Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Advanced-PC-Care


  • This topic is locked This topic is locked
18 replies to this topic

#1 neuropocalyptic

neuropocalyptic

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 17 December 2017 - 07:36 PM

Hello all,

 

I am concerned about my PC's performance. After boot up, which takes longer than 30 sec. to complete, my computer automatically loads a program called Driver Update and Advanced PC Care. While these two apps run, chromium also self executes. However, I have uninstalled it. Moments after all of these programs load, my computer often freezes, leaving only my mouse functioning. I cannot use, another application, task manager to kill any suspected applications that may be causing the freeze nor the ctrl, alt, delete combination to pull up task manager. I also noticed that bleeping computer has a removal manual for advanced-PC-Care, but I would rather have a seasoned software troubleshooter assist me. Please see the FRST results below.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by DEMARIUS (administrator) on BODINK (17-12-2017 18:19:33)
Running from F:\PC repair apps
Loaded Profiles: DEMARIUS (Available Profiles: DEMARIUS & Administrator)
Platform: Windows 10 Home Version 1703 15063.674 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe
Failed to access process -> chrome.exe
Failed to access process -> chrome.exe
Failed to access process -> chrome.exe
Failed to access process -> chrome.exe
Failed to access process -> chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1386712 2014-06-23] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [WebDiscoverBrowser] => C:\Program Files\WebDiscoverBrowser\3.15.2\browser.exe [918240 2017-05-01] () <==== ATTENTION
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-08] (AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [506680 2014-06-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1928776 2016-10-13] (APN)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\...\Run: [Chromium] => c:\users\demarius\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26221248 2016-10-25] (Slimware Utilities Holdings, Inc.)
HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [804352 2017-03-18] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4655d01d-baa6-4014-9219-579f43831a43}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pthmed_17_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0E0DtC0Bzzzz0ByByD0F0Dzy0AtCyBtN0D0Tzu0StBtDtByEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0AyB0ByDzz0EtBtGtDtA0FtDtG0CyDyEyBtGyEyDyByBtGyB0F0ByBtAyC0FtDyD0Ezyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyCyEyByCzy0C0AtG0EtD0C0EtGyE0B0CyEtGzztC0C0BtG0F0B0BtBzyzytBtA0DtB0DyD2QtN0A0LzutB%26cr%3D2093762273%26a%3Dwbf_pthmed_17_29%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pthmed_17_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0E0DtC0Bzzzz0ByByD0F0Dzy0AtCyBtN0D0Tzu0StBtDtByEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0AyB0ByDzz0EtBtGtDtA0FtDtG0CyDyEyBtGyEyDyByBtGyB0F0ByBtAyC0FtDyD0Ezyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyCyEyByCzy0C0AtG0EtD0C0EtGyE0B0CyEtGzztC0C0BtG0F0B0BtBzyzytBtA0DtB0DyD2QtN0A0LzutB%26cr%3D2093762273%26a%3Dwbf_pthmed_17_29%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pthmed_17_29&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0E0DtC0Bzzzz0ByByD0F0Dzy0AtCyBtN0D0Tzu0StBtDtByEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0AyB0ByDzz0EtBtGtDtA0FtDtG0CyDyEyBtGyEyDyByBtGyB0F0ByBtAyC0FtDyD0Ezyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyCyEyByCzy0C0AtG0EtD0C0EtGyE0B0CyEtGzztC0C0BtG0F0B0BtBzyzytBtA0DtB0DyD2QtN0A0LzutB%26cr%3D2093762273%26a%3Dwbf_pthmed_17_29%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pthmed_17_29&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0E0DtC0Bzzzz0ByByD0F0Dzy0AtCyBtN0D0Tzu0StBtDtByEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0AyB0ByDzz0EtBtGtDtA0FtDtG0CyDyEyBtGyEyDyByBtGyB0F0ByBtAyC0FtDyD0Ezyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyCyEyByCzy0C0AtG0EtD0C0EtGyE0B0CyEtGzztC0C0BtG0F0B0BtBzyzytBtA0DtB0DyD2QtN0A0LzutB%26cr%3D2093762273%26a%3Dwbf_pthmed_17_29%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pthmed_17_29&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0E0DtC0Bzzzz0ByByD0F0Dzy0AtCyBtN0D0Tzu0StBtDtByEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0AyB0ByDzz0EtBtGtDtA0FtDtG0CyDyEyBtGyEyDyByBtGyB0F0ByBtAyC0FtDyD0Ezyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyCyEyByCzy0C0AtG0EtD0C0EtGyE0B0CyEtGzztC0C0BtG0F0B0BtBzyzytBtA0DtB0DyD2QtN0A0LzutB%26cr%3D2093762273%26a%3Dwbf_pthmed_17_29%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pthmed_17_29&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0E0DtC0Bzzzz0ByByD0F0Dzy0AtCyBtN0D0Tzu0StBtDtByEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0AyB0ByDzz0EtBtGtDtA0FtDtG0CyDyEyBtGyEyDyByBtGyB0F0ByBtAyC0FtDyD0Ezyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyCyEyByCzy0C0AtG0EtD0C0EtGyE0B0CyEtGzztC0C0BtG0F0B0BtBzyzytBtA0DtB0DyD2QtN0A0LzutB%26cr%3D2093762273%26a%3Dwbf_pthmed_17_29%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pthmed_17_29&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0E0DtC0Bzzzz0ByByD0F0Dzy0AtCyBtN0D0Tzu0StBtDtByEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0AyB0ByDzz0EtBtGtDtA0FtDtG0CyDyEyBtGyEyDyByBtGyB0F0ByBtAyC0FtDyD0Ezyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyCyEyByCzy0C0AtG0EtD0C0EtGyE0B0CyEtGzztC0C0BtG0F0B0BtBzyzytBtA0DtB0DyD2QtN0A0LzutB%26cr%3D2093762273%26a%3Dwbf_pthmed_17_29%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0FD8D332-4E18-4149-AD5F-6663A97A2782} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001 -> {0FD8D332-4E18-4149-AD5F-6663A97A2782} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001 -> {2211d4a5-48d0-47f5-a7cd-81e861470f7f} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-06] (HP Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-06] (HP Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-12-13] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-12-13] (McAfee, Inc.)

Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2017-11-08]

FireFox:
========
FF DefaultProfile: q2d9oxlu.default
FF ProfilePath: C:\Users\DEMARIUS\AppData\Roaming\Mozilla\Firefox\Profiles\q2d9oxlu.default [2017-11-01]
FF Homepage: Mozilla\Firefox\Profiles\q2d9oxlu.default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_pthmed_17_29&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0E0DtC0Bzzzz0ByByD0F0Dzy0AtCyBtN0D0Tzu0StBtDtByEtN1L2XzutAtFtBzytFtCtDyEtFyDtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StB0AyB0ByDzz0EtBtGtDtA0FtDtG0CyDyEyBtGyEyDyByBtGyB0F0ByBtAyC0FtDyD0Ezyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyCyEyByCzy0C0AtG0EtD0C0EtGyE0B0CyEtGzztC0C0BtG0F0B0BtBzyzytBtA0DtB0DyD2QtN0A0LzutB%26cr%3D2093762273%26a%3Dwbf_pthmed_17_29%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20] [Legacy]
FF SearchPlugin: C:\Users\DEMARIUS\AppData\Roaming\Mozilla\Firefox\Profiles\q2d9oxlu.default\searchplugins\yahoo! powered.xml [2017-07-17]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-17]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin HKU\S-1-5-21-2910850633-2078348475-1510376315-1001: @citrixonline.com/appdetectorplugin -> C:\Users\DEMARIUS\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-05-22] (Citrix Online)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://privguard.online?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Mini World
CHR Profile: C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default [2017-11-08]
CHR Extension: (Slides) - C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-18]
CHR Extension: (Docs) - C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-03]
CHR Extension: (Yanoodle) - C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck [2017-07-17]
CHR Extension: (Flowerz) - C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmdnlfajgnafcfgnciahhimocfdijfg [2017-07-13]
CHR Extension: (YouTube) - C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-03]
CHR Extension: (ColorPop) - C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclpgofahfkfffkniabfejlebhnmnbln [2017-07-17]
CHR Extension: (Sheets) - C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-10-18]
CHR Extension: (Mini Search) - C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkeiddhanoeaneihnplkdhfanhoaepl [2017-07-17]
CHR Extension: (Google Docs Offline) - C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-03]
CHR Extension: (TemFind) - C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeiobmoekhlkaipobbanhpkepcoajggp [2017-06-09]
CHR Extension: (Search Guard) - C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiegnkkcenchkibkhndcfoeomcepegbo [2017-06-12]
CHR Extension: (Search Manager) - C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-30]
CHR Extension: (Gmail) - C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-03]
CHR Extension: (Chrome Media Router) - C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-18]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [201800 2016-11-09] (APN LLC.)
S2 AppApcVerifier; C:\ProgramData\AppApcVerifier\AppVerifierapc.exe [47104 2016-06-30] (AppApcVerifier) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-11-08] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-08] (AVAST Software)
S2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [145888 2017-07-05] (Byte Technologies LLC)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [475960 2014-06-19] (Hewlett-Packard Development Company, L.P.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2017-12-13] (McAfee, Inc.)
S2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-06-23] (Realtek Semiconductor)
S2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920 2017-08-22] ()
S2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [252096 2016-10-25] (SlimWare Utilities, Inc.)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [321032 2017-10-11] (AVAST Software s.r.o.)
S0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [198976 2017-10-11] (AVAST Software s.r.o.)
S0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [343288 2017-10-11] (AVAST Software s.r.o.)
S0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [57736 2017-10-11] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [47008 2017-10-11] (AVAST Software)
S2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [147776 2017-10-11] (AVAST Software)
S1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [110376 2017-10-11] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [84416 2017-10-11] (AVAST Software)
S1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1029872 2017-11-01] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [587168 2017-10-11] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [201352 2017-10-11] (AVAST Software)
S0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [363440 2017-10-11] (AVAST Software)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
S1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [294104 2014-04-30] (Realtek Semiconductor Corp.)
S3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2017-12-17] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-17 18:19 - 2017-12-17 18:19 - 000000000 ____D C:\FRST
2017-12-17 17:45 - 2017-12-17 18:19 - 007189760 _____ (VS Revo Group ) C:\Users\DEMARIUS\Desktop\revosetup.exe
2017-12-17 17:45 - 2017-12-17 17:45 - 000001086 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-12-17 17:45 - 2017-12-17 17:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-12-17 17:43 - 2017-12-17 17:43 - 000000276 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{53934B40-49C2-4842-8E2A-4247FFC0BA1F}.job
2017-12-17 17:39 - 2017-12-17 17:39 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-17 17:04 - 2017-12-17 17:04 - 000000000 ___HD C:\OneDriveTemp
2017-12-17 16:52 - 2017-12-17 16:52 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2017-12-17 16:51 - 2017-12-17 16:51 - 000000000 ____D C:\Program Files\Common Files\avast software
2017-11-23 08:17 - 2017-11-23 08:17 - 007649280 _____ C:\Program Files (x86)\GUTA043.tmp
2017-11-23 08:17 - 2017-11-23 08:17 - 000000000 ____D C:\Program Files (x86)\GUM9FD5.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-17 18:01 - 2017-07-17 10:21 - 000000000 ____D C:\Users\DEMARIUS\AppData\Local\chromium
2017-12-17 18:01 - 2017-05-20 13:32 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-17 17:45 - 2017-06-03 13:58 - 000000000 ____D C:\Program Files\VS Revo Group
2017-12-17 17:43 - 2017-05-20 13:36 - 000006910 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-17 17:41 - 2017-07-17 10:13 - 000000000 ____D C:\Users\DEMARIUS\AppData\Local\{C4BDF2E1-E015-9E59-8D8D-BBB1A9E54729}
2017-12-17 17:38 - 2017-03-18 06:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-12-17 17:37 - 2017-05-20 13:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-17 17:36 - 2017-07-18 23:53 - 000000438 _____ C:\WINDOWS\Tasks\DriverUpdate Startup.job
2017-12-17 17:28 - 2017-07-29 04:08 - 000129192 _____ C:\appverifier.txt
2017-12-17 17:16 - 2017-03-18 15:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-17 17:16 - 2015-04-19 09:01 - 000000000 __RDO C:\Users\DEMARIUS\OneDrive
2017-12-17 17:15 - 2017-07-18 23:53 - 000013920 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
2017-12-17 17:14 - 2017-05-20 13:35 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-12-17 17:14 - 2015-03-07 14:04 - 000000000 __SHD C:\Users\DEMARIUS\IntelGraphicsProfiles
2017-12-17 17:10 - 2017-10-18 10:46 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-12-17 17:05 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-17 17:04 - 2017-07-25 18:27 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2910850633-2078348475-1510376315-1001
2017-12-17 17:04 - 2015-11-22 11:43 - 000002383 _____ C:\Users\DEMARIUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-17 16:54 - 2015-08-16 08:56 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-12-17 16:48 - 2017-06-03 14:34 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-17 16:48 - 2017-06-03 14:34 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-17 16:47 - 2017-07-18 14:38 - 000004650 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-17 16:47 - 2017-07-18 14:38 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-12-17 16:46 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-17 16:46 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-15 20:45 - 2017-07-17 10:38 - 000004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-11-23 08:21 - 2017-06-03 14:33 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-23 08:21 - 2017-06-03 14:33 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2017-11-23 08:17 - 2017-11-23 08:17 - 007649280 _____ () C:\Program Files (x86)\GUTA043.tmp

Files to move or delete:
====================
C:\Program Files\WebDiscoverBrowser\3.15.2\browser.exe


Some files in TEMP:
====================
2017-06-15 23:43 - 2016-12-07 12:21 - 000619656 _____ (HP Inc.) C:\Users\DEMARIUS\AppData\Local\Temp\HPSFUpdater.exe
2015-06-04 05:45 - 2015-06-04 05:45 - 000119312 _____ (McAfee, Inc.) C:\Users\DEMARIUS\AppData\Local\Temp\McCSPInstall.dll
2017-06-03 14:05 - 2015-06-04 05:45 - 000161528 _____ (McAfee Inc.) C:\Users\DEMARIUS\AppData\Local\Temp\mccspuninstall.exe
2017-10-27 17:40 - 2017-10-27 17:40 - 002172416 _____ (Opera Software) C:\Users\DEMARIUS\AppData\Local\Temp\Opera_installer_201710274056855.dll
2017-11-12 19:02 - 2017-11-12 19:04 - 002172416 _____ (Opera Software) C:\Users\DEMARIUS\AppData\Local\Temp\Opera_installer_2017111301249.dll
2017-07-18 23:53 - 2017-07-18 23:53 - 000225472 _____ (SlimWare Utilities, Inc.) C:\Users\DEMARIUS\AppData\Local\Temp\scpD247.tmp.exe
2017-06-15 23:47 - 2016-12-07 02:29 - 000167456 _____ (HP Inc.) C:\Users\DEMARIUS\AppData\Local\Temp\UninstallHPSA.exe
2017-08-03 13:13 - 2017-08-03 13:22 - 014151784 _____ (Google Inc.) C:\Users\DEMARIUS\AppData\Local\Temp\{C6B5375C-1776-4C7E-980E-C1C4F3480ED3}-60.0.3112.90_59.0.3071.115_chrome_updater.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-01 14:11

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by DEMARIUS (17-12-2017 18:21:50)
Running from F:\PC repair apps
Windows 10 Home Version 1703 15063.674 (X64) (2017-05-20 19:04:15)
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2910850633-2078348475-1510376315-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2910850633-2078348475-1510376315-503 - Limited - Disabled)
DEMARIUS (S-1-5-21-2910850633-2078348475-1510376315-1001 - Administrator - Enabled) => C:\Users\DEMARIUS
Guest (S-1-5-21-2910850633-2078348475-1510376315-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2910850633-2078348475-1510376315-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (HKLM-x32\...\WTA-c0a569bb-b3cd-4dad-b90f-3ce52e77fb6e) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Advanced-PC-Care (HKLM\...\B7A64AC7-B828-4D74-98B2-097AFA836948_is1) (Version: 1.0.0.21086 - advancedpccare.net) <==== ATTENTION
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-c9d0c901-3f01-4817-b9b5-7ad67404f29b) (Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-c7a9617b-65f9-4131-ad46-a27b01abba3a) (Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-e5db08fa-7397-4aef-91da-a9e098261f33) (Version: 3.0.2.59 - WildTangent) Hidden
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.50.52.1661 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot Mysteries (HKLM-x32\...\WTA-15769fcf-0235-4236-8711-7ccbd285d1bb) (Version: 3.0.2.51 - WildTangent) Hidden
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.12.0.9 - Byte Technologies LLC) <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Curse at Twilight (HKLM-x32\...\WTA-f07ba89e-116a-4814-ab3d-222d707c06d1) (Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.1.5406 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.1.5406 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3024 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3024 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-18ca39fa-1fa9-44a5-b47a-dd0184da6f80) (Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DriverUpdate (HKLM-x32\...\{53C9EBD2-F3F7-49BB-BDB4-147D3A4D5E6D}) (Version: 2.7.10 - Slimware Utilities Holdings, Inc.) Hidden
DriverUpdate (HKLM-x32\...\DriverUpdate) (Version: 2.7.10 - Slimware Utilities Holdings, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (HKLM-x32\...\WTA-a3414199-2ef9-4f76-8d56-e41de750de67) (Version: 3.0.2.59 - WildTangent) Hidden
Farmington Tales 2 - Winter Crop (HKLM-x32\...\WTA-9f255ec4-a389-46cc-b8a6-b37e898adab0) (Version: 3.0.2.59 - WildTangent) Hidden
Fishdom 3: Collector's Edition (HKLM-x32\...\WTA-5092bc98-53fa-406d-8f5f-8567495036a8) (Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (HKLM-x32\...\WTA-06d38e24-4f04-4a65-911d-f25246abcf85) (Version: 3.0.2.51 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-0fe2d5e8-1181-4c7f-a7c2-ed993f6388d3) (Version: 3.0.2.59 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{90CE78B2-4F84-4BE8-B55C-ED85759C8445}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{4780AF24-213D-4187-86F2-0014A6D6077B}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{00612F78-52C4-46C0-97F0-F50B6036B5E2}) (Version: 12.8.37.11 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{E20B0C89-ACCF-4EBB-909D-2E5BD4A9C024}) (Version: 1.1.11 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{E8F2076D-1885-4A0F-83D8-77B1F9D384CE}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.24.1790 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-6e846014-963d-4803-aece-65cd56831e6d) (Version: 3.0.2.59 - WildTangent) Hidden
Joining Hands 2 (HKLM-x32\...\WTA-569afa72-64b2-4bd5-9f70-e2ed52ec5918) (Version: 3.0.2.51 - WildTangent) Hidden
Jo's Dream Organic Coffee 2 (HKLM-x32\...\WTA-bee6a940-a365-4a6e-9d97-9b2c3669c677) (Version: 3.0.2.59 - WildTangent) Hidden
Lost in Reefs 2 (HKLM-x32\...\WTA-b0efa44e-64cd-4cb8-ae48-25e2e03a4b94) (Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (HKLM-x32\...\WTA-6fa458a0-5f8b-44c1-902a-614b162ac832) (Version: 2.2.0.98 - WildTangent) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.148 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4971.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-6d6b09e4-4dff-46f4-a544-dcce50a3f5a3) (Version: 3.0.2.59 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4971.1002 - Microsoft Corporation) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.7.1001 - ooVoo LLC.)
ooVoo Teoma Search App (HKLM-x32\...\{4F564F2D-5447-006A-76A7-A758B70C2D01}) (Version: 12.45.1.1172 - APN, LLC)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Opera Stable 48.0.2685.52 (HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\...\Opera 48.0.2685.52) (Version: 48.0.2685.52 - Opera Software)
Peggle Nights (HKLM-x32\...\WTA-e262bd0d-adcb-46f5-8131-5072ccd9e8ea) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-c5967c19-2c58-47f0-a1e1-d5696e10e6b8) (Version: 3.0.2.59 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-a319c53c-fcb8-4d60-95c1-645f0c880e02) (Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-3c4cddb1-7552-47bd-adf1-f3e07f53a8d5) (Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29080 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7272 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.33 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.0.4 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.4 - VS Revo Group, Ltd.)
Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
Roads of Rome 3 (HKLM-x32\...\WTA-e7b41e38-b886-4a93-a464-ae57fa2b9e80) (Version: 2.2.0.98 - WildTangent) Hidden
SlimCleaner Plus (HKLM\...\{ABA29C63-B22D-45F8-BA20-7C8EF17B5E62}) (Version: 2.5.10 - Slimware Utilities Holdings, Inc.) Hidden
SlimCleaner Plus (HKLM\...\SlimCleaner Plus) (Version: 2.5.10 - Slimware Utilities Holdings, Inc.)
Solitaire Mystery Four Seasons (HKLM-x32\...\WTA-cc8de91d-55d4-488e-88c1-2606630c96a9) (Version: 3.0.2.51 - WildTangent) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Viking Saga (HKLM-x32\...\WTA-74d55b32-9f03-4a78-a212-464e297f3d26) (Version: 3.0.2.48 - WildTangent) Hidden
WebDiscover Browser 3.15.2 (HKLM\...\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1) (Version: 3.15.2 - WebDiscover Media) <==== ATTENTION
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.9 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Youda Jewel Shop (HKLM-x32\...\WTA-46e5933a-c421-476f-9846-1290d988c47a) (Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-08] (AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-08] (AVAST Software)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-04-16] (Cyberlink)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2014-05-13] (Foxit Corporation)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-04-16] (Cyberlink)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-08] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-11-01] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-08] (AVAST Software)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {014A819E-EAC0-403E-B944-7135F664AF10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {066EF8E5-D989-4788-A614-6331099D46C6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {153020B6-DB92-446D-B5C6-F55AE3A1DBC0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1B4E87D6-8850-461F-A696-E1F67D7540EA} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-10-11] (AVAST Software)
Task: {21317B43-3F28-4F03-9F45-96B71C07B5E9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-17] (Adobe Systems Incorporated)
Task: {2D12EC5E-E75F-4CFF-9424-55EE8F08F77C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2D64A77F-8AFB-49EB-9303-C3C0D6125D49} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2F37CFB4-EBA1-425E-B928-534EF0761512} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {339D3B43-4DB6-4DF8-A6C7-4B196C57F603} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {39461DF3-176A-45BF-AEF8-B4B9724480CB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {39DBFD1C-0752-42FB-854D-ECB6DF4713CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-03] (Google Inc.)
Task: {3EFDB0C8-57A1-4BF7-BA07-4700EB6F7C7B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {49F64B50-B8D8-4F45-9005-3895FB9FA023} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-03] (Google Inc.)
Task: {6366CAAD-F4A8-462F-AA7B-A5E89D34AF10} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - DEMARIUS) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2016-10-25] (Slimware Utilities Holdings, Inc.)
Task: {688CDBA4-21C9-4F05-A3A7-4CE432A9F62C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6B61CC7E-04AF-4AC7-8346-0CFAA165D9A7} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2017-05-19] (SlimWare Utilities, Inc.)
Task: {7A4FD6F4-EC61-4CDD-903B-C92BED1FBD43} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {86243FFB-7532-45BA-96C7-A3A1370268E0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-09-05] (Microsoft Corporation)
Task: {8A1004C6-FB57-420D-885E-BAFACC20CF41} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {90E6822A-6E3B-4791-A782-C5D2BC2C6FC8} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-07-05] (Byte Technologies LLC) <==== ATTENTION
Task: {9A8D3A67-9CAD-45A3-90F4-90DB9FCA1EEE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {A3212480-AF45-4201-9A41-59655F7A98AD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A34DD2C7-FF1A-48D7-BE6D-127E13E585CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {A85AC00E-1C43-4542-ABFF-EE9551FC751E} - System32\Tasks\Opera scheduled Autoupdate 1508341629 => C:\Users\DEMARIUS\AppData\Local\Programs\Opera\launcher.exe [2017-10-24] (Opera Software)
Task: {AB719D36-44C6-419B-A399-B18B4E644FAA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {ABC369B7-8F09-42C7-8584-AF69394D3DF1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {AD55429B-720F-43B6-ACEE-87B4442E0368} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {ADFD0B0A-6332-4835-8C27-3950629F817A} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-12-06] (HP Inc.)
Task: {AE44BC50-CBD2-41A8-9605-E41563E8A371} - \WPD\SqmUpload_S-1-5-21-2910850633-2078348475-1510376315-1001 -> No File <==== ATTENTION
Task: {B511D02C-9CDD-4027-8683-5CE07717D5AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-09-25] (HP Inc.)
Task: {B5431500-67D1-4CF2-A050-933A92BAA354} - System32\Tasks\WebDiscover Browser Launch Task => C:\Program Files\WebDiscoverBrowser\3.15.2\browser.exe [2017-05-01] () <==== ATTENTION
Task: {C5A2EAF1-76A2-4646-9702-50EAA1BEF62E} - \Advanced-PC-Care_Logon -> No File <==== ATTENTION
Task: {C6B2F64B-702F-4C12-B91B-11481BF135EC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D034DFD2-1D85-48B1-B5B7-B5FD231BF646} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\avast software\overseer\overseer.exe [2017-12-17] (AVAST Software)
Task: {DF5A49F5-201E-492F-A66D-4E595ACBE14A} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-07-05] (Byte Technologies LLC) <==== ATTENTION
Task: {E347DC29-6BD0-46C3-9023-D81193B77A6A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-17] (Adobe Systems Incorporated)
Task: {F9995287-6BE2-4981-BDB5-844B0B4920AD} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2017-05-19] (SlimWare Utilities, Inc.)
Task: {F9FA0D13-3419-4F4C-9D47-59D231598AAD} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.)
Task: {FC90D799-75C4-4D43-991B-BFF8921E0E95} - System32\Tasks\WebDiscover Browser Update Task => C:\Program Files\WebDiscoverBrowser\3.15.2\browser.exe [2017-05-01] () <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - DEMARIUS).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{53934B40-49C2-4842-8E2A-4247FFC0BA1F}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\DEMARIUS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\facebook.lnk -> C:\Users\DEMARIUS\AppData\Local\Programs\Opera\launcher.exe (Opera Software) -> www.facebook.com
ShortcutWithArgument: C:\Users\Public\Desktop\Get Dropbox Offer.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=en_us&pf=cnnb&s=db_dticon&tp=dropbox

==================== Loaded Modules (Whitelisted) ==============

2017-03-23 17:45 - 2017-01-31 07:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 15:59 - 2017-03-18 21:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2017-12-17 17:36 - 000002103 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\DEMARIUS\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "OPBHOBrokerDesktop"
HKLM\...\StartupApproved\Run: => "SynTPEnh"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{84C7BF35-0A66-4BFA-82B5-7CD8FDCB7C18}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{62E2DC75-D6FF-4259-B6A5-2DB73F16D7B3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9373D7D4-9EFF-4D39-99E0-D7EBDE049495}] => (Allow) C:\Users\DEMARIUS\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{490F9E1E-BC1F-4E88-B9BC-A6882F653E68}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{D6D6EBEA-5E0A-4195-A6AD-68DFAC046A78}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{6F289AD8-1A6B-4949-B68C-A369AA91635B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{DFB7BCFE-F56F-4017-9020-BD8BF18C0DFA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{B364BCD1-C80D-4C88-9D64-68ED1B59B9ED}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{32D508EA-9509-4644-9E45-7AC93F4FB552}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{1B9D724F-2F98-43C1-A07F-EC8F7BD55805}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{310011C0-B3D8-4C14-A92E-51FD4425BF93}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{3A1616DC-0289-46B4-BB99-FE8E90CB89FF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{D93DB421-C925-4C7F-878B-8220CA94328C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{39D13C3C-0889-40FE-8ED6-87F8A002D815}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7EB4A840-8FC3-4443-A7F0-793987BB8184}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2D017CEF-93F4-4CF8-88A3-95A1D0E48038}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8B65BF72-035B-4336-872B-7D9EAC11CCCE}] => (Allow) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
FirewallRules: [{14179610-1ACA-4F01-BEBD-15841B551589}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{049FDB7F-ACB1-4B76-B387-0E2A76EAF449}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2FDAECA0-5E14-43BD-A765-A1D3F8B7D1E2}] => (Allow) C:\Users\DEMARIUS\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{1CEF8A4E-5399-4EDA-BD58-39F9EFF9A52E}] => (Allow) C:\Users\DEMARIUS\AppData\Local\Programs\Opera\48.0.2685.50\opera.exe
FirewallRules: [{7880406F-3B5C-4065-9659-400F947857CD}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{BB714B8F-1313-49A7-84EA-D2837AE85D09}] => (Allow) C:\Users\DEMARIUS\AppData\Local\Programs\Opera\48.0.2685.52\opera.exe
FirewallRules: [{284B60BE-F306-4724-A728-851572BD99EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

17-10-2017 22:32:27 Windows Update
25-10-2017 01:44:55 Scheduled Checkpoint
02-11-2017 14:33:09 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/17/2017 05:14:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BODINK)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/17/2017 05:00:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BODINK)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/17/2017 04:51:56 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/23/2017 08:18:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BODINK)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/12/2017 05:55:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BODINK)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/12/2017 05:44:59 PM) (Source: HP Active Health) (EventID: 88) (User: )
Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it

Error: (11/12/2017 05:44:59 PM) (Source: HP Active Health) (EventID: 88) (User: )
Description: -- SECURITY WARNING -- ActiveHealthState.ini has been tampered with, resetting it

Error: (11/12/2017 05:44:59 PM) (Source: HP Active Health) (EventID: 80) (User: )
Description: -- SECURITY WARNING -- Unable to deserialize super secret file hashes. Will assume evil is afoot - all Validate() calls will return DOESNT_MATCH
   at HP.ActiveHealth.Commons.Security.HashStore.LoadHashesFromFile()

Error: (11/12/2017 05:42:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BODINK)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/12/2017 05:42:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: apc.exe, version: 0.0.0.0, time stamp: 0x5874b312
Faulting module name: KERNELBASE.dll, version: 6.2.15063.674, time stamp: 0x93d2100b
Exception code: 0xe0434f4d
Fault offset: 0x0000000000069e08
Faulting process id: 0x%9
Faulting application start time: 0xapc.exe0
Faulting application path: apc.exe1
Faulting module path: apc.exe2
Report Id: apc.exe3
Faulting package full name: apc.exe4
Faulting package-relative application ID: apc.exe5


System errors:
=============
Error: (12/17/2017 06:22:25 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/17/2017 06:22:20 PM) (Source: DCOM) (EventID: 10005) (User: BODINK)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/17/2017 06:20:03 PM) (Source: DCOM) (EventID: 10005) (User: BODINK)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/17/2017 06:19:39 PM) (Source: DCOM) (EventID: 10005) (User: BODINK)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/17/2017 06:19:07 PM) (Source: DCOM) (EventID: 10005) (User: BODINK)
Description: DCOM got error "1084" attempting to start the service lfsvc with arguments "Unavailable" in order to run the server:
{08D9DFDF-C6F7-404A-A20F-66EEC0A609CD}

Error: (12/17/2017 06:19:04 PM) (Source: DCOM) (EventID: 10005) (User: BODINK)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/17/2017 06:17:53 PM) (Source: DCOM) (EventID: 10005) (User: BODINK)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/17/2017 06:16:51 PM) (Source: DCOM) (EventID: 10005) (User: BODINK)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/17/2017 06:16:44 PM) (Source: DCOM) (EventID: 10005) (User: BODINK)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/17/2017 06:16:44 PM) (Source: DCOM) (EventID: 10005) (User: BODINK)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


CodeIntegrity:
===================================
  Date: 2017-12-17 17:12:15.907
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-17 17:12:15.904
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-17 16:54:31.649
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-12-17 16:54:31.646
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-12 17:56:58.015
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-12 17:56:58.012
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-12 17:42:22.340
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-12 17:42:22.338
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-08 13:06:19.676
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-11-08 13:06:19.673
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 16%
Total physical RAM: 6075.84 MB
Available physical RAM: 5047.64 MB
Total Virtual: 11707.84 MB
Available Virtual: 10832.98 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:673.74 GB) (Free:607.14 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:23.03 GB) (Free:2.55 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HBCD 15_2) (Removable) (Total:1.88 GB) (Free:0.9 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 0254E1A1)

Partition: GPT.

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 002067E6)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0C)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:48 AM

Posted 18 December 2017 - 09:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


:step1: Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2: Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

:step3: Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs for my review.

Let me know what problems persists.
==============================

#3 neuropocalyptic

neuropocalyptic
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 23 December 2017 - 12:23 PM

I did not expect to be replied to so promptly. I will get back to this post Sunday night since I am out of state at this time. I will be sure to follow up. Thank you for replying. 



#4 neuropocalyptic

neuropocalyptic
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 26 December 2017 - 08:34 PM

After a lot of trouble and ,I was able to post all scans requested. However, I am still having a lot of trouble with my PC. Boot up time takes very long, I cannot open applications in normal mode, and when I attempt to, my PC hangs. I can only use the PC in safe mode, and it is how I was able to complete the scans needed. For a minute I got trapped in Diagnostic mode, but luckily I was able to get out and restart in safe mode. Here are the scans need to help fix my PC. I really hope we can get it back in good health. I will be needing it during the winter session at my college. I am also posting both FRST files as attachments because it wont load as copy and paste. I get a reply saying my post is too long.  All help is highly appreciated. Thank you so much in advance. 

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 12/26/17
Scan Time: 3:17 PM
Log File: c9d52430-ea79-11e7-aab1-5065f30c92f7.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3564
License: Trial
 
-System Information-
OS: Windows 10 (Build 15063.674)
CPU: x64
File System: NTFS
User: BODINK\DEMARIUS
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325294
Threats Detected: 852
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 12 min, 25 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 71
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WebDiscover Browser Launch Task, No Action By User, [8076], [255155],1.0.3564
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B5431500-67D1-4CF2-A050-933A92BAA354}, No Action By User, [8076], [255155],1.0.3564
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{B5431500-67D1-4CF2-A050-933A92BAA354}, No Action By User, [8076], [255155],1.0.3564
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WebDiscover Browser Update Task, No Action By User, [8076], [255155],1.0.3564
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FC90D799-75C4-4D43-991B-BFF8921E0E95}, No Action By User, [8076], [255155],1.0.3564
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{FC90D799-75C4-4D43-991B-BFF8921E0E95}, No Action By User, [8076], [255155],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DRIVERUPDATE SCAN, No Action By User, [1332], [331466],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6B61CC7E-04AF-4AC7-8346-0CFAA165D9A7}, No Action By User, [1332], [331466],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{6B61CC7E-04AF-4AC7-8346-0CFAA165D9A7}, No Action By User, [1332], [331466],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DRIVERUPDATE STARTUP, No Action By User, [1332], [335439],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F9995287-6BE2-4981-BDB5-844B0B4920AD}, No Action By User, [1332], [335439],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{F9995287-6BE2-4981-BDB5-844B0B4920AD}, No Action By User, [1332], [335439],1.0.3564
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\CLASSES\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{95F57E4A-1FFA-4814-9AEC-34D22DF3D8FA}, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\CLASSES\TYPELIB\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.SlimCleanerPlus, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SlimService, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SlimCleaner Plus (Scheduled Scan - DEMARIUS), No Action By User, [1006], [334098],1.0.3564
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6366CAAD-F4A8-462F-AA7B-A5E89D34AF10}, No Action By User, [1006], [334098],1.0.3564
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{6366CAAD-F4A8-462F-AA7B-A5E89D34AF10}, No Action By User, [1006], [334098],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DriverUpdate, No Action By User, [1332], [331449],1.0.3564
PUP.Optional.Webbar, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1, No Action By User, [945], [348279],1.0.3564
PUP.Optional.AdvancedPCCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppApcVerifier, No Action By User, [53], [401104],1.0.3564
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, No Action By User, [485], [443378],1.0.3564
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ByteFence, No Action By User, [586], [388721],1.0.3564
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DF5A49F5-201E-492F-A66D-4E595ACBE14A}, No Action By User, [586], [388721],1.0.3564
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{DF5A49F5-201E-492F-A66D-4E595ACBE14A}, No Action By User, [586], [388721],1.0.3564
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ByteFence Scan, No Action By User, [586], [388721],1.0.3564
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{90E6822A-6E3B-4791-A782-C5D2BC2C6FC8}, No Action By User, [586], [388721],1.0.3564
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{90E6822A-6E3B-4791-A782-C5D2BC2C6FC8}, No Action By User, [586], [388721],1.0.3564
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, No Action By User, [8822], [186876],1.0.3564
PUP.Optional.AdvancedPCCare, HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\SOFTWARE\advancedpccare.net, No Action By User, [53], [251335],1.0.3564
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\SOFTWARE\AskPartnerNetwork, No Action By User, [8822], [186876],1.0.3564
PUP.Optional.InstallCore, HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\SOFTWARE\csastats, No Action By User, [2], [260986],1.0.3564
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\SOFTWARE\WebDiscoverBrowser, No Action By User, [8076], [253912],1.0.3564
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\AskPartnerNetwork, No Action By User, [8822], [186877],1.0.3564
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WOW6432NODE\WebDiscoverBrowser, No Action By User, [8076], [253915],1.0.3564
PUP.Optional.WinYahoo, HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, [58], [182758],1.0.3564
PUP.Optional.WinYahoo, HKU\S-1-5-21-2910850633-2078348475-1510376315-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, [58], [182758],1.0.3564
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, No Action By User, [58], [182758],1.0.3564
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, No Action By User, [58], [182758],1.0.3564
PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\advancedpccare.net, No Action By User, [53], [251336],1.0.3564
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, No Action By User, [8076], [253915],1.0.3564
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, No Action By User, [485], [260991],1.0.3564
PUP.Optional.SearchManager, HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, No Action By User, [485], [260991],1.0.3564
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, No Action By User, [485], [260991],1.0.3564
PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F564F2D-5447-006A-76A7-A758B70C2D01}, No Action By User, [11485], [245530],1.0.3564
PUP.Optional.ProductSetup, HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\SOFTWARE\PRODUCTSETUP, No Action By User, [13015], [242047],1.0.3564
PUP.Optional.AdvancedPCCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\AppApcVerifier, No Action By User, [53], [401119],1.0.3564
PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C5A2EAF1-76A2-4646-9702-50EAA1BEF62E}, No Action By User, [53], [316541],1.0.3564
PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RTOP, No Action By User, [586], [390139],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\SlimWare Utilities, Inc.\DriverApp, No Action By User, [1332], [341522],1.0.3564
PUP.Optional.APNToolBar.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\APNMCP, No Action By User, [8822], [186879],1.0.3564
PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ByteFenceService, No Action By User, [586], [388726],1.0.3564
PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{C5A2EAF1-76A2-4646-9702-50EAA1BEF62E}, No Action By User, [53], [316543],1.0.3564
PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Advanced-PC-Care_Logon, No Action By User, [53], [316543],1.0.3564
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{ABA29C63-B22D-45F8-BA20-7C8EF17B5E62}, No Action By User, [1006], [335437],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{6DC6EE87-F3BB-40EB-BCEE-12F7D6E3EEDF}, No Action By User, [1332], [335836],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{959D527D-6C27-4879-A644-065526D6969C}, No Action By User, [1332], [335833],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}, No Action By User, [1332], [335820],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}, No Action By User, [1332], [335820],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\APPID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}, No Action By User, [1332], [335820],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\CLSID\{BAF87BD0-A924-4108-AFA5-A5FA720A2E86}, No Action By User, [1332], [335831],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\APPID\{1BD47D21-01F4-4538-9290-39FD569A0F24}, No Action By User, [1332], [335822],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{1BD47D21-01F4-4538-9290-39FD569A0F24}, No Action By User, [1332], [335822],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{1BD47D21-01F4-4538-9290-39FD569A0F24}, No Action By User, [1332], [335822],1.0.3564
PUP.Optional.ByteFence, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ByteFence, No Action By User, [586], [389016],1.0.3564
 
Registry Value: 19
PUP.Optional.Webbar, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WebDiscoverBrowser, No Action By User, [945], [348279],1.0.3564
PUP.Optional.NotChromeRun, HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CHROMIUM, No Action By User, [1327], [391151],1.0.3564
PUP.Optional.SlimCleanerPlus, HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SLIMCLEANER PLUS, No Action By User, [1006], [452419],1.0.3564
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, No Action By User, [58], [182758],1.0.3564
PUP.Optional.ASK.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4F564F2D-5447-006A-76A7-A758B70C2D01}|INSTALLSOURCE, No Action By User, [11485], [245530],1.0.3564
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6366CAAD-F4A8-462F-AA7B-A5E89D34AF10}|PATH, No Action By User, [1006], [334102],1.0.3564
PUP.Optional.ProductSetup, HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\SOFTWARE\PRODUCTSETUP|TB, No Action By User, [13015], [242047],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6B61CC7E-04AF-4AC7-8346-0CFAA165D9A7}|PATH, No Action By User, [1332], [335435],1.0.3564
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{90E6822A-6E3B-4791-A782-C5D2BC2C6FC8}|PATH, No Action By User, [586], [389376],1.0.3564
PUP.Optional.APNToolBar.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|APNTBMON, No Action By User, [8822], [186878],1.0.3564
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{B5431500-67D1-4CF2-A050-933A92BAA354}|PATH, No Action By User, [8076], [184039],1.0.3564
PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C5A2EAF1-76A2-4646-9702-50EAA1BEF62E}|PATH, No Action By User, [53], [316541],1.0.3564
PUP.Optional.ByteFence, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RTOP|IMAGEPATH, No Action By User, [586], [390139],1.0.3564
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DF5A49F5-201E-492F-A66D-4E595ACBE14A}|PATH, No Action By User, [586], [389376],1.0.3564
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{FD13F4A2-B0D8-4CAD-9CCF-D4128EAF25FF}_IS1|DISPLAYNAME, No Action By User, [8076], [253914],1.0.3564
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F9995287-6BE2-4981-BDB5-844B0B4920AD}|PATH, No Action By User, [1332], [335436],1.0.3564
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FC90D799-75C4-4D43-991B-BFF8921E0E95}|PATH, No Action By User, [8076], [184039],1.0.3564
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, No Action By User, [58], [182758],1.0.3564
PUP.Optional.SlimCleanerPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{ABA29C63-B22D-45F8-BA20-7C8EF17B5E62}|DISPLAYNAME, No Action By User, [1006], [335437],1.0.3564
 
Registry Data: 3
PUP.Optional.WinYahoo, HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, No Action By User, [58], [293459],1.0.3564
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, No Action By User, [58], [293461],1.0.3564
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, No Action By User, [58], [293461],1.0.3564
 
Data Stream: 0
(No malicious items detected)
 
Folder: 154
PUP.Optional.APNToolBar.Gen, C:\PROGRAMDATA\APN\APN-STUB, No Action By User, [8822], [175062],1.0.3564
PUP.Optional.SlimCleanerPlus, C:\PROGRAM FILES\SLIMSERVICE, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.AdvancedPCCare, C:\ProgramData\advancedpccare.net\Advanced-PC-Care\offers, No Action By User, [53], [181071],1.0.3564
PUP.Optional.AdvancedPCCare, C:\ProgramData\advancedpccare.net\Advanced-PC-Care, No Action By User, [53], [181071],1.0.3564
PUP.Optional.AdvancedPCCare, C:\PROGRAMDATA\advancedpccare.net, No Action By User, [53], [181071],1.0.3564
PUP.Optional.AdvancedPCCare, C:\Users\DEMARIUS\AppData\Roaming\Advancedpccare.net\Advanced-PC-Care\smico, No Action By User, [53], [181071],1.0.3564
PUP.Optional.AdvancedPCCare, C:\Users\DEMARIUS\AppData\Roaming\Advancedpccare.net\Advanced-PC-Care, No Action By User, [53], [181071],1.0.3564
PUP.Optional.AdvancedPCCare, C:\USERS\DEMARIUS\APPDATA\ROAMING\Advancedpccare.net, No Action By User, [53], [181071],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\player.hulu.com\site\302997\playerwrapper.swf\#com.comscore..swf\[[DYNAMIC]], No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\player.hulu.com\site\302888\playerwrapper.swf\#com.comscore..swf\[[DYNAMIC]], No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\player.hulu.com\site\302888\playerwrapper.swf\#com.comscore..swf, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\player.hulu.com\site\302997\playerwrapper.swf\#com.comscore..swf, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\macromedia.com\support\flashplayer\sys\#player.hulu.com, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\player.hulu.com\site\302888\playerwrapper.swf, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\player.hulu.com\site\302997\playerwrapper.swf, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\macromedia.com\support\flashplayer\sys, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\macromedia.com\support\flashplayer, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\player.hulu.com\site\302888, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\player.hulu.com\site\302997, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\macromedia.com\support, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\player.hulu.com\site, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\player.hulu.com, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\macromedia.com, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\VMYXM9PP, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\ogmidpndeiceonipmjplaidcpffkiajk\1.0.2_0\ty\images, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\_metadata, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\ogmidpndeiceonipmjplaidcpffkiajk\1.0.2_0\_metadata, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\ogmidpndeiceonipmjplaidcpffkiajk\1.0.2_0\icons, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Extension Settings\bhihphglhklfeenegnficoggjidonbck, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\css, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\ogmidpndeiceonipmjplaidcpffkiajk\1.0.2_0\ty, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\js, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\ogmidpndeiceonipmjplaidcpffkiajk\1.0.2_0, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\IndexedDB\https_www.hulu.com_0.indexeddb.leveldb, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\ogmidpndeiceonipmjplaidcpffkiajk, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_metadata, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492\_platform_specific, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\_platform_specific\all, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\PepperFlash\28.0.0.126\_metadata, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\_platform_specific, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\000\t\Paths, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\002\t\Paths, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\003\t\Paths, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Extension Settings, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\SSLErrorAssistant\4\_metadata, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\FileTypePolicies\14\_metadata, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\002\t\00, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492\_metadata, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\Origins, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\003\t, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\002\t, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\000\t, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIconsOld, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Session Storage, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\002, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\000, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\_metadata, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\003, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\PepperFlash\28.0.0.126, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIcons, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\PnaclTranslationCache, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\FileTypePolicies\14, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Media Cache, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\SSLErrorAssistant\4, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Webstore Downloads, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\databases, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\IndexedDB, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\SSLErrorAssistant, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\reports, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\FileTypePolicies, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\OriginTrials, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\PepperFlash, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Crashpad, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\USERS\DEMARIUS\APPDATA\LOCAL\WEBDISCOVERBROWSER, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\reports, No Action By User, [8076], [444086],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad, No Action By User, [8076], [444086],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data, No Action By User, [8076], [444086],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\WEBDISCOVERBROWSER, No Action By User, [8076], [444086],1.0.3564
PUP.Optional.DriverUpdate, C:\PROGRAM FILES (X86)\DRIVERUPDATE, No Action By User, [1332], [331449],1.0.3564
PUP.Optional.DriverUpdate, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\DRIVERUPDATE, No Action By User, [1332], [331462],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\VisualElements, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\PROGRAM FILES\WEBDISCOVERBROWSER, No Action By User, [945], [348279],1.0.3564
PUP.Optional.AdvancedPCCare, C:\PROGRAMDATA\APPAPCVERIFIER, No Action By User, [53], [401104],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\_metadata, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\css, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\js, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhihphglhklfeenegnficoggjidonbck, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BHIHPHGLHKLFEENEGNFICOGGJIDONBCK, No Action By User, [1135], [417192],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclpgofahfkfffkniabfejlebhnmnbln\8.5.98_0\_metadata, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclpgofahfkfffkniabfejlebhnmnbln\8.5.98_0, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dclpgofahfkfffkniabfejlebhnmnbln\lost, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dclpgofahfkfffkniabfejlebhnmnbln, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\DCLPGOFAHFKFFFKNIABFEJLEBHNMNBLN, No Action By User, [585], [417527],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sitesThumbnails, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\icons, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\tiles, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\_locales\pt_BR, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\fonts, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\_locales\en, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\_locales\fr, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\_locales\hi, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\_locales\vi, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\skin\icons, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\_metadata, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\_locales, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\vendor, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\skin, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, No Action By User, [485], [443378],1.0.3564
PUP.Optional.CleverFind, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeiobmoekhlkaipobbanhpkepcoajggp\0.1_0\_metadata, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeiobmoekhlkaipobbanhpkepcoajggp\0.1_0, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JEIOBMOEKHLKAIPOBBANHPKEPCOAJGGP, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiegnkkcenchkibkhndcfoeomcepegbo\0.1.1_0\_metadata, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiegnkkcenchkibkhndcfoeomcepegbo\0.1.1_0, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JIEGNKKCENCHKIBKHNDCFOEOMCEPEGBO, No Action By User, [8147], [404614],1.0.3564
 
File: 605
PUP.Optional.WebDiscoverBrowser, C:\USERS\PUBLIC\DESKTOP\WEBDISCOVER BROWSER.LNK, No Action By User, [8076], [253908],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\WINDOWS\SYSTEM32\TASKS\WebDiscover Browser Launch Task, No Action By User, [8076], [255155],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\WINDOWS\SYSTEM32\TASKS\WebDiscover Browser Update Task, No Action By User, [8076], [255155],1.0.3564
PUP.Optional.DriverUpdate, C:\WINDOWS\SYSTEM32\TASKS\DRIVERUPDATE SCAN, No Action By User, [1332], [331466],1.0.3564
PUP.Optional.DriverUpdate, C:\WINDOWS\SYSTEM32\TASKS\DRIVERUPDATE STARTUP, No Action By User, [1332], [335439],1.0.3564
PUP.Optional.DriverUpdate, C:\WINDOWS\TASKS\DRIVERUPDATE SCAN.JOB, No Action By User, [1332], [331457],1.0.3564
PUP.Optional.SlimCleanerPlus, C:\PROGRAM FILES\SLIMSERVICE\CLEANER.DB, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.SlimCleanerPlus, C:\Program Files\SlimService\Analyze.MyD, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.SlimCleanerPlus, C:\Program Files\SlimService\Full.MyD, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.SlimCleanerPlus, C:\Program Files\SlimService\icudt46l.dat, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.SlimCleanerPlus, C:\Program Files\SlimService\MyDefragDll.dll, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.SlimCleanerPlus, C:\Program Files\SlimService\Quick.MyD, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.SlimCleanerPlus, C:\Program Files\SlimService\SlimService.exe, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.SlimCleanerPlus, C:\Program Files\SlimService\SlimServiceFactory.exe, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.SlimCleanerPlus, C:\Program Files\SlimService\Ssd.MyD, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.SlimCleanerPlus, C:\Program Files\SlimService\UnifiedLogger.dll, No Action By User, [1006], [331454],1.0.3564
PUP.Optional.AdvancedPCCare, C:\USERS\PUBLIC\DESKTOP\ADVANCED-PC-CARE.LNK, No Action By User, [53], [316293],1.0.3564
PUP.Optional.SlimCleanerPlus, C:\WINDOWS\SYSTEM32\TASKS\SlimCleaner Plus (Scheduled Scan - DEMARIUS), No Action By User, [1006], [334098],1.0.3564
PUP.Optional.AdvancedPCCare, C:\ProgramData\advancedpccare.net\Advanced-PC-Care\apc.db, No Action By User, [53], [181071],1.0.3564
PUP.Optional.AdvancedPCCare, C:\ProgramData\advancedpccare.net\Advanced-PC-Care\apcsrv.exe, No Action By User, [53], [181071],1.0.3564
PUP.Optional.AdvancedPCCare, C:\ProgramData\advancedpccare.net\Advanced-PC-Care\apcstartrepair_en.mp3, No Action By User, [53], [181071],1.0.3564
PUP.Optional.AdvancedPCCare, C:\Users\DEMARIUS\AppData\Roaming\Advancedpccare.net\Advanced-PC-Care\Errorlog.txt, No Action By User, [53], [181071],1.0.3564
PUP.Optional.AdvancedPCCare, C:\Users\DEMARIUS\AppData\Roaming\Advancedpccare.net\Advanced-PC-Care\exlist.bin, No Action By User, [53], [181071],1.0.3564
PUP.Optional.AdvancedPCCare, C:\Users\DEMARIUS\AppData\Roaming\Advancedpccare.net\Advanced-PC-Care\notifier.xml, No Action By User, [53], [181071],1.0.3564
PUP.Optional.AdvancedPCCare, C:\Users\DEMARIUS\AppData\Roaming\Advancedpccare.net\Advanced-PC-Care\res.xml, No Action By User, [53], [181071],1.0.3564
PUP.Optional.AdvancedPCCare, C:\Users\DEMARIUS\AppData\Roaming\Advancedpccare.net\Advanced-PC-Care\srv.xml, No Action By User, [53], [181071],1.0.3564
PUP.Optional.AdvancedPCCare, C:\Users\DEMARIUS\AppData\Roaming\Advancedpccare.net\Advanced-PC-Care\udu2.xml, No Action By User, [53], [181071],1.0.3564
PUP.Optional.AdvancedPCCare, C:\Users\DEMARIUS\AppData\Roaming\Advancedpccare.net\Advanced-PC-Care\update.xml, No Action By User, [53], [181071],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_metadata\verified_contents.json, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\7461b4a09cfb3d41d75159575b2e7649a445a8d27709b0cc564a6482b7eb41a3.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\03019df3fd85a69a8ebd1facc6da9ba73e469774fe77f579fc5a08b8328c1d6b.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\15970488d7b997a05beb52512adee8d2e8b4a3165264121a9fabfbd5f85ad93f.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\34bb6ad6c3df9c03eea8a499ff7891486c9d5e5cac92d01f7bfd1bce19db48ef.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\41b2dc2e89e63ce4af1ba7bb29bf68c6dee6f9f1cc047e30dffae3b3ba259263.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\5581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\5614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\68f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc4.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\6f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d913.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\8775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\a577ac9ced7548dd8f025b67a241089df86e0f476ec203c2ecbedb185f282638.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\ac3b9aed7fa9674757159e6d7d575672f9d98100941e9bdeffeca1313b75782d.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\bc78e1dfc5f63c684649334da10fa15f0979692009c081b4f3f6917f3ed9b8a5.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\cdb5179b7fc1c046feea31136a3f8f002e6182faf8896fecc8b2f5b5ab604900.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\_platform_specific\all\sths\ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb.sth, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\manifest.fingerprint, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CertificateTransparency\603\manifest.json, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\reports\1c605062-78a7-424d-a2ad-0d64144a4905.dmp, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\reports\34a92f4e-8000-40b0-b187-8b6a2890ccaa.dmp, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\reports\a04d2da0-c861-444d-9cb2-f35ac3d5ff42.dmp, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\reports\ae01fb03-f012-4ed2-a33e-2e25ce5b5096.dmp, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\metadata, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\settings.dat, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_0, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_1, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_2, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\data_3, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\f_000001, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\f_000002, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\f_000003, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\f_000004, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\f_000005, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\f_000006, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\f_000007, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\f_000008, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache\index, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\databases\Databases.db, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\databases\Databases.db-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\macromedia.com\support\flashplayer\sys\#player.hulu.com\settings.sol, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\macromedia.com\support\flashplayer\sys\settings.sol, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\player.hulu.com\site\302888\playerwrapper.swf\#com.comscore..swf\[[DYNAMIC]]\.sol, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\player.hulu.com\site\302997\playerwrapper.swf\#com.comscore..swf\[[DYNAMIC]]\.sol, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\player.hulu.com\BeaconService.sol, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\player.hulu.com\ContentPlayback.sol, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\player.hulu.com\NewSitePlayer.sol, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\J93PBUMV\player.hulu.com\NewSitePlayerCP.sol, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Session Storage\000005.ldb, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Session Storage\000007.log, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Session Storage\000008.ldb, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Session Storage\CURRENT, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Session Storage\LOCK, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Session Storage\LOG, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Session Storage\LOG.old, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Session Storage\MANIFEST-000001, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache\data_0, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache\data_1, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache\data_2, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache\data_3, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\GPUCache\index, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\IndexedDB\https_www.hulu.com_0.indexeddb.leveldb\000005.ldb, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\IndexedDB\https_www.hulu.com_0.indexeddb.leveldb\000046.log, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\IndexedDB\https_www.hulu.com_0.indexeddb.leveldb\000048.ldb, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\IndexedDB\https_www.hulu.com_0.indexeddb.leveldb\CURRENT, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\IndexedDB\https_www.hulu.com_0.indexeddb.leveldb\LOCK, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\IndexedDB\https_www.hulu.com_0.indexeddb.leveldb\LOG, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\IndexedDB\https_www.hulu.com_0.indexeddb.leveldb\LOG.old, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\IndexedDB\https_www.hulu.com_0.indexeddb.leveldb\MANIFEST-000001, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIcons\779A.tmp, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIcons\779B.tmp, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIcons\779C.tmp, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIcons\779D.tmp, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIconsOld\6598.tmp, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIconsOld\65A9.tmp, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\JumpListIconsOld\65AA.tmp, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\chrome-extension_ogmidpndeiceonipmjplaidcpffkiajk_0.localstorage, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\chrome-extension_ogmidpndeiceonipmjplaidcpffkiajk_0.localstorage-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\https_cdn.augur.io_0.localstorage, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\https_cdn.augur.io_0.localstorage-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\https_chrome.google.com_0.localstorage, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\https_www.google.com_0.localstorage, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\https_www.google.com_0.localstorage-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\https_www.hulu.com_0.localstorage, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\https_www.hulu.com_0.localstorage-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\http_www.testmyspeed.com_0.localstorage, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\http_www.testmyspeed.com_0.localstorage-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\https_chrome.google.com_0.localstorage-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Media Cache\data_0, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Media Cache\data_1, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Media Cache\data_2, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Media Cache\data_3, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Media Cache\index, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Extension Settings\bhihphglhklfeenegnficoggjidonbck\000003.log, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Extension Settings\bhihphglhklfeenegnficoggjidonbck\CURRENT, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Extension Settings\bhihphglhklfeenegnficoggjidonbck\LOCK, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Extension Settings\bhihphglhklfeenegnficoggjidonbck\LOG, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Extension Settings\bhihphglhklfeenegnficoggjidonbck\LOG.old, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Sync Extension Settings\bhihphglhklfeenegnficoggjidonbck\MANIFEST-000001, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\000003.log, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\CURRENT, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\LOCK, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\LOG, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\LOG.old, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\MANIFEST-000001, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\000003.log, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\CURRENT, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\LOCK, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\LOG, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\LOG.old, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\MANIFEST-000001, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\css\srchoff.png, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\css\srchon.png, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\css\style.css, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\js\jq.js, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\js\script.js, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\_metadata\verified_contents.json, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\manifest.json, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\options143.html, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\pic143.png, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\script143.js, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\ogmidpndeiceonipmjplaidcpffkiajk\1.0.2_0\icons\icon128.png, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\ogmidpndeiceonipmjplaidcpffkiajk\1.0.2_0\icons\icon16.png, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\ogmidpndeiceonipmjplaidcpffkiajk\1.0.2_0\icons\icon38.png, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\ogmidpndeiceonipmjplaidcpffkiajk\1.0.2_0\ty\images\bar.png, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\ogmidpndeiceonipmjplaidcpffkiajk\1.0.2_0\ty\images\incognito.png, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\ogmidpndeiceonipmjplaidcpffkiajk\1.0.2_0\ty\ty.css, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\ogmidpndeiceonipmjplaidcpffkiajk\1.0.2_0\ty\ty.html, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\ogmidpndeiceonipmjplaidcpffkiajk\1.0.2_0\_metadata\verified_contents.json, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\ogmidpndeiceonipmjplaidcpffkiajk\1.0.2_0\background.js, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extensions\ogmidpndeiceonipmjplaidcpffkiajk\1.0.2_0\manifest.json, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\000\t\Paths\000003.log, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\000\t\Paths\CURRENT, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\000\t\Paths\LOCK, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\000\t\Paths\LOG, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\000\t\Paths\MANIFEST-000001, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\000\t\.usage, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\002\t\00\00000000, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\002\t\Paths\000003.log, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\002\t\Paths\CURRENT, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\002\t\Paths\LOCK, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\002\t\Paths\LOG, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\002\t\Paths\LOG.old, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\002\t\Paths\MANIFEST-000001, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\002\t\.usage, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\003\t\Paths\000003.log, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\003\t\Paths\CURRENT, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\003\t\Paths\LOCK, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\003\t\Paths\LOG, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\003\t\Paths\MANIFEST-000001, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\003\t\.usage, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\Origins\000003.log, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\Origins\CURRENT, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\Origins\LOCK, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\Origins\LOG, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\Origins\LOG.old, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\File System\Origins\MANIFEST-000001, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\000003.log, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\CURRENT, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\LOCK, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\LOG, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\LOG.old, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\34A4.tmp, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\4A72.tmp, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\67FB.tmp, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\6C24.tmp, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Bookmarks, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Cookies, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Cookies-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Current Session, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Current Tabs, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Network Persistent State, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Origin Bound Certs, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Origin Bound Certs-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Preferences, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\previews_opt_out.db, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\previews_opt_out.db-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\QuotaManager, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\QuotaManager-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Secure Preferences, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\History, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\History Provider Cache, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\History-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Last Session, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Last Tabs, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Login Data, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Login Data-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Network Action Predictor, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Shortcuts, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Shortcuts-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Top Sites, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Top Sites-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\TransportSecurity, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Visited Links, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Web Data, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Web Data-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Cookies, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Cookies-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\F74F.tmp, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Favicons, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Favicons-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Google Profile.ico, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Default\Network Action Predictor-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\_metadata\verified_contents.json, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\_platform_specific\all\ev_hashes_whitelist.bin, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\manifest.fingerprint, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\EVWhitelist\7\manifest.json, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\FileTypePolicies\14\_metadata\verified_contents.json, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\FileTypePolicies\14\download_file_types.pb, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\FileTypePolicies\14\manifest.fingerprint, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\FileTypePolicies\14\manifest.json, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\PepperFlash\28.0.0.126\_metadata\verified_contents.json, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\PepperFlash\28.0.0.126\manifest.fingerprint, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\PepperFlash\28.0.0.126\manifest.json, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\PepperFlash\28.0.0.126\pepflashplayer.dll, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492\_metadata\verified_contents.json, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_pnacl_json, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492\manifest.fingerprint, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\pnacl\0.57.44.2492\manifest.json, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\PnaclTranslationCache\data_0, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\PnaclTranslationCache\data_1, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\PnaclTranslationCache\data_2, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\PnaclTranslationCache\data_3, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\PnaclTranslationCache\index, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\data_0, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\data_1, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\data_2, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\data_3, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\ShaderCache\GPUCache\index, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\SSLErrorAssistant\4\_metadata\verified_contents.json, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\SSLErrorAssistant\4\manifest.fingerprint, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\SSLErrorAssistant\4\manifest.json, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\SSLErrorAssistant\4\ssl_error_assistant.pb, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Cookies, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\93CF.tmp, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\BrowserMetrics-active.pma, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\BrowserMetrics.pma, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Certificate Revocation Lists, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CrashpadMetrics-active.pma, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\CrashpadMetrics.pma~RF3fac905.TMP, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\en-US-7-1.bdic, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\First Run, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Local State, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Bloom, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Bloom Prefix Set, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Channel IDs, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Channel IDs-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Cookies-journal, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Csd Whitelist, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Download, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Download Whitelist, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Extension Blacklist, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing IP Blacklist, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Module Whitelist, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Resource Blacklist, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing UwS List, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing UwS List Prefix Set, No Action By User, [8076], [181497],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\metadata, No Action By User, [8076], [444086],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\Crashpad\settings.dat, No Action By User, [8076], [444086],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\CrashpadMetrics-active.pma, No Action By User, [8076], [444086],1.0.3564
PUP.Optional.WebDiscoverBrowser, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser\User Data\CrashpadMetrics.pma, No Action By User, [8076], [444086],1.0.3564
PUP.Optional.DriverUpdate, C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe, No Action By User, [1332], [331449],1.0.3564
PUP.Optional.DriverUpdate, C:\Program Files (x86)\DriverUpdate\Open-Source Licenses.txt, No Action By User, [1332], [331449],1.0.3564
PUP.Optional.DriverUpdate, C:\Program Files (x86)\DriverUpdate\UnifiedLogger.dll, No Action By User, [1332], [331449],1.0.3564
PUP.Optional.DriverUpdate, C:\Program Files (x86)\DriverUpdate\UninstallStub.exe, No Action By User, [1332], [331449],1.0.3564
PUP.Optional.DriverUpdate, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate\DriverUpdate Help.lnk, No Action By User, [1332], [331462],1.0.3564
PUP.Optional.DriverUpdate, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate\DriverUpdate.lnk, No Action By User, [1332], [331462],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\hi.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\am.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\ar.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\bg.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\bn.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\ca.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\cs.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\da.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\de.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\el.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\en-GB.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\en-US.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\es-419.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\es.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\et.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\fa.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\fi.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\fil.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\fr.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\gu.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\he.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\hr.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\hu.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\id.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\it.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\ja.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\kn.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\ko.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\lt.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\lv.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\ml.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\mr.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\ms.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\nb.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\nl.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\pl.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\pt-BR.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\pt-PT.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\ro.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\ru.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\sk.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\sl.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\sr.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\sv.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\sw.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\ta.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\te.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\th.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\tr.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\uk.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\vi.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\zh-CN.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\Locales\zh-TW.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\VisualElements\Logo.png, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\VisualElements\SmallLogo.png, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\59.0.3043.0.manifest, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\chrome.dll, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\chrome_100_percent.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\chrome_200_percent.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\chrome_child.dll, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\chrome_elf.dll, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\chrome_watcher.dll, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\d3dcompiler_47.dll, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\icudtl.dat, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\libEGL.dll, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\libGLESv2.dll, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\nacl64.exe, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\nacl_irt_x86_32.nexe, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\nacl_irt_x86_64.nexe, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\natives_blob.bin, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\resources.pak, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\59.0.3043.0\snapshot_blob.bin, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\browser.exe, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\debug.log, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\3.15.2\master_preferences, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\DelayedStart.lnk, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\Start.lnk, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\unins000.dat, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\unins000.exe, No Action By User, [945], [348279],1.0.3564
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\unins000.msg, No Action By User, [945], [348279],1.0.3564
PUP.Optional.AdvancedPCCare, C:\ProgramData\AppApcVerifier\AppVerifierapc.exe, No Action By User, [53], [401104],1.0.3564
PUP.Optional.AdvancedPCCare, C:\ProgramData\AppApcVerifier\AppVerifierapc.exe.config, No Action By User, [53], [401104],1.0.3564
PUP.Optional.AdvancedPCCare, C:\ProgramData\AppApcVerifier\AppVerifierapc.InstallLog, No Action By User, [53], [401104],1.0.3564
PUP.Optional.AdvancedPCCare, C:\ProgramData\AppApcVerifier\AppVerifierapc.InstallState, No Action By User, [53], [401104],1.0.3564
PUP.Optional.AdvancedPCCare, C:\ProgramData\AppApcVerifier\InstallUtil.InstallLog, No Action By User, [53], [401104],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\css\srchoff.png, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\css\srchon.png, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\css\style.css, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\js\jq.js, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\js\script.js, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\_metadata\computed_hashes.json, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\_metadata\verified_contents.json, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\manifest.json, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\options143.html, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\pic143.png, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhihphglhklfeenegnficoggjidonbck\2.2.9_0\script143.js, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhihphglhklfeenegnficoggjidonbck\000003.log, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhihphglhklfeenegnficoggjidonbck\CURRENT, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhihphglhklfeenegnficoggjidonbck\LOCK, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhihphglhklfeenegnficoggjidonbck\LOG, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhihphglhklfeenegnficoggjidonbck\LOG.old, No Action By User, [1135], [417192],1.0.3564
Adware.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhihphglhklfeenegnficoggjidonbck\MANIFEST-000001, No Action By User, [1135], [417192],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclpgofahfkfffkniabfejlebhnmnbln\8.5.98_0\_metadata\computed_hashes.json, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclpgofahfkfffkniabfejlebhnmnbln\8.5.98_0\_metadata\verified_contents.json, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclpgofahfkfffkniabfejlebhnmnbln\8.5.98_0\add.js, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclpgofahfkfffkniabfejlebhnmnbln\8.5.98_0\career.css, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclpgofahfkfffkniabfejlebhnmnbln\8.5.98_0\Distinguished.png, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclpgofahfkfffkniabfejlebhnmnbln\8.5.98_0\inspire.js, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclpgofahfkfffkniabfejlebhnmnbln\8.5.98_0\instead.html, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclpgofahfkfffkniabfejlebhnmnbln\8.5.98_0\interested.js, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclpgofahfkfffkniabfejlebhnmnbln\8.5.98_0\jquery.min.js, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclpgofahfkfffkniabfejlebhnmnbln\8.5.98_0\manifest.json, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclpgofahfkfffkniabfejlebhnmnbln\8.5.98_0\page.js, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclpgofahfkfffkniabfejlebhnmnbln\8.5.98_0\planet.png, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclpgofahfkfffkniabfejlebhnmnbln\8.5.98_0\toward.png, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dclpgofahfkfffkniabfejlebhnmnbln\8.5.98_0\virtually.js, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dclpgofahfkfffkniabfejlebhnmnbln\lost\000003.log, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dclpgofahfkfffkniabfejlebhnmnbln\lost\MANIFEST-000001, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dclpgofahfkfffkniabfejlebhnmnbln\000004.ldb, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dclpgofahfkfffkniabfejlebhnmnbln\000006.log, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dclpgofahfkfffkniabfejlebhnmnbln\CURRENT, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dclpgofahfkfffkniabfejlebhnmnbln\LOCK, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dclpgofahfkfffkniabfejlebhnmnbln\LOG, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dclpgofahfkfffkniabfejlebhnmnbln\LOG.old, No Action By User, [585], [417527],1.0.3564
Rogue.ForcedExtension, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dclpgofahfkfffkniabfejlebhnmnbln\MANIFEST-000001, No Action By User, [585], [417527],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\fonts\HelveticaNeue-Thin.otf, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\fonts\HelveticaNeueLT-Roman.woff, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\fonts\neue-bold.woff, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\fonts\neue.woff, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\icons\128.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\icons\16.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\icons\48.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\icons\close.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\icons\favicon.ico, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\icons\trends.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sitesThumbnails\amazon_tile_v2.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sitesThumbnails\booking_tile_v2.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sitesThumbnails\ebay.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sitesThumbnails\ebay_tile_v2.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sitesThumbnails\facebook.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sitesThumbnails\facebook_tile_v2.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sitesThumbnails\gmail.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sitesThumbnails\gmail_tile_v2.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sitesThumbnails\gtranslte.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sitesThumbnails\pinterest.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sitesThumbnails\twitter.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sitesThumbnails\twitter_tile_v2.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sitesThumbnails\yahoo.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sitesThumbnails\yahoo_tile_v2.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sitesThumbnails\youtube.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sitesThumbnails\youtube_tile_v2.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\tiles\DOC-to-PDF.jpg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\tiles\PDF-to-DOC.jpg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\tiles\Translation.jpg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\tiles\View-PDF.jpg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\01d.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\01n.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\02d.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\02n.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\03d.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\03n.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\04d.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\04n.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\09d.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\09n.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\10d.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\10n.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\11d.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\11n.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\13d.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\13n.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\50d.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\weather\50n.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\eyeglass.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\angle-arrow-down.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\bing.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\bing_large.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\bluesky-bg.jpg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\brush.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\bt.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\clock.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\cloud.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\cupcake-bg.jpg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\desk-bg.jpg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\doodle.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\down.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\enhanced_google.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\gmx_large.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\google.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\google_large.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\hero-bg.jpg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\just-the-box-empty.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\just-the-box.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\mountain-bg.jpg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\pointer2.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\radio-selected.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\radio-unselected.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\sea-bg.jpg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\settings.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\smallMagnifier.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\star-unselected.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\star.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\todoc.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\toggle-off.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\toggle-on.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\topdf.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\transparent_img.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\yahoo.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\yahoo.svg, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\yahoo_large.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\images\yandex.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\content\bundle.v0.0.1.min.css, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\skin\icons\16.png, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\vendor\md5.min.js, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\vendor\react-dom.min.js, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\vendor\react-with-addons.min.js, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\vendor\underscore-min.js, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\_locales\en\messages.json, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\_locales\fr\messages.json, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\_locales\hi\messages.json, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\_locales\pt_BR\messages.json, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\_locales\vi\messages.json, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\_metadata\computed_hashes.json, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\2bfc185be71f44cd73ac81511fc1f5a5.woff, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\b495e340f4ef8924fea0284c1bf9e7ac.woff, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\background.html, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\background.v0.0.1.min.js, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\c5a5cbf4dbcaa7064f2bc77f52101aec.otf, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\client.v0.0.1.min.js, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\common.js, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\e5d3501d500d07b0a1e952b0f8a81d78.woff, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\e_.json, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\index.html, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\manifest.json, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\popupTab2.html, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\popupTab2.js, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce\10.1.2.61_0\responseConfig.json, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SearchManager, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, [485], [443378],1.0.3564
PUP.Optional.SlimCleanerPlus, C:\USERS\PUBLIC\DESKTOP\SlimCleaner Plus.lnk, No Action By User, [1006], [398509],1.0.3564
PUP.Optional.DriverUpdate, C:\USERS\PUBLIC\DESKTOP\DRIVERUPDATE.LNK, No Action By User, [1332], [331456],1.0.3564
PUP.Optional.SlimCleanerPlus, C:\WINDOWS\TASKS\SlimCleaner Plus (Scheduled Scan - DEMARIUS).job, No Action By User, [1006], [331621],1.0.3564
PUP.Optional.DriverUpdate, C:\WINDOWS\TASKS\DRIVERUPDATE STARTUP.JOB, No Action By User, [1332], [335441],1.0.3564
PUP.Optional.MindSpark.Generic, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_bringmesports.dl.myway.com_0.localstorage, No Action By User, [1392], [443124],1.0.3564
PUP.Optional.MindSpark.Generic, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_bringmesports.dl.myway.com_0.localstorage-journal, No Action By User, [1392], [443124],1.0.3564
PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS\ByteFence, No Action By User, [586], [388721],1.0.3564
PUP.Optional.ByteFence, C:\WINDOWS\SYSTEM32\TASKS\ByteFence Scan, No Action By User, [586], [388721],1.0.3564
PUP.Optional.MindSpark.Generic, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_easypdfcombine.dl.myway.com_0.localstorage, No Action By User, [1392], [443124],1.0.3564
PUP.Optional.MindSpark.Generic, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_easypdfcombine.dl.myway.com_0.localstorage-journal, No Action By User, [1392], [443124],1.0.3564
PUP.Optional.MindSpark.Generic, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_televisionfanatic.dl.myway.com_0.localstorage, No Action By User, [1392], [443124],1.0.3564
PUP.Optional.MindSpark.Generic, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_televisionfanatic.dl.myway.com_0.localstorage-journal, No Action By User, [1392], [443124],1.0.3564
PUP.Optional.MindSpark.Generic, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_videodownloadconverter.dl.myway.com_0.localstorage, No Action By User, [1392], [443124],1.0.3564
PUP.Optional.MindSpark.Generic, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_videodownloadconverter.dl.myway.com_0.localstorage-journal, No Action By User, [1392], [443124],1.0.3564
PUP.Optional.MindSpark.Generic, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_bringmesports.dl.tb.ask.com_0.localstorage, No Action By User, [1392], [443123],1.0.3564
PUP.Optional.MindSpark.Generic, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_bringmesports.dl.tb.ask.com_0.localstorage-journal, No Action By User, [1392], [443123],1.0.3564
PUP.Optional.MindSpark.Generic, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_televisionfanatic.dl.tb.ask.com_0.localstorage, No Action By User, [1392], [443123],1.0.3564
PUP.Optional.MindSpark.Generic, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_televisionfanatic.dl.tb.ask.com_0.localstorage-journal, No Action By User, [1392], [443123],1.0.3564
PUP.Optional.MindSpark.Generic, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_videodownloadconverter.dl.tb.ask.com_0.localstorage, No Action By User, [1392], [443123],1.0.3564
PUP.Optional.MindSpark.Generic, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\LOCAL STORAGE\http_videodownloadconverter.dl.tb.ask.com_0.localstorage-journal, No Action By User, [1392], [443123],1.0.3564
PUP.Optional.SlimCleanerPlus, C:\PROGRAM FILES\SLIMCLEANER PLUS\SLIMCLEANERPLUS.EXE, No Action By User, [1006], [452419],1.0.3564
PUP.Optional.SearchManager, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [485], [260991],1.0.3564
PUP.Optional.APNToolBar.Gen, C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\UPDATER\TBNOTIFIER.EXE, No Action By User, [8822], [186878],1.0.3564
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\RTOP\BIN\RTOP_SVC.EXE, No Action By User, [586], [390139],1.0.3564
PUP.Optional.APNToolBar.Gen, C:\PROGRAM FILES (X86)\ASKPARTNERNETWORK\TOOLBAR\APNMCP.EXE, No Action By User, [8822], [186879],1.0.3564
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCESERVICE.EXE, No Action By User, [586], [388726],1.0.3564
PUP.Optional.WinYahoo, C:\USERS\DEMARIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2D9OXLU.DEFAULT\SEARCHPLUGINS\YAHOO! POWERED.XML, No Action By User, [58], [302726],1.0.3564
PUP.Optional.CleverFind, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JEIOBMOEKHLKAIPOBBANHPKEPCOAJGGP\0.1_0\BRAND.JS, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeiobmoekhlkaipobbanhpkepcoajggp\0.1_0\_metadata\computed_hashes.json, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeiobmoekhlkaipobbanhpkepcoajggp\0.1_0\_metadata\verified_contents.json, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeiobmoekhlkaipobbanhpkepcoajggp\0.1_0\background.js, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeiobmoekhlkaipobbanhpkepcoajggp\0.1_0\manifest.json, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeiobmoekhlkaipobbanhpkepcoajggp\0.1_0\pqi.png, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\USERS\DEMARIUS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JIEGNKKCENCHKIBKHNDCFOEOMCEPEGBO\0.1.1_0\BRAND61.JS, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiegnkkcenchkibkhndcfoeomcepegbo\0.1.1_0\_metadata\computed_hashes.json, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiegnkkcenchkibkhndcfoeomcepegbo\0.1.1_0\_metadata\verified_contents.json, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiegnkkcenchkibkhndcfoeomcepegbo\0.1.1_0\background61.js, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiegnkkcenchkibkhndcfoeomcepegbo\0.1.1_0\manifest.json, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.CleverFind, C:\Users\DEMARIUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiegnkkcenchkibkhndcfoeomcepegbo\0.1.1_0\pic61.png, No Action By User, [8147], [404614],1.0.3564
PUP.Optional.WinYahoo, C:\USERS\DEMARIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2D9OXLU.DEFAULT\PREFS.JS, No Action By User, [58], [303324],1.0.3564
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\BYTEFENCE.EXE, No Action By User, [586], [389016],1.0.3564
PUP.Optional.ByteFence, C:\PROGRAM FILES\BYTEFENCE\UNINSTALL.EXE, No Action By User, [586], [389016],1.0.3564
PUP.Optional.ByteFence, C:\USERS\DEMARIUS\APPDATA\LOCAL\TEMP\TMPSEC10695678\BYTEFENCE-INSTALLER_3.12.0.EXE, No Action By User, [586], [389016],1.0.3564
PUP.Optional.Slimware, C:\USERS\DEMARIUS\APPDATA\LOCAL\TEMP\SCPD247.TMP.EXE, No Action By User, [1526], [338168],1.0.3564
Adware.OpenSoftwareUpdater, C:\USERS\DEMARIUS\DOWNLOADS\SOFTWAREUPDATER.EXE, No Action By User, [4004], [376087],1.0.3564
PUP.Optional.InstallCore, C:\USERS\DEMARIUS\DOWNLOADS\FPLAYER.EXE, No Action By User, [2], [417620],1.0.3564
PUP.Optional.DriverUpdate, C:\USERS\DEMARIUS\DOWNLOADS\DRIVERUPDATE-SETUP (1).EXE, No Action By User, [1332], [331447],1.0.3564
PUP.Optional.DriverUpdate, C:\USERS\DEMARIUS\DOWNLOADS\DRIVERUPDATE-SETUP.EXE, No Action By User, [1332], [327739],1.0.3564
PUP.Optional.DriverUpdate, C:\USERS\DEMARIUS\DOWNLOADS\DRIVERUPDATE-SETUP (2).EXE, No Action By User, [1332], [331447],1.0.3564
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
# AdwCleaner 7.0.6.0 - Logfile created on Tue Dec 26 20:52:30 2017
# Updated on 2017/21/12 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: SlimService
Deleted: ByteFenceService
Deleted: rtop
Deleted: APNMCP
Deleted: AppApcVerifier
 
 
***** [ Folders ] *****
 
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slimcleaner plus
Deleted: C:\Program Files\slimcleaner plus
Deleted: C:\Users\All Users\Documents\Downloaded Installers
Deleted: C:\Users\DEMARIUS\AppData\Local\Downloaded Installers
Deleted: C:\Users\Public\Documents\Downloaded Installers
Deleted: C:\ProgramData\App-verifier
Deleted: C:\ProgramData\Application Data\App-verifier
Deleted: C:\Users\All Users\App-verifier
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner Plus 
Deleted: C:\Program Files\SlimCleaner Plus 
Deleted: C:\ProgramData\AskPartnerNetwork
Deleted: C:\ProgramData\Application Data\AskPartnerNetwork
Deleted: C:\Program Files (x86)\AskPartnerNetwork
Deleted: C:\Users\All Users\AskPartnerNetwork
Deleted: C:\ProgramData\slimware utilities inc
Deleted: C:\ProgramData\Application Data\slimware utilities inc
Deleted: C:\Users\All Users\slimware utilities inc
Deleted: C:\Users\DEMARIUS\AppData\Local\slimware utilities inc
Deleted: C:\ProgramData\SlimWare Utilities Inc
Deleted: C:\ProgramData\Application Data\SlimWare Utilities Inc
Deleted: C:\Users\All Users\SlimWare Utilities Inc
Deleted: C:\Users\DEMARIUS\AppData\Local\SlimWare Utilities Inc
Deleted: C:\Program Files\SlimService
Deleted: C:\ProgramData\ByteFence
Deleted: C:\ProgramData\Application Data\ByteFence
Deleted: C:\Program Files\ByteFence
Deleted: C:\Users\All Users\ByteFence
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
Deleted: C:\Program Files (x86)\DriverUpdate
Deleted: C:\Program Files\WebDiscoverBrowser
Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\WebDiscoverBrowser
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\WebDiscoverBrowser
Deleted: C:\Users\DEMARIUS\AppData\Local\WebDiscoverBrowser
Deleted: C:\ProgramData\apn
Deleted: C:\ProgramData\Application Data\apn
Deleted: C:\Users\All Users\apn
Deleted: C:\Users\DEMARIUS\AppData\Local\Temp\apn
Deleted: C:\ProgramData\AppApcVerifier
Deleted: C:\ProgramData\Application Data\AppApcVerifier
Deleted: C:\Users\All Users\AppApcVerifier
Deleted: C:\ProgramData\Advancedpccare.net
Deleted: C:\ProgramData\Application Data\Advancedpccare.net
Deleted: C:\Users\All Users\Advancedpccare.net
Deleted: C:\Users\DEMARIUS\AppData\Roaming\Advancedpccare.net
 
 
***** [ Files ] *****
 
Deleted: C:\Windows\SysNative\drivers\swdumon.sys
Deleted: C:\Users\DEMARIUS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Facebook.lnk
Deleted: C:\Users\All Users\Desktop\slimcleaner plus.lnk
Deleted: C:\Users\Public\Desktop\slimcleaner plus.lnk
Deleted: C:\Users\All Users\Desktop\driverupdate.lnk
Deleted: C:\Users\Public\Desktop\driverupdate.lnk
Deleted: C:\appverifier.txt
Deleted: C:\Users\All Users\Desktop\SlimCleaner Plus.lnk
Deleted: C:\Users\Public\Desktop\SlimCleaner Plus.lnk
Deleted: C:\Users\DEMARIUS\AppData\Roaming\Mozilla\Firefox\Profiles\q2d9oxlu.default\searchplugins\yahoo! powered.xml
Deleted: C:\Users\DEMARIUS\AppData\Roaming\Mozilla\Firefox\Profiles\q2d9oxlu.default\SEARCHPLUGINS\YAHOO! POWERED.XML
Deleted: C:\Users\DEMARIUS\Downloads\DRIVERUPDATE-SETUP.EXE
Deleted: C:\Users\All Users\Desktop\Advanced-PC-Care.lnk
Deleted: C:\Users\Public\Desktop\Advanced-PC-Care.lnk
Deleted: C:\Users\All Users\Desktop\WebDiscover Browser.lnk
Deleted: C:\Users\Public\Desktop\WebDiscover Browser.lnk
Deleted: C:\Windows\SysNative\Tasks\WebDiscover Browser Launch Task
Deleted: C:\Windows\SysNative\Tasks\WebDiscover Browser Update Task
 
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
Deleted: WebDiscover Browser Launch Task
Deleted: WebDiscover Browser Update Task
Deleted: ByteFence Scan
Deleted: ByteFence
Deleted: DriverUpdate Scan
Deleted: DriverUpdate Startup
Deleted: Advanced-PC-Care_Logon
Deleted: SlimCleaner Plus (Scheduled Scan - DEMARIUS)
Deleted: SlimCleaner Plus (Scheduled Scan - DEMARIUS)
 
 
***** [ Registry ] *****
 
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\tweakbit.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.tweakbit.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\tweakbit.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.tweakbit.com
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d1af033869koo7.cloudfront.net
Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d1af033869koo7.cloudfront.net
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1
Deleted: [Key] - HKLM\SOFTWARE\WebDiscoverBrowser
Deleted: [Key] - HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\Software\WebDiscoverBrowser
Deleted: [Key] - HKCU\Software\WebDiscoverBrowser
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
Deleted: [Key] - HKLM\SOFTWARE\pcv-var
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{1BD47D21-01F4-4538-9290-39FD569A0F24}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{959D527D-6C27-4879-A644-065526D6969C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{BAF87BD0-A924-4108-AFA5-A5FA720A2E86}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{149622B2-F1C5-492D-BFDF-8E5ED85854A0}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{6DC6EE87-F3BB-40EB-BCEE-12F7D6E3EEDF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{A5FF3EB5-BF62-4D59-84DF-DC518E46FCB3}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98FD652EB4839214E97B69DD8EEA1D29
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Deleted: [Key] - HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WebDiscoverBrowser
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ApnTBMon
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ApnTBMon
Deleted: [Value] - HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|WeatherBug
Deleted: [Value] - HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\Software\Microsoft\Windows\CurrentVersion\Run|SlimCleaner Plus
Deleted: [Value] - HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SlimCleaner Plus
Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SlimCleaner Plus
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|WeatherBug.exe
Deleted: [Key] - HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
Deleted: [Key] - HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
Deleted: [Key] - HKLM\SOFTWARE\AskPartnerNetwork
Deleted: [Key] - HKU\.DEFAULT\Software\AskPartnerNetwork
Deleted: [Key] - HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\Software\AskPartnerNetwork
Deleted: [Key] - HKU\S-1-5-18\Software\AskPartnerNetwork
Deleted: [Key] - HKCU\Software\AskPartnerNetwork
Deleted: [Key] - HKLM\SOFTWARE\SlimWare Utilities Inc
Deleted: [Key] - HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\Software\SlimWare Utilities Inc
Deleted: [Key] - HKCU\Software\SlimWare Utilities Inc
Deleted: [Key] - HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Deleted: [Key] - HKLM\SOFTWARE\ByteFence
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Deleted: [Key] - HKU\.DEFAULT\Software\ByteFence
Deleted: [Key] - HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\Software\ByteFence
Deleted: [Key] - HKU\S-1-5-18\Software\ByteFence
Deleted: [Key] - HKCU\Software\ByteFence
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverUpdate
Deleted: [Key] - HKLM\SOFTWARE\AppApcVerifier
Deleted: [Key] - HKLM\SOFTWARE\advancedpccare.net
Deleted: [Key] - HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\Software\advancedpccare.net
Deleted: [Key] - HKCU\Software\advancedpccare.net
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\Software\csastats
Deleted: [Key] - HKCU\Software\csastats
Deleted: [Key] - HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\PRODUCTSETUP
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
Plugin deleted:  - 
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [15988 B] - [2017/12/26 20:35:22]
C:/AdwCleaner/AdwCleaner[S1].txt - [16058 B] - [2017/12/26 20:44:2]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:48 AM

Posted 27 December 2017 - 08:35 AM

Hi,

If not already done please remove all the items found by the Malwarebytes program.
===

If still present plrease remove these programs in bold via the Control Panel > Programs > Programs and Features.
These may only be remnant after having run and clean with MBAM and AdwCleaner.

DriverUpdate (HKLM-x32\...\{53C9EBD2-F3F7-49BB-BDB4-147D3A4D5E6D}) (Version: 2.7.10 - Slimware Utilities Holdings, Inc.) Hidden
ooVoo Teoma Search App (HKLM-x32\...\{4F564F2D-5447-006A-76A7-A758B70C2D01}) (Version: 12.45.1.1172 - APN, LLC)
SlimCleaner Plus (HKLM\...\{ABA29C63-B22D-45F8-BA20-7C8EF17B5E62}) (Version: 2.5.10 - Slimware Utilities Holdings, Inc.) Hidden
SlimCleaner Plus (HKLM\...\SlimCleaner Plus) (Version: 2.5.10 - Slimware Utilities Holdings, Inc.)
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2910850633-2078348475-1510376315-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
S3 SWDUMon; \SystemRoot\system32\DRIVERS\SWDUMon.sys [X]
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2910850633-2078348475-1510376315-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\DEMARIUS\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {066EF8E5-D989-4788-A614-6331099D46C6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {153020B6-DB92-446D-B5C6-F55AE3A1DBC0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2D12EC5E-E75F-4CFF-9424-55EE8F08F77C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2D64A77F-8AFB-49EB-9303-C3C0D6125D49} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2F37CFB4-EBA1-425E-B928-534EF0761512} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3EFDB0C8-57A1-4BF7-BA07-4700EB6F7C7B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {688CDBA4-21C9-4F05-A3A7-4CE432A9F62C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7A4FD6F4-EC61-4CDD-903B-C92BED1FBD43} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A3212480-AF45-4201-9A41-59655F7A98AD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AB719D36-44C6-419B-A399-B18B4E644FAA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {AE44BC50-CBD2-41A8-9605-E41563E8A371} - \WPD\SqmUpload_S-1-5-21-2910850633-2078348475-1510376315-1001 -> No File <==== ATTENTION
Task: {C6B2F64B-702F-4C12-B91B-11481BF135EC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
FirewallRules: [{8B65BF72-035B-4336-872B-7D9EAC11CCCE}] => (Allow) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Repair these services.

Boot with Safe Mode with Networking. Execute the following.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    16 - Repair Windows Updates
    20 - Repair MSI (Windows Installer)
    25 - Restore Important Windows Services
    26 - Set Windows Service to Default Startup
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
===

Restart the computer normally.

How is the computer running now?

Please let me know what problem persists with this computer.

#6 neuropocalyptic

neuropocalyptic
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 28 December 2017 - 12:24 PM

Good afternoon,

 

After running the recommended steps as listed above, I have found the following problems persisting. First, I get an error before logging into windows during safe mode and sometimes during normal mode which reads:

 

Ctfmon.exe

System Error Exception Processing  Message

followed by the same hexadecimal number 4 times - 0x7ffe733417a8

 

The scans ran earlier managed to remove all of the programs you asked me to. However, I had revo uninstall previously installed on my PC and when I ran it I noticed that the Ovoo Teoma Search App is listed. Yet I was unable to remove it. In control panel I don't see it. And as far as the windows repair tool I downloaded from tweaking.com is concerned, after it completed the repair process it did not give me a final report. I only have the pre-scan .txt file. The System is running slightly better in normal mode, but the boot time is significantly slow and it hangs coming of screen saver mode and when making simple changes in the operating system like turning off screen saver mode.. My PC is still in bad shape. What else can be done at this point?


Edited by neuropocalyptic, 28 December 2017 - 12:42 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:48 AM

Posted 28 December 2017 - 01:45 PM



The file Ctfmon.exe may be problematic or you have the wrong version.

Lets check it ouit.


Farbar Recovery Scan Tool (FRST) - Registry Search
Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply.
  • Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • In the Search text area, copy and paste the following:
Ctfmon.exe
  • Once done, click on the Search Registry button and wait for FRST to finish the search;
  • On completion, a log will open in Notepad. Copy and paste its content in your next reply;
Do a second search this time look in the Computer for the file.

Farbar Recovery Scan Tool (FRST) - File Search

There is a Search Files button on the FRST Console. To search for files you can type or copy and paste Ctfmon.exe into the Search box.

When the Search Files button is pressed the user is informed that the search is started, a progress bar appears, then a message pops up indicating that the search is completed. A Search.txt log is saved at the same location that FRST.exe is located poste it as well.

#8 neuropocalyptic

neuropocalyptic
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 28 December 2017 - 09:00 PM

Ok. Here are the files:
 
Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by DEMARIUS (28-12-2017 20:03:01)
Running from C:\Users\DEMARIUS\Desktop
Boot Mode: Safe Mode (with Networking)
 
================== Search Files: "Ctfmon.exe
" =============
 
C:\Windows\WinSxS\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_10.0.15063.0_none_5225ca891102d259\ctfmon.exe
[2017-03-18 15:58][2017-03-18 15:58] 000010240 _____ (Microsoft Corporation) E551F4E20262DB7ABF1684109D313CC7 [File is digitally signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_10.0.15063.0_none_ae44660cc960438f\ctfmon.exe
[2017-03-18 15:58][2017-03-18 15:58] 000011264 _____ (Microsoft Corporation) 8818EE0DC3D3F21DBD975B489B8B78CB [File is digitally signed]
 
C:\Windows\SysWOW64\ctfmon.exe
[2017-03-18 15:58][2017-03-18 15:58] 000010240 _____ (Microsoft Corporation) E551F4E20262DB7ABF1684109D313CC7 [File is digitally signed]
 
C:\Windows\System32\ctfmon.exe
[2017-03-18 15:58][2017-03-18 15:58] 000011264 _____ (Microsoft Corporation) 8818EE0DC3D3F21DBD975B489B8B78CB [File is digitally signed]
 
C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\wow64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_10.0.16299.15_none_ca7163183616bf4c\ctfmon.exe
[2017-09-29 08:42][2017-09-29 08:42] 000009728 _____ (Microsoft Corporation) C0BF9642414909DAFD72F3F2F5DC1A7D [File not signed]
 
C:\$WINDOWS.~BT\NewOS\Windows\WinSxS\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_10.0.16299.15_none_c01cb8c601b5fd51\ctfmon.exe
[2017-09-29 08:42][2017-09-29 08:42] 000010752 _____ (Microsoft Corporation) 0736280C07AC05FBFEBC24D893ACF0D7 [File not signed]
 
C:\$WINDOWS.~BT\NewOS\Windows\SysWOW64\ctfmon.exe
[2017-09-29 08:42][2017-09-29 08:42] 000009728 _____ (Microsoft Corporation) C0BF9642414909DAFD72F3F2F5DC1A7D [File not signed]
 
C:\$WINDOWS.~BT\NewOS\Windows\System32\ctfmon.exe
[2017-09-29 08:42][2017-09-29 08:42] 000010752 _____ (Microsoft Corporation) 0736280C07AC05FBFEBC24D893ACF0D7 [File not signed]
 
 
====== End of Search ======
 
Farbar Recovery Scan Tool (x64) Version: 26-12-2017
Ran by DEMARIUS (28-12-2017 20:31:49)
Running from C:\Users\DEMARIUS\Desktop
Boot Mode: Safe Mode (with Networking)
 
================== Search Registry: "Ctfmon.exe" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}]
"AppName"="ctfmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}]
"AppName"="ctfmon.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
"ctfmon.exe"="0"
 
====== End of Search ======


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:48 AM

Posted 29 December 2017 - 08:47 AM

Question

Are you able to start the computer in the Normal Mode?

===

Sophos Virus Removal Tool

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

#10 neuropocalyptic

neuropocalyptic
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 29 December 2017 - 10:36 AM

I can start up the computer in Normal mode, yes. The problem is that while the system is starting up a bit faster it hangs when i try to run programs. Sometimes it hangs, especially when the screen saver comes up after a few minutes of being idle. The blue, circular loading symbol appears in place of the mouse pointer and it stops working. In other words, It takes really long to process tasks. So far I have had luck in safe mode; I will only be able to run Sophos in safe mode. I will run it now and post the results.


Edited by neuropocalyptic, 29 December 2017 - 10:44 AM.


#11 neuropocalyptic

neuropocalyptic
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 29 December 2017 - 01:15 PM

Sophos has reported that my computer is clean with 0 threats found:

 

2017-12-29 15:42:30.234 Sophos Virus Removal Tool version 2.6.1
2017-12-29 15:42:30.234 Copyright © 2009-2017 Sophos Limited. All rights reserved.
 
2017-12-29 15:42:30.234 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2017-12-29 15:42:30.234 Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2017-12-29 15:42:30.234 Checking for updates...
2017-12-29 15:42:32.060 Update progress: proxy server not available
2017-12-29 15:42:41.521 Downloading updates...
2017-12-29 15:42:41.522 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-12-29 15:42:41.523 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-12-29 15:42:41.523 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-12-29 15:42:41.523 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-12-29 15:42:41.523 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-12-29 15:42:41.523 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-12-29 15:42:41.523 Update progress: [I49502] sdds.data0910.xml: found supplement IDE545 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-12-29 15:42:41.523 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE545 LATEST path=
2017-12-29 15:42:41.523 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE545 LATEST path=
2017-12-29 15:42:41.523 Update progress: [I49502] sdds.data0910.xml: found supplement IDE546 LATEST path= baseVersion= [included from product IDE545 LATEST path=]
2017-12-29 15:42:41.523 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE546 LATEST path=
2017-12-29 15:42:41.523 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE546 LATEST path=
2017-12-29 15:42:41.523 Update progress: [I49502] sdds.data0910.xml: found supplement IDE547 LATEST path= baseVersion= [included from product IDE546 LATEST path=]
2017-12-29 15:42:41.523 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE547 LATEST path=
2017-12-29 15:42:41.523 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE547 LATEST path=
2017-12-29 15:42:41.523 Update progress: [I49502] sdds.data0910.xml: found supplement IDE548 LATEST path= baseVersion= [included from product IDE547 LATEST path=]
2017-12-29 15:42:41.523 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE548 LATEST path=
2017-12-29 15:42:41.523 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE548 LATEST path=
2017-12-29 15:42:41.523 Update progress: [I49502] sdds.data0910.xml: found supplement IDE549 LATEST path= baseVersion= [included from product IDE548 LATEST path=]
2017-12-29 15:42:41.523 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE549 LATEST path=
2017-12-29 15:42:41.523 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE549 LATEST path=
2017-12-29 15:42:41.523 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-12-29 15:42:41.832 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-12-29 15:42:41.832 Update progress: [I19463] Product download size 174235198 bytes
2017-12-29 15:42:43.527 Update progress: [I19463] Syncing product IDE545 LATEST path=
2017-12-29 15:42:43.527 Update progress: [I19463] Product download size 2585002 bytes
2017-12-29 15:42:43.806 Update progress: [I19463] Syncing product IDE546 LATEST path=
2017-12-29 15:42:43.806 Update progress: [I19463] Product download size 3165416 bytes
2017-12-29 15:42:43.990 Update progress: [I19463] Syncing product IDE547 LATEST path=
2017-12-29 15:42:43.990 Update progress: [I19463] Product download size 4521286 bytes
2017-12-29 15:42:44.151 Update progress: [I19463] Syncing product IDE548 LATEST path=
2017-12-29 15:42:44.151 Update progress: [I19463] Product download size 2262921 bytes
2017-12-29 15:42:44.252 Update progress: [I19463] Syncing product IDE549 LATEST path=
2017-12-29 15:42:44.274 Installing updates...
2017-12-29 15:42:44.333 Option all = no
2017-12-29 15:42:44.934 Option recurse = yes
2017-12-29 15:42:44.934 Option archive = no
2017-12-29 15:42:44.934 Option service = yes
2017-12-29 15:42:44.934 Option confirm = yes
2017-12-29 15:42:44.934 Option sxl = yes
2017-12-29 15:42:44.934 Option max-data-age = 35
2017-12-29 15:42:44.934 Option vdl-logging = yes
2017-12-29 15:42:44.934 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-12-29 15:42:44.934 Machine ID: 56c9784d7f744799b8d0fbf32820a6e4
2017-12-29 15:42:44.934 Component SVRTcli.exe version 2.6.1
2017-12-29 15:42:44.934 Component control.dll version 2.6.1
2017-12-29 15:42:44.934 Component SVRTservice.exe version 2.6.1
2017-12-29 15:42:44.934 Component engine\osdp.dll version 1.44.1.2286
2017-12-29 15:42:44.934 Component engine\veex.dll version 3.68.6.2286
2017-12-29 15:42:44.934 Component engine\savi.dll version 9.0.7.2286
2017-12-29 15:42:44.934 Component rkdisk.dll version 1.5.31.1
2017-12-29 15:42:44.935 Version info: Product version 2.6.1
2017-12-29 15:42:44.935 Version info: Detection engine 3.68.6
2017-12-29 15:42:44.935 Version info: Detection data 5.44
2017-12-29 15:42:44.935 Version info: Build date 9/19/2017
2017-12-29 15:42:44.935 Version info: Data files added 611
2017-12-29 15:42:44.935 Version info: Last successful update (not yet updated)
2017-12-29 15:42:44.935 Error level 1
2017-12-29 15:42:47.731 Update successful
2017-12-29 15:43:11.494 Option all = no
2017-12-29 15:43:11.494 Option recurse = yes
2017-12-29 15:43:11.494 Option archive = no
2017-12-29 15:43:11.494 Option service = yes
2017-12-29 15:43:11.494 Option confirm = yes
2017-12-29 15:43:11.494 Option sxl = yes
2017-12-29 15:43:11.495 Option max-data-age = 35
2017-12-29 15:43:11.495 Option vdl-logging = yes
2017-12-29 15:43:11.497 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-12-29 15:43:11.497 Machine ID: 56c9784d7f744799b8d0fbf32820a6e4
2017-12-29 15:43:11.498 Component SVRTcli.exe version 2.6.1
2017-12-29 15:43:11.498 Component control.dll version 2.6.1
2017-12-29 15:43:11.498 Component SVRTservice.exe version 2.6.1
2017-12-29 15:43:11.498 Component engine\osdp.dll version 1.44.1.2286
2017-12-29 15:43:11.498 Component engine\veex.dll version 3.68.6.2286
2017-12-29 15:43:11.498 Component engine\savi.dll version 9.0.7.2286
2017-12-29 15:43:11.498 Component rkdisk.dll version 1.5.31.1
2017-12-29 15:43:11.498 Version info: Product version 2.6.1
2017-12-29 15:43:11.499 Version info: Detection engine 3.68.6
2017-12-29 15:43:11.499 Version info: Detection data 5.44
2017-12-29 15:43:11.499 Version info: Build date 9/19/2017
2017-12-29 15:43:11.499 Version info: Data files added 612
2017-12-29 15:43:11.499 Version info: Last successful update 12/29/2017 10:42:47 AM
 
2017-12-29 15:45:12.280 Couldn't apply option 'SXLLiveProtection' to the detection engine.
2017-12-29 15:45:22.686 Error level 0
 
2017-12-29 15:45:46.077 Scan cancelled by user.
2017-12-29 15:45:46.077
 
------------------------------------------------------------
 
2017-12-29 15:45:56.421 Sophos Virus Removal Tool version 2.6.1
2017-12-29 15:45:56.421 Copyright © 2009-2017 Sophos Limited. All rights reserved.
 
2017-12-29 15:45:56.421 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2017-12-29 15:45:56.421 Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2017-12-29 15:45:56.421 Checking for updates...
2017-12-29 15:45:56.437 Update progress: proxy server not available
2017-12-29 15:45:58.109 Update error: failed to read remote metadata (error 4)
[T46381] ..\SUL\Handle.cpp:98 + SU::Handle::readRemoteMetadata()
[T75884] ..\SUL\Metadata.cpp:144 SU::Metadata::readRemoteMetadata()
[I40394] Downloading customer file from sophos:1:1
[E26245] Error fetching data from http://dci.sophosupd.com/update/1/6c/16c4d85f89f044ddac3c52b38fad4968.dat: WinHttpSendRequest 12007
[I20317] No proxy was used.
[I40394] Downloading customer file from sophos:2:1
[E26245] Error fetching data from http://dci.sophosupd.net/update/1/6c/16c4d85f89f044ddac3c52b38fad4968.dat: WinHttpSendRequest 12007
[I20317] No proxy was used.
[I40394] Downloading customer file from sophos:3:1
[E75373] Ran out of sophos aliases for this update source
[E35369] Out of update sources
[E99999] Out of sources
2017-12-29 15:46:07.874 Option all = no
2017-12-29 15:46:07.874 Option recurse = yes
2017-12-29 15:46:07.874 Option archive = no
2017-12-29 15:46:07.874 Option service = yes
2017-12-29 15:46:07.874 Option confirm = yes
2017-12-29 15:46:07.874 Option sxl = yes
2017-12-29 15:46:07.874 Option max-data-age = 35
2017-12-29 15:46:07.874 Option vdl-logging = yes
2017-12-29 15:46:07.874 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-12-29 15:46:07.874 Machine ID: 56c9784d7f744799b8d0fbf32820a6e4
2017-12-29 15:46:07.874 Component SVRTcli.exe version 2.6.1
2017-12-29 15:46:07.874 Component control.dll version 2.6.1
2017-12-29 15:46:07.874 Component SVRTservice.exe version 2.6.1
2017-12-29 15:46:07.874 Component engine\osdp.dll version 1.44.1.2286
2017-12-29 15:46:07.874 Component engine\veex.dll version 3.68.6.2286
2017-12-29 15:46:07.874 Component engine\savi.dll version 9.0.7.2286
2017-12-29 15:46:07.874 Component rkdisk.dll version 1.5.31.1
2017-12-29 15:46:07.874 Version info: Product version 2.6.1
2017-12-29 15:46:07.874 Version info: Detection engine 3.68.6
2017-12-29 15:46:07.874 Version info: Detection data 5.44
2017-12-29 15:46:07.874 Version info: Build date 9/19/2017
2017-12-29 15:46:07.874 Version info: Data files added 612
2017-12-29 15:46:07.874 Version info: Last successful update 12/29/2017 10:42:47 AM
2017-12-29 15:46:24.187 Error level 1
 
2017-12-29 15:46:24.187 Scan completed.
2017-12-29 15:46:24.187
 
------------------------------------------------------------
 
2017-12-29 15:46:25.796 Sophos Virus Removal Tool version 2.6.1
2017-12-29 15:46:25.796 Copyright © 2009-2017 Sophos Limited. All rights reserved.
 
2017-12-29 15:46:25.796 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2017-12-29 15:46:25.796 Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2017-12-29 15:46:25.796 Checking for updates...
2017-12-29 15:46:25.812 Update progress: proxy server not available
2017-12-29 15:46:27.593 Downloading updates...
2017-12-29 15:46:27.593 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-12-29 15:46:27.593 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-12-29 15:46:27.593 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-12-29 15:46:27.593 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-12-29 15:46:27.593 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-12-29 15:46:27.593 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-12-29 15:46:27.593 Update progress: [I49502] sdds.data0910.xml: found supplement IDE545 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-12-29 15:46:27.593 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE545 LATEST path=
2017-12-29 15:46:27.593 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE545 LATEST path=
2017-12-29 15:46:27.593 Update progress: [I49502] sdds.data0910.xml: found supplement IDE546 LATEST path= baseVersion= [included from product IDE545 LATEST path=]
2017-12-29 15:46:27.593 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE546 LATEST path=
2017-12-29 15:46:27.593 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE546 LATEST path=
2017-12-29 15:46:27.593 Update progress: [I49502] sdds.data0910.xml: found supplement IDE547 LATEST path= baseVersion= [included from product IDE546 LATEST path=]
2017-12-29 15:46:27.593 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE547 LATEST path=
2017-12-29 15:46:27.593 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE547 LATEST path=
2017-12-29 15:46:27.593 Update progress: [I49502] sdds.data0910.xml: found supplement IDE548 LATEST path= baseVersion= [included from product IDE547 LATEST path=]
2017-12-29 15:46:27.593 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE548 LATEST path=
2017-12-29 15:46:27.593 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE548 LATEST path=
2017-12-29 15:46:27.593 Update progress: [I49502] sdds.data0910.xml: found supplement IDE549 LATEST path= baseVersion= [included from product IDE548 LATEST path=]
2017-12-29 15:46:27.593 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE549 LATEST path=
2017-12-29 15:46:27.593 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE549 LATEST path=
2017-12-29 15:46:27.593 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-12-29 15:46:27.640 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-12-29 15:46:27.656 Update progress: [I19463] Syncing product IDE545 LATEST path=
2017-12-29 15:46:27.671 Update progress: [I19463] Syncing product IDE546 LATEST path=
2017-12-29 15:46:27.687 Update progress: [I19463] Syncing product IDE547 LATEST path=
2017-12-29 15:46:27.703 Update progress: [I19463] Syncing product IDE548 LATEST path=
2017-12-29 15:46:27.703 Update progress: [I19463] Syncing product IDE549 LATEST path=
2017-12-29 15:46:27.718 Installing updates...
2017-12-29 15:46:37.125 Option all = no
2017-12-29 15:46:37.750 Option recurse = yes
2017-12-29 15:46:37.750 Option archive = no
2017-12-29 15:46:37.750 Option service = yes
2017-12-29 15:46:37.750 Option confirm = yes
2017-12-29 15:46:37.750 Option sxl = yes
2017-12-29 15:46:37.750 Option max-data-age = 35
2017-12-29 15:46:37.750 Option vdl-logging = yes
2017-12-29 15:46:37.750 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-12-29 15:46:37.750 Machine ID: 56c9784d7f744799b8d0fbf32820a6e4
2017-12-29 15:46:37.750 Component SVRTcli.exe version 2.6.1
2017-12-29 15:46:37.750 Component control.dll version 2.6.1
2017-12-29 15:46:37.750 Component SVRTservice.exe version 2.6.1
2017-12-29 15:46:37.750 Component engine\osdp.dll version 1.44.1.2286
2017-12-29 15:46:37.750 Component engine\veex.dll version 3.68.6.2286
2017-12-29 15:46:37.750 Component engine\savi.dll version 9.0.7.2286
2017-12-29 15:46:37.750 Component rkdisk.dll version 1.5.31.1
2017-12-29 15:46:37.750 Version info: Product version 2.6.1
2017-12-29 15:46:37.750 Version info: Detection engine 3.68.6
2017-12-29 15:46:37.750 Version info: Detection data 5.44
2017-12-29 15:46:37.750 Version info: Build date 9/19/2017
2017-12-29 15:46:37.750 Version info: Data files added 612
2017-12-29 15:46:37.750 Version info: Last successful update 12/29/2017 10:42:47 AM
2017-12-29 15:46:37.750 Error level 1
2017-12-29 15:46:38.062 Update successful
2017-12-29 15:46:49.234 Option all = no
2017-12-29 15:46:49.234 Option recurse = yes
2017-12-29 15:46:49.234 Option archive = no
2017-12-29 15:46:49.234 Option service = yes
2017-12-29 15:46:49.234 Option confirm = yes
2017-12-29 15:46:49.234 Option sxl = yes
2017-12-29 15:46:49.234 Option max-data-age = 35
2017-12-29 15:46:49.234 Option vdl-logging = yes
2017-12-29 15:46:49.234 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-12-29 15:46:49.234 Machine ID: 56c9784d7f744799b8d0fbf32820a6e4
2017-12-29 15:46:49.234 Component SVRTcli.exe version 2.6.1
2017-12-29 15:46:49.234 Component control.dll version 2.6.1
2017-12-29 15:46:49.234 Component SVRTservice.exe version 2.6.1
2017-12-29 15:46:49.234 Component engine\osdp.dll version 1.44.1.2286
2017-12-29 15:46:49.234 Component engine\veex.dll version 3.68.6.2286
2017-12-29 15:46:49.234 Component engine\savi.dll version 9.0.7.2286
2017-12-29 15:46:49.234 Component rkdisk.dll version 1.5.31.1
2017-12-29 15:46:49.234 Version info: Product version 2.6.1
2017-12-29 15:46:49.234 Version info: Detection engine 3.68.6
2017-12-29 15:46:49.234 Version info: Detection data 5.44
2017-12-29 15:46:49.234 Version info: Build date 9/19/2017
2017-12-29 15:46:49.234 Version info: Data files added 612
2017-12-29 15:46:49.234 Version info: Last successful update 12/29/2017 10:46:38 AM
 
2017-12-29 15:46:55.625 Couldn't apply option 'SXLLiveProtection' to the detection engine.
2017-12-29 16:11:24.581 Could not open C:\$WINDOWS.~BT\NewOS\Windows\System32\config\bbimigrate\BBI
2017-12-29 16:35:40.504 Could not open C:\hiberfil.sys
2017-12-29 16:35:45.067 Could not open C:\pagefile.sys
2017-12-29 16:53:57.643 Could not open C:\swapfile.sys
2017-12-29 16:55:46.113 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-12-29 16:55:46.113 Could not open C:\System Volume Information\{7cddf9b5-eb93-11e7-82e5-5065f30c92f7}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-12-29 16:55:46.113 Could not open C:\System Volume Information\{a7557a6a-ebdd-11e7-82e7-a0cec8076384}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-12-29 17:06:42.058 Could not open C:\Windows\System32\config\BBI
2017-12-29 17:06:42.214 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-12-29 17:06:42.246 Could not open C:\Windows\System32\config\RegBack\SAM
2017-12-29 17:06:42.246 Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-12-29 17:06:42.261 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-12-29 17:06:42.261 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-12-29 17:26:04.994 Could not open LOGICAL:0004:00000000
2017-12-29 17:26:04.994 Could not open E:\
2017-12-29 17:26:05.869 Error level 0


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:48 AM

Posted 29 December 2017 - 02:03 PM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

===

#13 neuropocalyptic

neuropocalyptic
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 31 December 2017 - 07:14 PM

My apologies for the late reply. I am getting over a severe flu. I ran the Zoesk program with some positive and negative results. On the one hand, I am no longer getting the ctfmon.exe error at the start of every boot into safe mode. On the other, the PC still hangs in normal mode. It hangs when I try to execute simple tasks like disconnecting and reconnecting to a wireless network, or if I get an alert on the lower right side of the screen which prompts me to follow up with something, I'll click on the alert and the PC will loop and hang. I can't pull up task manager to end any processes when this happens or even execute any other program. I am left with no choice but to force a shut down and restart the PC in safe mode. Despite this, Here are the log results:

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,592 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:48 AM

Posted 01 January 2018 - 07:59 AM



Hi,

Malwarebytes Anti-Rootkit

Please download Anti-Rootkit BETA and save it to your Desktop. <check the version below....
  • Right-click on the icon and select Run as administrator to start the extraction of the program;
  • Click Yes to accept the security warning that may appear;
  • Click OK to extract it to your Desktop (MBAR will be launched shortly after the extraction);
  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next;
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while);
  • Once the scan is done, if threats are found, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;
  • Please copy and paste the entire content of that log in your next reply;
If you have any problems running either one come back and let me know.
===

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or above, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply
===

Please post the logs and let me know if the problems persists.

#15 neuropocalyptic

neuropocalyptic
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 AM

Posted 01 January 2018 - 05:15 PM

-- results

 

No malware found by MBAR. Please see FSS file copied below

 

Farbar Service Scanner Version: 27-01-2016
Ran by DEMARIUS (administrator) on 01-01-2018 at 17:03:06
Running from "C:\Users\DEMARIUS\Desktop"
Microsoft Windows 10 Home  (X64)
Boot Mode: Network
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
 
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users