9]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{938A4E20-E8DF-4AAC-9F5A-25E5817F27EB}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [c71bbdc9d9c0aa8c64e519e7fa0ac63a]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93AA40B3-AE33-45D9-9AF9-60AECA106264}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [df03493d4c4d5bdb98b1b24e1de7f010]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9566E85F-771B-49A3-A2EE-92F7F9FDC89F}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [479b374f9bfee4524dfd857b0004d729]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{96024BAA-CDA0-43D3-85E7-7890A7605BCF}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [9a488ef87a1fb97db496da2634d056aa]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{96611303-7004-436F-B5CB-106E62D0F6F2}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [885a30563f5a80b6202a5fa1c73dbf41]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{96845C84-4165-42DB-A8BE-AC25BEA392E4}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [03df99ed73260333ae9c8d73a85c48b8]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9711B443-4215-4C74-9D60-654BD112384F}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [a63c543231683afc103950b07094c63a]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{975183CF-BE25-4665-BDA8-6CD8C1F713B1}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [5b8794f271283afcee5b1fe1a75d847c]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{979E6560-6A0D-432F-A616-A458732533E2}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [af33f4920f8a75c10d3c4db39c6833cd]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{97E45CCC-51EA-4E77-8DDE-E5A99FE5B0E4}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [e6fc92f4a4f5cd69c387d927df25ce32]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{983A0A36-419D-4970-8524-95A86C23F924}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [00e26f173d5cc86e72d7fa06768e5ca4]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{98E3E479-4B29-4B50-BDDA-F2E210824B4B}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [a939a0e6acedbd798bbf2bd5d52f916f]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99903285-A502-4D91-98F2-D3AB36E641C9}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [b131ef976f2ae05602488779ff0549b7]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9B38E088-9EE2-470C-B3C3-8049BB648BA5}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [dc067511aeeb8fa7d87233cd689c2bd5]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9D07B7A4-EAA0-4587-B0C6-15CFD568FEDC}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [588a40463465221471d858a84eb6da26]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9E1FA9DD-DDCE-422F-B253-569AE47DC8F3}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [fbe7c5c18712b77f1633f709ab59748c]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A0115B0B-3642-4302-90DB-A6DC6E33C8F1}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [07dbe3a3c6d333034208857b6f957b85]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A2EF9939-28F9-4481-A4F9-AD7E86FB57F0}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [7b670f776d2c50e6c0891ae641c323dd]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A381E73D-B344-4903-A164-B472EE2357ED}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [7c66493d8712ab8b4bfed52b2cd81ee2]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A4CF3076-C5F1-42C7-B67E-C65799762D99}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [e9f98bfb9306c274bc8eae52778d1fe1]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A4EBEADD-C35A-4F21-9F64-3A80CEE29B76}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [d60c8105980178bed1789c648e76b848]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A57E2ABF-F259-4CAB-8087-AB839E745091}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [df03bec86d2c73c37bcf39c77d87f20e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A6C2046B-ABBC-449F-8036-CC631070EE5C}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [756da6e0d6c3c274ff4bcf31af550df3]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{A8E4B000-2D32-483F-B09C-26289549BD45}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [d80ab8ced9c0a690a4a5ca36c83c39c7]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AA329377-C44D-4B0F-947E-E75E7A6C1266}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [52900d791b7ea3938fba629e8e76a55b]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AA4FA462-3D08-408D-B517-877C787241CF}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [974b36502d6c3afc430699673dc708f8]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AAFEC6D1-EC38-4A35-9A88-B050E7916132}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [fae8ef972e6b53e380c9ac5447bd7d83]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AB53C436-504D-4C3D-B4F2-24E91EA469AB}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [bf232e58732683b368e156aa50b49769]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AC5EF9DA-8E63-4843-9428-AEA48957A61C}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [4c967412a1f86bcb38113cc4b0549f61]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AD59DB04-F11C-4460-9976-1C632796B09C}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [3fa3acda7029b3833b0e67994fb539c7]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ADEF03D9-4A1D-4FA9-B542-55D1EC6F18B5}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [5a88e3a39aff1620272223dd867e27d9]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AEBE90E5-6C99-46A1-8472-DD6319C23BF5}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [22c0aadcd4c584b2d673a9578b795fa1]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AF6AC92B-7C03-4E5A-9F81-29FF998CCDC5}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [756da8de49508babf1598b7533d155ab]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AFDE673C-6FA0-4708-A141-A993BEBDCB6C}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [677b9de9cfca78bedd6d09f7ae569070]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B1DA4F03-B92F-4F78-A610-1C5162354F5A}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [edf5e1a5415872c444066d936a9a0df3]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B224C3A2-74F7-4BF6-BDB9-4B803558BDE2}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [f6ec2a5cbbde7abc23274eb2c24220e0]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B400B430-548E-4DFB-ABE5-7F991245A34A}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [9d4521652d6c8bab0a3fec14a0649d63]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{b54d30ee-d8c6-40a9-85ba-16d386e1bdd6}|AppName, SmartSaver+ 8-bg.exe, Quarantined, [b82a028423760e282f1931cf24e08f71]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B57F10D9-A9BC-4A58-8320-157D6E7567F8}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [29b910766d2c6bcbd277e11fbf45a957]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B78248AA-7624-49AC-9475-349225C7ED44}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [19c9295dd8c18da9ef5a40c054b0d22e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B88492DA-2F52-47ED-B737-1B5282F145C6}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [31b16b1ba1f815210b3f778930d418e8]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B9083B0F-D6B0-4758-8FA7-4C75BEDD6FE2}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [0ad891f5a2f758dead9cd62af80ccc34]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAA1D441-64B7-401E-AE1E-2CA19367DFB4}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [934f6422732657dfeb5eaf5155af3bc5]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAF590D4-5F0F-4BE5-9C34-AE8C811DD596}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [ca18a7df4d4c0c2ae466e41c59ab7b85]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BBA63DA4-85C7-4195-B182-F6662E62DF6B}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [588afd890a8f2f07d872d32deb1924dc]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BC16A178-60A7-4E4E-85C7-2F232A62E274}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [b52d98ee9801ac8a83c7a7597d8703fd]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BE363D87-43E3-45F7-A946-96EEB875178D}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [a939dbab8d0c3600252531cf7193e020]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BE8443F6-9FE2-4F10-B346-AB5BC8F1154D}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [40a26422a5f4d75fe3667e82917317e9]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BEC4795C-C4B3-4FA1-A41F-F660FDDFE7E8}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [bb2794f2c7d2aa8ce169ed13af557888]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BF3A4260-C090-4543-8663-F654D517728F}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [9250721407924ee82822af51947040c0]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BF6DB1D9-3403-4672-866C-C646BA6F87CE}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [ecf6a3e36a2f0531e267bc44a262fc04]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BFC9909E-DFAE-406A-AC32-7A1E1FB235DA}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [fbe732545247be78f6536e92976d44bc]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C05E4CCD-C95F-4FDD-A5C3-26E07687D9BC}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [1ac8e2a4dabfe74fe6637c84ce367888]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C081E00F-1A3B-4392-91A6-9538BD6F32A7}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [d012f09666333006391158a8f80cd729]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C0B330D4-8789-4DBF-A767-E0B8F47ED855}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [469c80069009d165a5a4da26bc482fd1]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C0CDC210-C6B8-4E06-99F9-12B867635A28}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [d111d5b13e5b2e08b891b64a927247b9]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C143D7AD-72FD-4F44-8760-4F87C83BF527}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [8161f294aced9b9b91b8f20e0afa03fd]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C1E7C391-7EA1-425E-955D-AC7EC84FEA31}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [aa38c0c639605dd94306eb1560a48f71]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C22A3522-2D13-480A-86B8-F88C7CCDA881}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [1dc5483e643540f6f059f808bf4554ac]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C247D983-B486-47B0-90FC-FA6D7BA318BE}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [509202842c6d0b2b7bce0bf5679d56aa]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C27D19D2-92B4-41AF-A3CD-F2F489A849D8}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [f1f16620a9f0e35378d19d63de26a957]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C62EDC06-70BE-4F81-A4F4-B0A0D592E613}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [df0303839603112567e243bd58acb54b]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7EE43C7-566C-4426-A374-8F541EEDC884}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [4999dcaa3366e2541b2e3ec239cbdf21]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C82D5523-ABEE-4F09-8ED8-77E3C533DB20}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [cf13780e8c0d3cfad574c53b7e86768a]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CA2A1BD8-D408-4EF6-98AA-962C9C1A6D4B}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [13cf35514653e74f13366a96f0146f91]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CA803163-AFEE-4A39-A3FF-44EFBB53D244}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [835f493d8f0a5fd7400a13edd72def11]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CAA1EF73-A9D0-47ED-9BB5-2DF7CF35911F}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [9a48d2b4efaafc3a3515ff013fc5b050]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CABE065D-54E1-4ACC-97ED-E0C75E67A4DF}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [16ccc9bdd8c1a591c882f8080cf8d42c]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CADFEC86-D03A-4C4D-B9A0-DA80D7873E53}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [1cc67511dfba1f17a7a26898ad57fc04]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CB5FD853-A4AB-4DDB-BE9C-10D5D627F23F}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [aa388ff7f4a55fd7202a4db324e0d927]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CB95DA45-E8B6-464B-A9B2-C5CD1D61372A}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [fbe7ee98d1c8ba7c6fdbf20e857f6e92]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CBBBABF2-90DE-4E69-BE9B-E68556C81A4F}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [d11199edd5c4da5c143545bb19eb9868]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CBE69D0A-9CB8-4C72-A332-C61A9838328F}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [29b90d796b2ebd7905449c641be95da3]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CD1C0F6F-9DF9-4DE5-BDA2-315C605610BC}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [e7fb0d79c3d67db969e05aa6f212a25e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CED63300-8140-4887-B2F6-952BB47D6C25}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [7072b2d4d9c0999ded5d36ca8d7708f8]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CF635538-4338-438E-9C94-71EEDE694574}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [0ad8c4c27029a39332186799cb3908f8]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D0469264-E423-4587-8F5C-3F38B2C66116}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [ce14473fb9e051e51535827ee81cdb25]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D1638D80-2C08-4087-9BB2-287F7D238AC9}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [a33f6521aaef7eb82128a35def15ad53]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D222B4C1-C52C-4A24-8BED-9CA2D39B205C}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [1ec4a0e68a0f191d89c0ba4624e0fd03]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D3489638-C36F-479D-9076-DC684E627459}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [8f53d7afa8f1d5615dec936deb1905fb]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D365C9CC-62F9-4A6F-B855-50C74FAE24B1}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [c31f3b4b6237ca6cc089ff01887c936d]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D4AFFC84-E7ED-460B-8610-E872D55C834C}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [10d2f6906a2ff93da9a17f811fe5728e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D57EBB10-9529-4CDE-A0ED-6C19F5FC2BD0}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [568ce5a1e0b9fc3ab595c040857fc63a]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D7090EB5-D6DF-48EE-8B48-22D557C64D39}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [558d6f17a0f9ed49ed5cf7090301e41c]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D999A5F8-B531-4236-B351-8138FE2156A1}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [7b673f474b4e9e980f3b5fa106fe2dd3]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DACE0926-CFA7-4B95-A475-F8BC24A8AD42}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [3da57115a3f6a591202aca36a1635ca4]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DB7703A9-AEE4-4B49-9456-1AF6239AE7AE}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [c2200f7789101a1cf45603fdbb496e92]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DCF55406-B41B-4635-B8FF-DB3149507335}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [34aecdb90495d95d83c66a96dd2748b8]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DD1DBB7F-3003-4920-84C5-40B3D8965445}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [81612d59366335011831a15fe61e9070]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DD3F5AEB-9C64-440C-A213-A4ECBA81B442}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [33af45419dfcb77fa6a40ef2669ecd33]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DF095EF1-804B-40E5-9435-E226CC2222C4}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [d50dbcca3b5e60d668e155abf50fe21e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DFE1FED6-4EFB-4562-BCAD-50DD10781FFC}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [be24b3d38c0db581d575aa56ef15b64a]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E2AB09BC-46D0-412E-9E9C-AF7363465197}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [db07e79f980165d183c738c82fd5827e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E304B69E-C3DC-49FF-BD1A-E6FD11EBF44E}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [8f53681ea9f0b482b09a20e0c044bc44]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E40C7C21-E6EA-429A-931F-7D63C14898FE}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [c1216323405942f445046a960df74cb4]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E42314A6-E619-40D4-87D3-321CB4C961CE}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [a0429beb8c0d50e686c4a65aad57cb35]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E48545A2-5492-4626-A7D6-87CC5DF1BFFE}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [974bcbbb4554c86eed5d30d040c458a8]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E596FE2D-5F5E-42B4-8AD9-3928A64DF996}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [e9f9384eebaebf77f65457a9d1338779]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E619FDEB-43AF-48FB-A998-1B3E58D985B2}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [8062572f9bfef046b694eb15f4104ab6]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E8640214-C0FA-4A5C-A626-C017D0E1AB24}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [7c669ee8524766d0fb4ed62a13f1f709]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E8707F55-A338-45E0-99F8-8FD26ED877BA}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [5191e4a2e1b81b1b2f1b956bab599868]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E8AC11BF-9896-4512-A032-457FE2BE33D1}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [a43e582e8d0c979f2a1f4db39f650cf4]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E9514164-EBFD-4680-9016-D9CEA830BB89}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [d30fe89ea8f1cf672b1f08f805ffe818]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EA525B69-1EB3-452A-BFFE-82BE66A2375C}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [776b7412821794a2153436ca8c78b749]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EAE39D56-9B05-4844-9DD0-D9DBCFC29CA2}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [ffe34541bedb8caa4cfebc448c7852ae]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EBC86C2D-7D34-4CCA-80DE-7B532BB14672}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [1cc692f48811d75f70daff01e024ef11]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ECD30808-F2EE-4C3E-AEDA-F0976710F2BB}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [9f43c2c443568bab55f45fa141c3d22e]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ED283292-B9FE-42BD-9DCD-1951E652E057}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [9d45295dc8d141f53613be4218ecb749]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EE283366-ED78-4DE8-ADE9-D0FAF8A410F8}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [d210681e0198db5bdf6ac838ca3a32ce]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EE3A2A97-D569-480B-856B-D9EF362C6ADF}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [cc162066c5d4a88e4604ca36d2328a76]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F011D300-7D14-4AF7-88CB-86A5119ADDE1}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [f3ef2b5ba3f693a37bce8c749b69d729]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F0455F67-94BF-4008-94F5-CF59AE5BC1D8}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [5b87285e28712b0b5bee6d9320e456aa]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F0C96A28-345B-40D3-9ACB-859AB08A42FD}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [28ba7e08c0d933035eebad53ed1752ae]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F1042CE8-F316-4DFD-B297-D760B7A07C82}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-buttonutil.exe, Quarantined, [3ca6a4e2e1b816203b0ec0405fa524dc]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F338B87F-2B65-4307-B345-1EDFA83A17B6}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [d1117b0becad9e98183207f954b0d927]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F39C5DCF-1724-428F-BBC1-EBACA5753FF9}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [25bd9fe7c9d0e74fce7c8779be4638c8]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F53596B0-E6F0-4541-8A84-1220CDF76E82}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [c61c513575242115bb8f1ce4df257987]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F59B6886-6C8D-4399-8983-18DB87626A92}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-codedownloader.exe, Quarantined, [974b4f37cbce62d4d278a15f2bd9e020]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F6EE71DB-80B8-41DF-8EBC-E287255C78AF}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [d111bdc9b3e655e1d57501ffa65e03fd]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F8831910-3EFF-4B90-A635-CC2ACA845372}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [df03b2d471289d99cb7e8d73d33123dd]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F994B19A-4B3F-4C27-A8F2-EC9C3A4652A4}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [a63cc2c40594b77f123867998381cc34]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FA8BFC3B-FB07-4EE9-A2FC-60B223C51AF7}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [92502c5a3e5bba7c59f1817fed1730d0]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FAB037AF-F26C-4636-88FB-F36FCFDDF8AC}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [cb174b3b0d8ccf6758f2ba469e66da26]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FAEEBAFF-21AC-4120-9A9C-AABEA88FA03C}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [ba28fc8a514813235cede61ad4307a86]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FAF8CA18-4F2A-4376-85A5-46B365575744}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-buttonutil.exe, Quarantined, [3fa34541cccd84b21b2e6a96bb49f10f]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FBAF4B0C-15CC-48A1-978D-6BFECEC199FB}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [40a2018541583df95ced03fd679dfa06]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FBDCCB21-7D6E-4B96-AEED-D07F4C5F4DBF}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-buttonutil.exe, Quarantined, [459d4a3c7c1d69cdc8817888de264fb1]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FD7380D9-22A6-4C3E-B05C-5EA6778CA3CB}|AppName, 2457c43f-96a8-41ce-8e31-60a4d0f191f9-2.exe-codedownloader.exe, Quarantined, [30b2d6b0e6b3a98d1e2c669af212fa06]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FEC8A0C8-E070-44B7-ABFD-BEB55D56BF20}|AppName, 0f35c805-0126-47dc-bc26-393cdbd9833d-2.exe-codedownloader.exe, Quarantined, [954d6224e6b3280e2228fd03e81cc838]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FF4C48A7-426C-4796-8ECD-38634F65EA73}|AppName, 81e83b33-36d4-43e1-822d-ca7fcbdbdc12-2.exe-codedownloader.exe, Quarantined, [c121dea838614de92f1ba25ea361ef11]
PUP.Optional.CrossRider, HKU\S-1-5-21-2368598850-3429250015-1983696877-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FFA05D0F-3468-45E8-9A50-BE99325CD094}|AppName, fab9f614-9f8b-41da-8cf2-49b7a2014019-2.exe-buttonutil.exe, Quarantined, [6c76bec80f8ad165eb5e33cd8a7a51af]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 5
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [eef43c4af2a757df80985d6e54aedd23], 
PUP.Optional.ProPCCleaner, C:\Users\Kade\AppData\Local\PRO_PC_Cleaner_Software, Quarantined, [f9e9e4a2039670c6a1bafffe44bece32], 
PUP.Optional.ProPCCleaner, C:\Users\Kade\AppData\Local\PRO_PC_Cleaner_Software\PROPCCleanerSoftware.exe_Url_jtu4wmlhwegl4pdydcofmqdh5dssv2ck, Quarantined, [f9e9e4a2039670c6a1bafffe44bece32], 
PUP.Optional.ProPCCleaner, C:\Users\Kade\AppData\Local\PRO_PC_Cleaner_Software\PROPCCleanerSoftware.exe_Url_jtu4wmlhwegl4pdydcofmqdh5dssv2ck\3.0.2.0, Quarantined, [f9e9e4a2039670c6a1bafffe44bece32], 
PUP.Optional.ProPCCleaner, C:\Users\Kade\Documents\PROPCCleanerSoftware, Quarantined, [3ba70d79adeca49290cd49b4976bc040], 
 
Files: 4
PUP.Optional.WinYahoo, C:\Users\Kade\AppData\LocalLow\Microsoft\Internet Explorer\Services\Wincy.ico, Quarantined, [e6fc1a6ccbcec274c8a82418b2524eb2], 
PUP.Optional.ProPCCleaner, C:\Users\Kade\AppData\Local\PRO_PC_Cleaner_Software\PROPCCleanerSoftware.exe_Url_jtu4wmlhwegl4pdydcofmqdh5dssv2ck\3.0.2.0\user.config, Quarantined, [f9e9e4a2039670c6a1bafffe44bece32], 
PUP.Optional.ProPCCleaner, C:\Users\Kade\Documents\PROPCCleanerSoftware\log.txt, Quarantined, [3ba70d79adeca49290cd49b4976bc040], 
PUP.Optional.ProPCCleaner, C:\Users\Kade\Documents\PROPCCleanerSoftware\logerror.txt, Quarantined, [3ba70d79adeca49290cd49b4976bc040], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 Results of screen317's Security Check version 1.014 --- 12/23/15  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java version 32-bit out of Date! 
 Adobe Flash Player 21.0.0.182  
 Adobe Reader 10.1.16 Adobe Reader out of Date!  
 Google Chrome (49.0.2623.87) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Kade Desktop Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 


#12 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 12 March 2016 - 07:21 PM

Hello :)

The logs look good, the items ESET found were already neutralized, and Malwarebytes cleaned out quite a bit.

Let's update a couple of out of date programs that SecurityCheck found. How is the machine running?


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Java Information and Update

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java

Please read this article about Java.

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version.

javara_zpshnkbqglv.jpg


Step 2: Adobe Reader Update

Updating Adobe Reader
  • Malware will exploit any vulnerabilities it can find in outdated software. If you are using Adobe Reader for reading pdf files, try using FoxIt Reader. It is a very capable alternative to Adobe.
  • Please click here to download FoxIt Reader.
  • If you wish to continue to use Adobe Reader, then please update it by clicking here.
  • Please remember to uncheck the option to install McAfee's Security Suite.
Please let me know when these are completed and let me know how the machine is running. :thumbsup:

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#13 jolivier

jolivier
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Iberia, Louisiana
  • Local time:02:04 AM

Posted 13 March 2016 - 04:34 PM

I did all what you have stated, system is working PERFECT!



#14 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 13 March 2016 - 04:40 PM

I did all what you have stated, system is working PERFECT!


Excellent! Just what I wanted to hear. :thumbup2: Let's remove my tools and create a new, clean restore point. I also have some information for you about preventing infections.

Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
  • You can uninstall ESET Online Scanner at this time.
  • I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.
Step 2: Tips, Information, and Optional Installation of Unchecky
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go. :)
To help protect yourself while on the web, I recommend you read How did I get infected in the first place?


Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.
  • Click here to be taken to Unchecky.com
  • Click the very large Download button.
  • Click Save
  • Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)
  • Once open, click the Install button.
unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:


Things I need to see in your next post

Delfix Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#15 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 16 March 2016 - 05:35 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users