Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I cured


  • Please log in to reply
3 replies to this topic

#1 Nichan02301

Nichan02301

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:41 PM

Posted 10 March 2016 - 08:00 PM

Working on a windows 8.1 laptop that had been infected, believe infection in gone but would like to make sure, I have run Adwcleaner and have the results of frst ready to upload



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:41 PM

Posted 10 March 2016 - 08:26 PM

Post the results of the AdwCleaner scan along with the results of a MBAM scan, JRT scan and an Eset scan.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 


  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Nichan02301

Nichan02301
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:41 PM

Posted 13 March 2016 - 02:57 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 8.1 x64 
Ran by rutheski (Administrator) on Fri 03/11/2016 at 17:32:51.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 13 
 
Failed to delete: C:\Users\rutheski\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\ProgramData\28341ff220e0446c9fff27c4493d622e (Folder) 
Successfully deleted: C:\user.js (File) 
Successfully deleted: C:\Users\rutheski\AppData\Local\installer (Folder) 
Successfully deleted: C:\Users\rutheski\Appdata\LocalLow\company (Folder) 
Successfully deleted: C:\WINDOWS\system32\Tasks\GoogleUp (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Googleuptodate (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\import (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\win (Task)
Successfully deleted: C:\Program Files (x86)\GUT6BA1.tmp (File) 
Successfully deleted: C:\Program Files (x86)\osdownloader (Folder) 
Successfully deleted: C:\Users\rutheski\AppData\Roaming\appdataFr3.bin (File) 
Successfully deleted: C:\WINDOWS\prefetch\SPEEDUP_SOFT_PARTNER.TMP-AF9D4D91.pf (File) 
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F35FB240-8DB5-43D5-A3BD-2AC0E40CE075} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{F35FB240-8DB5-43D5-A3BD-2AC0E40CE075} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/11/2016 at 17:35:41.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by rutheski (2016-03-10 19:32:29)
Running from F:\Tools
Windows 8.1 (X64) (2015-02-17 00:58:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2401409988-3437028751-200235451-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2401409988-3437028751-200235451-501 - Limited - Disabled)
rutheski (S-1-5-21-2401409988-3437028751-200235451-1002 - Administrator - Enabled) => C:\Users\rutheski
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{301D3AA1-5DCC-FCFD-622E-3C7CBA87C80F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4503 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes en-US (HKLM-x32\...\{C438C1D0-A46C-4BFA-AFCD-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.75 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4525FF56-E096-42F4-BB64-52AAA8B3D893}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.54 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.54 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.54 - Softex Inc.) Hidden
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2401409988-3437028751-200235451-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03DB8F9E-57E8-4C55-BD81-34F4513A7729} - \SushiLeads -> No File <==== ATTENTION
Task: {08172D47-2470-48DE-A12C-1C60F1C06B63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-16] (Google Inc.)
Task: {0EB20088-C783-4B66-AEBB-70ADD50C18AF} - \ShopperPro -> No File <==== ATTENTION
Task: {14421A99-8EAB-460C-B411-9D43FCBCCDE1} - System32\Tasks\import => C:\Windows\system32\Mint.exe
Task: {1CB1DD44-6645-419B-87F0-939284ADCF60} - \HDNINSTSCHD -> No File <==== ATTENTION
Task: {20B56A8B-CBEB-44C8-9B56-D96098D10055} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {2A70BD39-1AD7-4A36-8CA4-C06C2E1672D2} - \ShopperProJSUpd -> No File <==== ATTENTION
Task: {2AA514E4-0F08-4468-BB88-A10A94EFDE91} - \56e38438-35a1-44dc-ab3c-60bac4578bf5-10_user -> No File <==== ATTENTION
Task: {2F83F1C3-87FE-4CC5-8911-1DC97BDD663C} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {31E1387A-76F3-417F-941B-6F2E953832CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {3A530EE2-52C9-4205-A47E-CDF5DCB03202} - System32\Tasks\Googleuptodate => C:\Windows\system32\Wimboldon.exe <==== ATTENTION
Task: {3BF332B6-5425-4FC6-B5DD-1673F170DDA2} - \UPDTEXE4_WDR -> No File <==== ATTENTION
Task: {3DBC56AA-FD47-40B8-9115-2BF653C57BFA} - \0bd447ad-5361-46fb-a09f-d30b0878b98c-10_user -> No File <==== ATTENTION
Task: {4601FBD3-68CB-4926-BC45-9F9F78258495} - \3cd36696-7a18-4867-9318-885da1545ac5-3 -> No File <==== ATTENTION
Task: {47D110E9-9E4D-4414-8E44-E72F8E8DC2F8} - \3cd36696-7a18-4867-9318-885da1545ac5-1-6 -> No File <==== ATTENTION
Task: {51C42941-ED48-4507-B21D-56782496EA91} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {5C75F700-E18E-4F1E-9366-A196014B9C48} - \3cd36696-7a18-4867-9318-885da1545ac5-5_user -> No File <==== ATTENTION
Task: {60670B7B-C4AD-4EF2-A992-A6B4434DA632} - \Glopbbiq -> No File <==== ATTENTION
Task: {6406DF08-3C2F-4549-91E5-8C4E7E922F26} - System32\Tasks\MyDailyBackup => C:\Windows\system32\winupd.exe <==== ATTENTION
Task: {6EAFE071-0761-4775-B409-CB51C6CF5B25} - \SMupdate1 -> No File <==== ATTENTION
Task: {72CFA326-CA92-4B21-A53B-06D469D43A52} - \SPDriver -> No File <==== ATTENTION
Task: {75511588-4E73-4983-A4BA-18882DCE0251} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-06] (Microsoft Corporation)
Task: {76A360CA-1FFE-4FAA-B742-EB35B7672DA3} - \0bd447ad-5361-46fb-a09f-d30b0878b98c-3 -> No File <==== ATTENTION
Task: {78A01D64-26BE-421B-A03E-02D9007BEF5F} - \boosterpop -> No File <==== ATTENTION
Task: {7AC9A552-3A02-42A4-81CE-E31588D6011C} - System32\Tasks\Jnaufceor => C:\ProgramData\Jnaufceor\1.0.6.1\ieseseku.exe
Task: {7CB75700-932A-4349-8C71-21A7D573140C} - \Optimizer Pro Schedule -> No File <==== ATTENTION
Task: {7F862050-829C-4478-B6F6-D091A55E0B54} - \IE_ERR4WDR -> No File <==== ATTENTION
Task: {80222E9B-29B4-4E60-93C7-329EC934EB09} - \bvxvexvbg -> No File <==== ATTENTION
Task: {814C20A4-AA9B-41D6-B742-371A7B410897} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {821D74CC-6AA6-43CC-B9B8-1568A2B1CECC} - \Crossbrowse -> No File <==== ATTENTION
Task: {84C39DC0-CA9F-48FE-8BBB-4BDB82E86FB6} - \newSI_42074 -> No File <==== ATTENTION
Task: {89C07A91-D6E1-4E43-BA25-E728B5511694} - \56e38438-35a1-44dc-ab3c-60bac4578bf5-7 -> No File <==== ATTENTION
Task: {8C032135-24E1-4366-B06C-8269A7A0EC6C} - System32\Tasks\win => C:\Windows\system32\win.exe
Task: {8C9E8D5C-0814-488E-9D12-693EFD60B79C} - \Superclean -> No File <==== ATTENTION
Task: {8DF417AC-4179-4F99-8F52-6916B3CEFD66} - \56e38438-35a1-44dc-ab3c-60bac4578bf5-6 -> No File <==== ATTENTION
Task: {8EA4BB5A-C3AE-41B3-87D4-9D7770C08D61} - \56e38438-35a1-44dc-ab3c-60bac4578bf5-1-7 -> No File <==== ATTENTION
Task: {90003AA3-FFBA-4638-B32D-FDA8683FEE53} - \3cd36696-7a18-4867-9318-885da1545ac5-7 -> No File <==== ATTENTION
Task: {916AFFAA-AC19-416C-936C-7C4B541BA5C0} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {9606B3E5-944B-45C0-9CC7-D90296EFC2C5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {96FD58D7-421E-4A1B-938E-9CE73C2C35C3} - \WordWizard Auto Updater 1.10.0.24 Core -> No File <==== ATTENTION
Task: {97A8C50C-34A8-4894-84D2-F5D0AD73F288} - \3cd36696-7a18-4867-9318-885da1545ac5-6 -> No File <==== ATTENTION
Task: {9BF65DC2-8A24-407C-A242-49F4107919F7} - \WordWizard Auto Updater 1.10.0.24 Pending Update -> No File <==== ATTENTION
Task: {9D20DCE8-9C52-4CB3-9A26-11318C9AB5F9} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTION
Task: {A0481C1A-7C46-49B4-A65A-0F6AA3FD620B} - \TunePro360 Updater -> No File <==== ATTENTION
Task: {A58C3DEB-3D30-449F-A870-68663C94D82C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {A80795CF-EADC-438F-9929-B77DE62638D0} - \56e38438-35a1-44dc-ab3c-60bac4578bf5-1-6 -> No File <==== ATTENTION
Task: {AC5A90E1-7DFA-40F6-B871-681EE9B2785F} - \Inst_Rep -> No File <==== ATTENTION
Task: {B408B4A0-DEE9-4954-ADB6-779EEAD1F31C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {B4E0C6AD-E1FF-4A34-A96F-AC0FDEEC0A15} - \3cd36696-7a18-4867-9318-885da1545ac5-10_user -> No File <==== ATTENTION
Task: {B918F9F1-5DE4-4DD1-84EC-8467FD9579EE} - \56e38438-35a1-44dc-ab3c-60bac4578bf5-5_user -> No File <==== ATTENTION
Task: {C939DB7C-FDCC-44C8-B7BC-5F28D9C37E46} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {CE6C0DAE-48F9-49E9-9872-CFCA2C0D44D4} - \DrspeedyPc Secure -> No File <==== ATTENTION
Task: {CFC6DF36-AA54-4217-BC11-162424964442} - \56e38438-35a1-44dc-ab3c-60bac4578bf5-5 -> No File <==== ATTENTION
Task: {D14DD89E-0381-42FD-B933-E2609C8BFB92} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-26] (Synaptics Incorporated)
Task: {DBCA7C96-10C4-4DF1-B7A4-1CAFAA5BC140} - System32\Tasks\TqbMa3FWKKbgLzbE => C:\Users\rutheski\AppData\Roaming\TqbMa3FWKKbgLzbE.exe <==== ATTENTION
Task: {DE901119-6640-4B85-A357-1D8E7933025C} - \SPBIW_UpdateTask_Time_343139353539343037372d7855236c575a4a5741415034 -> No File <==== ATTENTION
Task: {DF52DDC4-AD24-4736-9287-B8163D8F3CCB} - \56e38438-35a1-44dc-ab3c-60bac4578bf5-3 -> No File <==== ATTENTION
Task: {E06504CA-DE28-4364-B1E3-0C86E9CF8619} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {E1507F12-51D8-4DB9-9FB6-29CD91C8C105} - \Optscan -> No File <==== ATTENTION
Task: {E402ABB5-875A-4CF2-8F32-2330EE33D4BF} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {E57A5A47-49F4-4864-98DE-C63E0A956506} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {EA576353-E230-49C7-8462-86075EEDBA01} - \3cd36696-7a18-4867-9318-885da1545ac5-5 -> No File <==== ATTENTION
Task: {EE19D448-FEDD-46ED-A1D4-42F578C9C6C1} - System32\Tasks\GoogleUp => C:\Windows\system32\hsysinfo.exe <==== ATTENTION
Task: {EE756C01-ECF8-4CDC-B228-3CAD38CF430E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-16] (Google Inc.)
Task: {F56A6905-8275-46EE-BF63-7712F4F9E5DE} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {FF09B0CF-E720-4FB6-8620-B599243CBE0C} - \3cd36696-7a18-4867-9318-885da1545ac5-1-7 -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\TqbMa3FWKKbgLzbE.job => C:\Users\rutheski\AppData\Roaming\TqbMa3FWKKbgLzbE.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-09-26 13:26 - 2013-09-26 13:26 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-09-26 13:32 - 2013-09-26 13:32 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-09-26 13:28 - 2013-09-26 13:28 - 02540544 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-09-26 13:25 - 2013-09-26 13:25 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-09-26 13:25 - 2013-09-26 13:25 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-09-26 13:25 - 2013-09-26 13:25 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-09-26 13:39 - 2013-09-26 13:39 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-09-26 13:39 - 2013-09-26 13:39 - 01298832 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-09-25 09:49 - 2013-09-25 09:49 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-09-25 09:48 - 2013-09-25 09:48 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-02-24 11:20 - 2015-10-13 04:34 - 00105640 _____ () C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\ApiClient.dll
2015-11-29 17:46 - 2015-11-29 17:46 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-26 13:34 - 2013-09-26 13:34 - 00064000 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-10-24 23:01 - 2015-10-24 23:01 - 00082432 _____ () C:\Program Files\WindowsApps\2703103D.McAfeeCentral_4.5.153.1_x64__4ehj4w4frejdr\McCloudShim.dll
2013-11-27 13:52 - 2013-02-01 14:16 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\fl_core.dll
2013-11-27 13:52 - 2013-02-01 14:16 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_asr.dll
2013-11-27 13:52 - 2013-02-01 14:16 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_base.dll
2013-11-27 13:52 - 2013-02-01 14:16 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_pron.dll
2013-11-27 13:52 - 2013-02-01 14:16 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_platform.dll
2013-11-27 13:52 - 2013-02-01 14:16 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\sdxg.dll
2013-11-27 13:52 - 2013-02-01 14:15 - 00027136 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll
2013-11-27 13:46 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2015-03-15 16:44 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2401409988-3437028751-200235451-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\rutheski\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "PCAcceleratePro"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => "gmsd_us_005010123"
HKU\S-1-5-21-2401409988-3437028751-200235451-1002\...\StartupApproved\Run: => "Itibiti.exe"
HKU\S-1-5-21-2401409988-3437028751-200235451-1002\...\StartupApproved\Run: => "YTDownloader"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CEF387D3-7302-41BC-A69D-A7B8397AAF8A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FC07E070-9749-42BD-8E2E-1A6946387A55}] => (Allow) LPort=2869
FirewallRules: [{540C58B6-7AEC-4761-9B8B-F5C771892FC3}] => (Allow) LPort=1900
FirewallRules: [{338E4A94-8313-4566-BC8E-4C2099DBD346}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{E120052A-57F6-48A3-956A-BDC7AE12CDB2}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{3A6CA381-4463-403B-8012-3D31C0F953BB}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{ED663641-C6B3-4CF2-B7DD-BC194227DA75}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{7BCAEB16-DD19-4E9F-BBFA-93CB4D17D2AD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{C1899FCB-DD87-460B-85D8-4E13A698FD82}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{3DB0CEDC-6119-44A5-9A15-21A17D6C614E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5E99F501-A9AE-4421-93A6-6EFE554A78AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8A516B35-A95D-46EF-A8F8-3090A55A40F3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{15D9B96C-7244-49F4-9375-FB689BC43C63}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B9AD64D6-A2BF-40FE-9B7F-CAFE6E37DFB1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{C913A00C-8E32-4F4F-A2DA-A6C2309C1D92}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{4068D0B4-70ED-4E89-9480-8FD5BAED978B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{0F31E9CF-80B9-45D2-9B42-E25C4BC57D69}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{C9AEEE60-B3A3-4489-89BD-E033109A4132}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{3189F87A-E6A9-4A46-A8D3-E41DCE379CF8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{61C93E39-05BA-4699-B4A7-84F48530EBA7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{813A4CB7-A4DF-4BDA-A83A-CAA1A31602A9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{10C0A473-DC8A-4A6D-8953-D95B0FB81E95}] => (Allow) C:\Users\rutheski\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{B9448654-6D7A-4948-9D93-A23311BD8186}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4622C1D3-28F5-43C1-BEDC-4E70A6576171}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
 
==================== Restore Points =========================
 
23-11-2015 16:25:06 Windows Update
06-03-2016 18:47:10 Windows Update
06-03-2016 19:28:34 Malwarebytes Anti-Rootkit Restore Point
08-03-2016 19:45:50 Removed HP 3D DriveGuard.
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/08/2016 08:03:46 PM) (Source: MsiInstaller) (EventID: 11722) (User: Spider2)
Description: Product: HP 3D DriveGuard -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action RemoveMobilityCenterTile64, location: C:\WINDOWS\Installer\MSIC48C.tmp, command: /uninstalltile
 
Error: (03/08/2016 07:45:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary McAfee Inc. mfencbdc.
 
System Error:
The system cannot find the file specified.
.
 
Error: (03/08/2016 07:45:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AccelerometerSt.exe, version: 6.0.15.1, time stamp: 0x51f03a32
Faulting module name: mfc110u.dll, version: 6.3.9600.18202, time stamp: 0x569e7d02
Exception code: 0xc0000135
Fault offset: 0x00000000000ecdd0
Faulting process id: 0x100c
Faulting application start time: 0xAccelerometerSt.exe0
Faulting application path: AccelerometerSt.exe1
Faulting module path: AccelerometerSt.exe2
Report Id: AccelerometerSt.exe3
Faulting package full name: AccelerometerSt.exe4
Faulting package-relative application ID: AccelerometerSt.exe5
 
Error: (03/08/2016 07:45:09 PM) (Source: YSearchUtilSvc) (EventID: 0) (User: )
Description: YSearchUtilSvc error: The operation completed successfully. (0x0)Could not open service (1060)
 
Error: (03/08/2016 05:47:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (03/08/2016 01:21:06 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (03/06/2016 07:34:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AccelerometerSt.exe, version: 6.0.15.1, time stamp: 0x51f03a32
Faulting module name: mfc110u.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000135
Fault offset: 0x00000000000ec4e0
Faulting process id: 0xc70
Faulting application start time: 0xAccelerometerSt.exe0
Faulting application path: AccelerometerSt.exe1
Faulting module path: AccelerometerSt.exe2
Report Id: AccelerometerSt.exe3
Faulting package full name: AccelerometerSt.exe4
Faulting package-relative application ID: AccelerometerSt.exe5
 
Error: (03/06/2016 05:32:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AccelerometerSt.exe, version: 6.0.15.1, time stamp: 0x51f03a32
Faulting module name: mfc110u.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000135
Fault offset: 0x00000000000ec4e0
Faulting process id: 0xb50
Faulting application start time: 0xAccelerometerSt.exe0
Faulting application path: AccelerometerSt.exe1
Faulting module path: AccelerometerSt.exe2
Report Id: AccelerometerSt.exe3
Faulting package full name: AccelerometerSt.exe4
Faulting package-relative application ID: AccelerometerSt.exe5
 
Error: (03/06/2016 05:31:28 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (11/29/2015 05:35:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AccelerometerSt.exe, version: 6.0.15.1, time stamp: 0x51f03a32
Faulting module name: mfc110u.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000135
Fault offset: 0x00000000000ec4e0
Faulting process id: 0x1660
Faulting application start time: 0xAccelerometerSt.exe0
Faulting application path: AccelerometerSt.exe1
Faulting module path: AccelerometerSt.exe2
Report Id: AccelerometerSt.exe3
Faulting package full name: AccelerometerSt.exe4
Faulting package-relative application ID: AccelerometerSt.exe5
 
 
System errors:
=============
Error: (03/10/2016 07:22:12 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
Error: (03/10/2016 07:21:09 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (03/10/2016 07:20:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (03/10/2016 07:20:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/10/2016 07:20:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/10/2016 07:20:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HPWMISVC service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/10/2016 07:20:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dragon Notes Core service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (03/10/2016 07:20:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (03/10/2016 07:20:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/10/2016 07:20:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AdaptiveSleepService service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2015-10-24 22:06:11.097
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\WeWatcherLSP64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-24 22:06:10.217
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\WeWatcherLSP64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-24 22:06:09.317
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\WeWatcherLSP64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-24 22:06:08.033
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\WeWatcherLSP64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-5200 APU with Radeon™ HD Graphics 
Percentage of memory in use: 24%
Total physical RAM: 5602.07 MB
Available physical RAM: 4221.11 MB
Total Virtual: 11490.07 MB
Available Virtual: 10140.84 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:677.51 GB) (Free:625.64 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.36 GB) (Free:2.08 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:167.82 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: ADE6A5EE)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 618E87F2)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/11/2016
Scan Time: 7:15 AM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.11.02
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: rutheski
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 380941
Time Elapsed: 52 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 35
PUP.Optional.SushiLeads, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{03DB8F9E-57E8-4C55-BD81-34F4513A7729}, Delete-on-Reboot, [2658fa8ca7f216205ff4df3347bcd927], 
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0EB20088-C783-4B66-AEBB-70ADD50C18AF}, Delete-on-Reboot, [3d410f77f9a0bb7b63e44bc74eb5e11f], 
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2A70BD39-1AD7-4A36-8CA4-C06C2E1672D2}, Delete-on-Reboot, [a5d9fb8bcacf6dc93e09fe835aaa8779], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2AA514E4-0F08-4468-BB88-A10A94EFDE91}, Delete-on-Reboot, [433b0086a3f6ca6c41c2a0707d8647b9], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3DBC56AA-FD47-40B8-9115-2BF653C57BFA}, Delete-on-Reboot, [7707bcca2970d85e70930a060ef5e020], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4601FBD3-68CB-4926-BC45-9F9F78258495}, Delete-on-Reboot, [5e200e7888116cca986b977929da3bc5], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{47D110E9-9E4D-4414-8E44-E72F8E8DC2F8}, Delete-on-Reboot, [601e05811b7e7db955ae7d93cc3711ef], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5C75F700-E18E-4F1E-9366-A196014B9C48}, Delete-on-Reboot, [38465c2adebbe15528db59b752b118e8], 
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{72CFA326-CA92-4B21-A53B-06D469D43A52}, Delete-on-Reboot, [4a3489fdc9d00c2a49ff3d44897b34cc], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{76A360CA-1FFE-4FAA-B742-EB35B7672DA3}, Delete-on-Reboot, [ea94473f69304de9d52e1cf4e41f4eb2], 
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7CB75700-932A-4349-8C71-21A7D573140C}, Delete-on-Reboot, [6e106e18aeebcf671f483ed3a65d0ff1], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{80222E9B-29B4-4E60-93C7-329EC934EB09}, Delete-on-Reboot, [3747ea9cd3c62511b0c11869f311a957], 
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{821D74CC-6AA6-43CC-B9B8-1568A2B1CECC}, Delete-on-Reboot, [4d311076ecad58de7e11265d05ff2cd4], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{89C07A91-D6E1-4E43-BA25-E728B5511694}, Delete-on-Reboot, [f38beb9b0f8a3501f70cf020758e926e], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8DF417AC-4179-4F99-8F52-6916B3CEFD66}, Delete-on-Reboot, [ea94f393edac3600f21131df93709e62], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8EA4BB5A-C3AE-41B3-87D4-9D7770C08D61}, Delete-on-Reboot, [2c52b5d10a8fdc5a9a6936da46bd41bf], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{90003AA3-FFBA-4638-B32D-FDA8683FEE53}, Delete-on-Reboot, [b7c7dcaa8514a88ec142be524fb4fb05], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{97A8C50C-34A8-4894-84D2-F5D0AD73F288}, Delete-on-Reboot, [f68812741b7eee48c83bf81828db966a], 
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9D20DCE8-9C52-4CB3-9A26-11318C9AB5F9}, Delete-on-Reboot, [2658f393aced7fb77f66344c8f75e21e], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A80795CF-EADC-438F-9929-B77DE62638D0}, Delete-on-Reboot, [116d097d3366d56145be90802cd71be5], 
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AC5A90E1-7DFA-40F6-B871-681EE9B2785F}, Delete-on-Reboot, [a4da2a5c920762d474f56a187094bf41], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B4E0C6AD-E1FF-4A34-A96F-AC0FDEEC0A15}, Delete-on-Reboot, [b1cde79ff9a0be7811f266aad3309f61], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B918F9F1-5DE4-4DD1-84EC-8467FD9579EE}, Delete-on-Reboot, [d3abf49279203df924df8c84ae557987], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CFC6DF36-AA54-4217-BC11-162424964442}, Delete-on-Reboot, [99e542442178c4727f84d9379c6707f9], 
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DE901119-6640-4B85-A357-1D8E7933025C}, Delete-on-Reboot, [f28cdfa7aeeb33033433f58ce61ecf31], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DF52DDC4-AD24-4736-9287-B8163D8F3CCB}, Delete-on-Reboot, [92ec137387121d1935ceb45c818251af], 
PUP.Optional.OptScan, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E1507F12-51D8-4DB9-9FB6-29CD91C8C105}, Delete-on-Reboot, [4d3153337f1ac86ef899740f0ef60df3], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EA576353-E230-49C7-8462-86075EEDBA01}, Delete-on-Reboot, [f28cb5d1a0f9221408fbdf31e221d32d], 
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FF09B0CF-E720-4FB6-8620-B599243CBE0C}, Delete-on-Reboot, [423cdfa71386b086c93a1cf47b885ca4], 
PUP.Optional.FindingDiscount, HKLM\SOFTWARE\WOW6432NODE\Windows Discount, Quarantined, [5f1f8204cacf4ee860aec0579a69b54b], 
PUP.Optional.NetService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\NETTCPHANDLER, Quarantined, [aed005815a3f73c35d86561fe024da26], 
PUP.Optional.Shopperz.BrwsrFlsh, HKU\.DEFAULT\SOFTWARE\MICROSOFT\INTERNET EXPLORER\INTERNETREGISTRY\REGISTRY\USER\S-1-5-18\SOFTWARE\shopperz04082015, Quarantined, [82fc077fe7b23cfab844423170949967], 
PUP.Optional.InstantSupport, HKU\S-1-5-21-2401409988-3437028751-200235451-1002\SOFTWARE\ISTab, Quarantined, [e29c5d299efbcc6a2ffd97da62a225db], 
PUP.Optional.FindingDiscount, HKU\S-1-5-21-2401409988-3437028751-200235451-1002\SOFTWARE\Windows Discount, Quarantined, [730b493dcfcab18549c4ea2dcd36d52b], 
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-2401409988-3437028751-200235451-1002\SOFTWARE\APTAB, Quarantined, [82fca7dfd9c081b50ac1e28f38ccce32], 
 
Registry Values: 36
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, Quarantined, [621ce1a5a5f4c472b7ef9bc8cc38f30d], 
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\CLASSES\WOW6432NODE\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, Quarantined, [1767414511882d09a8fee38048bc01ff], 
PUP.Optional.SushiLeads, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{03DB8F9E-57E8-4C55-BD81-34F4513A7729}|Path, \SushiLeads, Delete-on-Reboot, [2658fa8ca7f216205ff4df3347bcd927]
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0EB20088-C783-4B66-AEBB-70ADD50C18AF}|Path, \ShopperPro, Delete-on-Reboot, [3d410f77f9a0bb7b63e44bc74eb5e11f]
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2A70BD39-1AD7-4A36-8CA4-C06C2E1672D2}|Path, \ShopperProJSUpd, Delete-on-Reboot, [a5d9fb8bcacf6dc93e09fe835aaa8779]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2AA514E4-0F08-4468-BB88-A10A94EFDE91}|Path, \56e38438-35a1-44dc-ab3c-60bac4578bf5-10_user, Delete-on-Reboot, [433b0086a3f6ca6c41c2a0707d8647b9]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{3DBC56AA-FD47-40B8-9115-2BF653C57BFA}|Path, \0bd447ad-5361-46fb-a09f-d30b0878b98c-10_user, Delete-on-Reboot, [7707bcca2970d85e70930a060ef5e020]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4601FBD3-68CB-4926-BC45-9F9F78258495}|Path, \3cd36696-7a18-4867-9318-885da1545ac5-3, Delete-on-Reboot, [5e200e7888116cca986b977929da3bc5]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{47D110E9-9E4D-4414-8E44-E72F8E8DC2F8}|Path, \3cd36696-7a18-4867-9318-885da1545ac5-1-6, Delete-on-Reboot, [601e05811b7e7db955ae7d93cc3711ef]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5C75F700-E18E-4F1E-9366-A196014B9C48}|Path, \3cd36696-7a18-4867-9318-885da1545ac5-5_user, Delete-on-Reboot, [38465c2adebbe15528db59b752b118e8]
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{72CFA326-CA92-4B21-A53B-06D469D43A52}|Path, \SPDriver, Delete-on-Reboot, [4a3489fdc9d00c2a49ff3d44897b34cc]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{76A360CA-1FFE-4FAA-B742-EB35B7672DA3}|Path, \0bd447ad-5361-46fb-a09f-d30b0878b98c-3, Delete-on-Reboot, [ea94473f69304de9d52e1cf4e41f4eb2]
PUP.Optional.OptimizerPro, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7CB75700-932A-4349-8C71-21A7D573140C}|Path, \Optimizer Pro Schedule, Delete-on-Reboot, [6e106e18aeebcf671f483ed3a65d0ff1]
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{80222E9B-29B4-4E60-93C7-329EC934EB09}|Path, \bvxvexvbg, Delete-on-Reboot, [3747ea9cd3c62511b0c11869f311a957]
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{821D74CC-6AA6-43CC-B9B8-1568A2B1CECC}|Path, \Crossbrowse, Delete-on-Reboot, [4d311076ecad58de7e11265d05ff2cd4]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{89C07A91-D6E1-4E43-BA25-E728B5511694}|Path, \56e38438-35a1-44dc-ab3c-60bac4578bf5-7, Delete-on-Reboot, [f38beb9b0f8a3501f70cf020758e926e]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8DF417AC-4179-4F99-8F52-6916B3CEFD66}|Path, \56e38438-35a1-44dc-ab3c-60bac4578bf5-6, Delete-on-Reboot, [ea94f393edac3600f21131df93709e62]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{8EA4BB5A-C3AE-41B3-87D4-9D7770C08D61}|Path, \56e38438-35a1-44dc-ab3c-60bac4578bf5-1-7, Delete-on-Reboot, [2c52b5d10a8fdc5a9a6936da46bd41bf]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{90003AA3-FFBA-4638-B32D-FDA8683FEE53}|Path, \3cd36696-7a18-4867-9318-885da1545ac5-7, Delete-on-Reboot, [b7c7dcaa8514a88ec142be524fb4fb05]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{97A8C50C-34A8-4894-84D2-F5D0AD73F288}|Path, \3cd36696-7a18-4867-9318-885da1545ac5-6, Delete-on-Reboot, [f68812741b7eee48c83bf81828db966a]
PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9D20DCE8-9C52-4CB3-9A26-11318C9AB5F9}|Path, \PC SpeedUp Service Deactivator, Delete-on-Reboot, [2658f393aced7fb77f66344c8f75e21e]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A80795CF-EADC-438F-9929-B77DE62638D0}|Path, \56e38438-35a1-44dc-ab3c-60bac4578bf5-1-6, Delete-on-Reboot, [116d097d3366d56145be90802cd71be5]
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{AC5A90E1-7DFA-40F6-B871-681EE9B2785F}|Path, \Inst_Rep, Delete-on-Reboot, [a4da2a5c920762d474f56a187094bf41]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B4E0C6AD-E1FF-4A34-A96F-AC0FDEEC0A15}|Path, \3cd36696-7a18-4867-9318-885da1545ac5-10_user, Delete-on-Reboot, [b1cde79ff9a0be7811f266aad3309f61]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B918F9F1-5DE4-4DD1-84EC-8467FD9579EE}|Path, \56e38438-35a1-44dc-ab3c-60bac4578bf5-5_user, Delete-on-Reboot, [d3abf49279203df924df8c84ae557987]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CFC6DF36-AA54-4217-BC11-162424964442}|Path, \56e38438-35a1-44dc-ab3c-60bac4578bf5-5, Delete-on-Reboot, [99e542442178c4727f84d9379c6707f9]
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DE901119-6640-4B85-A357-1D8E7933025C}|Path, \SPBIW_UpdateTask_Time_343139353539343037372d7855236c575a4a5741415034, Delete-on-Reboot, [f28cdfa7aeeb33033433f58ce61ecf31]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DF52DDC4-AD24-4736-9287-B8163D8F3CCB}|Path, \56e38438-35a1-44dc-ab3c-60bac4578bf5-3, Delete-on-Reboot, [92ec137387121d1935ceb45c818251af]
PUP.Optional.OptScan, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E1507F12-51D8-4DB9-9FB6-29CD91C8C105}|Path, \Optscan, Delete-on-Reboot, [4d3153337f1ac86ef899740f0ef60df3]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{EA576353-E230-49C7-8462-86075EEDBA01}|Path, \3cd36696-7a18-4867-9318-885da1545ac5-5, Delete-on-Reboot, [f28cb5d1a0f9221408fbdf31e221d32d]
PUP.Optional.CrossRider, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FF09B0CF-E720-4FB6-8620-B599243CBE0C}|Path, \3cd36696-7a18-4867-9318-885da1545ac5-1-7, Delete-on-Reboot, [423cdfa71386b086c93a1cf47b885ca4]
PUP.Optional.CrossBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\.XHTML\OPENWITHPROGIDS|CRSBRWSHTML, Quarantined, [cab4ec9a5247c373891d045fbc4839c7], 
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SVCHOST|ORBTR, Orbiter^^, Quarantined, [a1dd6422c8d1c175c440d3448b78669a]
PUP.Optional.NetService, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\NETTCPHANDLER|EventMessageFile, C:\Users\rutheski\AppData\Roaming\NetService\netservice.exe -start, Quarantined, [aed005815a3f73c35d86561fe024da26]
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-2401409988-3437028751-200235451-1002\SOFTWARE\APTAB|hb, 1, Quarantined, [82fca7dfd9c081b50ac1e28f38ccce32]
PUP.Optional.PCAcceleratePro, HKU\S-1-5-21-2401409988-3437028751-200235451-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|PCAcceleratePro.exe, 8888, Quarantined, [09750383a3f6cc6a6a9a6c0828dc37c9]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|wb.exe->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ozjxbbnwjv.reg
HKLM\SOFTWARE\Classes\.shtml\OpenWithProgIDs|CRSBRWSHTML->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_svyudcypzf.reg
HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs|CRSBRWSHTML->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_atpxkceyye.reg
HKLM\SOFTWARE\Classes\.xht\OpenWithProgIDs|CRSBRWSHTML->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_yqejuicrtg.reg
HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_igdoigzugj.reg
HKLM\SOFTWARE\MICROSOFT\SystemCertificates\Root\Certificates\D830B6B8939ACB4928401060203BB648456BB4F8->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_psapuekzzp.reg
HKLM\SOFTWARE\MICROSOFT\SystemCertificates\Root\Certificates\F53E693DDABF57A88A9B12B608B09B26C0608B74->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_lglrrcsexh.reg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\jg.exe->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_shjwjwquoj.reg
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Peakoar->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_tinjpfhfsc.reg
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WeWatcherProxy->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_mhsthruplr.reg
HKLM\SOFTWARE\4eb9a394-5336-469d-b0f5-6675ced86496->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_sddpiknkhe.reg
HKLM\SOFTWARE\5199bda1-d366-429e-8d70-4689d8d9c320->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ewvuqququd.reg
HKLM\SOFTWARE\9c7efdc4-093d-4494-bea3-c8c74a80e705->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_kpkqoegnqq.reg
HKLM\SOFTWARE\d03038e3-4520-565b-e9a5-24ea059b30fe->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_chmedakvmk.reg
HKLM\SOFTWARE\Classes\P83ef0bf4_eadc_49c7_9a1d_60cb20c84a6b_.P83ef0bf4_eadc_49c7_9a1d_60cb20c84a6b_->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_fkzerzafxq.reg
HKLM\SOFTWARE\Classes\P83ef0bf4_eadc_49c7_9a1d_60cb20c84a6b_.P83ef0bf4_eadc_49c7_9a1d_60cb20c84a6b_.9->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_cxrthwclpy.reg
HKLM\SOFTWARE\Classes\Pa2b71355_d4ea_4400_bb1e_9caa0965a94f_.Pa2b71355_d4ea_4400_bb1e_9caa0965a94f_->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_kksjcfaycl.reg
HKLM\SOFTWARE\Classes\Pa2b71355_d4ea_4400_bb1e_9caa0965a94f_.Pa2b71355_d4ea_4400_bb1e_9caa0965a94f_.9->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ycbfunfcfp.reg
HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_xyszhasmcr.reg
HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_fjvwjygdhp.reg
HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_usyslrlygk.reg
HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ghouadtcvl.reg
HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_oosvvujyvt.reg
HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_kstqllzhwb.reg
HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_oxnwjujyxy.reg
HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_fkvxafdtom.reg
HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_hdidvlucna.reg
HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_gyyoxtrqnd.reg
HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_zwrybxmgcu.reg
HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_akypptlimp.reg
HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_hgccinmzky.reg
HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_zdrkuhycux.reg
HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_cpsieqjeom.reg
HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_affnvzdzqz.reg
HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_rrzubqmrvy.reg
HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_asocplsnwq.reg
HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ebjopnkntz.reg
HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ngnhlzdlrh.reg
HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_qnbfihqhkm.reg
HKLM\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_wijztltuuo.reg
HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_oxgvkkrxer.reg
HKLM\SOFTWARE\Classes\CLSID\{83ef0bf4-eadc-49c7-9a1d-60cb20c84a6b}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_kpvqukrria.reg
HKLM\SOFTWARE\Classes\CLSID\{a2b71355-d4ea-4400-bb1e-9caa0965a94f}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_yvkzugjnbw.reg
HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ntoshpsovp.reg
HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_uohumgpwgt.reg
HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_lsbttxdkvc.reg
HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ucqejhyhmh.reg
HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_oipqzziwgf.reg
HKLM\SOFTWARE\Classes\Interface\{B08006D8-1D22-458E-9370-F459542E5AF2}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_odvjgnmrqu.reg
HKLM\SOFTWARE\Classes\Interface\{B7298E57-3046-4F2A-B8C6-78CC8A60020C}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_vyssgymlhf.reg
HKLM\SOFTWARE\Classes\Interface\{CB747D69-2EE7-40C0-BE35-BA6ED3EEA8A3}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ddkwfedagl.reg
HKLM\SOFTWARE\Classes\Interface\{DB559C6A-03B9-4961-9BC3-80D769710C2D}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_eicbnpwdnu.reg
HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_lolxgbpxtk.reg
HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_kbuphpzuxy.reg
HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_nzhwlldvbq.reg
HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_dnfkefisny.reg
HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_zwrsrseznn.reg
HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_sxkecnkxab.reg
HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ozcxatdbmw.reg
HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_uxztiycron.reg
HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_mcnnwikcvd.reg
HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_vpwjznwwsg.reg
HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_edtzcvacfo.reg
HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ylmfiqymgj.reg
HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_hgyksfhpjv.reg
HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_dqjmoretnq.reg
HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_rluzeesnpd.reg
HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ydqhbxggbw.reg
HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ddirhyqkki.reg
HKLM\SOFTWARE\Classes\Interface\{0347B640-EC8E-4F40-AFAE-E4B4285C61BE}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_siibmnqsaz.reg
HKLM\SOFTWARE\Classes\Interface\{03FF7591-BAC2-4ECE-9B67-BB2AF2978B7D}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_rmxtkmanxr.reg
HKLM\SOFTWARE\Classes\Interface\{2234079B-E720-47A7-8BE7-0A18922192C9}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_gofrllwhag.reg
HKLM\SOFTWARE\Classes\Interface\{3A96CEBD-D968-4DC8-9ED9-9785E726C381}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_anhxwclwjq.reg
HKLM\SOFTWARE\Classes\Interface\{4A3639A7-C0B4-49C2-AF0C-D0403F67F2FC}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_uuqyiqxroe.reg
HKLM\SOFTWARE\Classes\Interface\{8682D1EB-07A1-4518-89C1-D9D9EEF47C06}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_oehxxrldzk.reg
HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_noidlartjr.reg
HKLM\SOFTWARE\Classes\TypeLib\{2105FE20-DEBD-4084-A306-61C5DA001CCA}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_dpctfxpvhe.reg
HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_opxgdrnevn.reg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ofvzesxigw.reg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_purvdypjig.reg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{83ef0bf4-eadc-49c7-9a1d-60cb20c84a6b}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_qnkesvjign.reg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a2b71355-d4ea-4400-bb1e-9caa0965a94f}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ctaictqpmz.reg
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_msnuftxfrz.reg
HKLM64\SOFTWARE\Classes\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_qeyxpltgio.reg
HKLM64\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_egtsjhubnb.reg
HKLM64\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_fzwdzrxzyq.reg
HKLM64\SOFTWARE\Classes\CLSID\{08ACFB57-8187-47F0-AF93-56360D03634A}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_xbkyzamqvj.reg
HKLM64\SOFTWARE\Classes\Interface\{B08006D8-1D22-458E-9370-F459542E5AF2}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_kqktdudber.reg
HKLM64\SOFTWARE\Classes\Interface\{B7298E57-3046-4F2A-B8C6-78CC8A60020C}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_svjexotyup.reg
HKLM64\SOFTWARE\Classes\Interface\{CB747D69-2EE7-40C0-BE35-BA6ED3EEA8A3}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_jzslsofrty.reg
HKLM64\SOFTWARE\Classes\Interface\{DB559C6A-03B9-4961-9BC3-80D769710C2D}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_qscdkaojpz.reg
HKLM64\SOFTWARE\Classes\Interface\{0347B640-EC8E-4F40-AFAE-E4B4285C61BE}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_mhlinykdfs.reg
HKLM64\SOFTWARE\Classes\Interface\{03FF7591-BAC2-4ECE-9B67-BB2AF2978B7D}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_efddmycrrj.reg
HKLM64\SOFTWARE\Classes\Interface\{2234079B-E720-47A7-8BE7-0A18922192C9}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ucrdpcrllm.reg
HKLM64\SOFTWARE\Classes\Interface\{3A96CEBD-D968-4DC8-9ED9-9785E726C381}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_gyzonesmig.reg
HKLM64\SOFTWARE\Classes\Interface\{4A3639A7-C0B4-49C2-AF0C-D0403F67F2FC}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_mrincsdavp.reg
HKLM64\SOFTWARE\Classes\Interface\{8682D1EB-07A1-4518-89C1-D9D9EEF47C06}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_wrktpduhpj.reg
HKCU\Software\DAILYPCCLEAN->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_tqmqohvwlw.reg
HKCU\Software\DriverRestore->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_hjoybkzhec.reg
HKCU\Software\eSupport.com->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_noyroyopvm.reg
HKCU\Software\GlobalUpdate->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ijeklzkcfx.reg
HKCU\Software\InstalledBrowserExtensions->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_fbnnliobxj.reg
HKCU\Software\Microsoft\Tinstalls->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_fsqaqltowz.reg
HKCU\Software\ShopperPro->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_lyriiutawb.reg
HKCU\Software\tstamptoken->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_xqrefdhfcj.reg
HKCU\Software\Tutorials->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_mjjqopomsv.reg
HKCU\Software\UpdaterEX->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_rijhfnbaax.reg
HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_nylvdtlozs.reg
HKCU\Software\AppDataLow\Software\SmartWeb->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_udhterhkqf.reg
HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_zudfitgksc.reg
HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_opcdqmvpxh.reg
HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_wcyfxoyjmc.reg
HKLM\SOFTWARE\GlobalUpdate->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_mwsgdlhzez.reg
HKLM\SOFTWARE\InstalledBrowserExtensions->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_irauscyfeg.reg
HKLM\SOFTWARE\navegaki->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_icqugmfika.reg
HKLM\SOFTWARE\NetTcpHandler->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_lhzgvvkmdq.reg
HKLM\SOFTWARE\NpApp->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ycndisflaw.reg
HKLM\SOFTWARE\NtSvcHandler->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_qvcmighvef.reg
HKLM\SOFTWARE\StrongSignal->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_cxqtynbrbt.reg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26453017-2C54-574B-7597-9EA6652686A6}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_wwuxlcxapa.reg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{78B72F2B-0468-A7AC-ECEE-02C79EC3EF0B}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_eybwbwmuvy.reg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_bjloqssgkp.reg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_dzwyofdpov.reg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_iygzdvjkzc.reg
HKLM64\SOFTWARE\InstalledBrowserExtensions->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ocqdvstmiu.reg
HKLM64\SOFTWARE\navegaki->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_jaesyxqkng.reg
HKLM64\SOFTWARE\WebBar->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_lkoeurxptc.reg
HKLM64\SOFTWARE\YTDownloader->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_zhyuauoewe.reg
HKU\.DEFAULT\Software\GlobalUpdate->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_tsuehzhffh.reg
HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_dyscpzludq.reg
HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_zznrpicuur.reg
HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ygiyfwdkem.reg
HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_pgspizqhhx.reg
HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_owotypteco.reg
HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_rtdqwclumf.reg
HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_fsxfkcddhu.reg
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_wisvkvzxnb.reg
HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_tinejejlxz.reg
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{2C25C692-2F38-4606-ABC9-B87CD279DA78}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ljbbzqagpi.reg
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4E5C1541-C81B-4F50-BA25-6D7A9EA6A839}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_utknnoqfgg.reg
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B8012021-02A3-46C1-A33A-1C2D3C86BD38}->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ymnvjvjlle.reg
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Itibiti.exe->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_dmqlafbkmn.reg
HKCU\Software\Microsoft\Windows\CurrentVersion\Run|YTDownloader->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_iccgqeoafm.reg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|YTDownloader->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_buywfguvst.reg
HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_fpjtddwiah.reg
HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_lcqpybsrma.reg
HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_ngsoicjjmk.reg
HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_spbyjhzbya.reg
HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1->C:\Program Files (x86)\AdwCleaner\RegistryQuarantine\reg_fpmibjsltw.reg
 


#4 buddy215

buddy215

  • Moderator
  • 13,101 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:41 PM

Posted 13 March 2016 - 06:28 AM

Edit your last post and delete the FRST log...it's old and not allowed in this forum.

 

Rerun MBAM and AdwCleaner scans. If either find anything, post the results.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users