TechSpot

Virus, please help, thank you so much!! FRST file here

By Bunbun
May 1, 2016
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-05-2016
    Ran by Nancy (administrator) on SILENT-KNIGHT (01-05-2016 20:55:13)
    Running from E:\Desktop
    Loaded Profiles: Nancy (Available Profiles: Nancy & postgres)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Safe Mode (with Networking)
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7640944 2015-04-25] (Realtek Semiconductor)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
    HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-20] (Logitech Inc.)
    HKLM\...\Run: [C:\Windows\system32\V0650Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0650Ext.ax
    HKLM\...\Run: [Sound+] => C:\Program Files\Sound+\Sound+.exe [3486208 2016-02-03] (Sound+)
    HKLM\...\Run: [IDSCCOM30I] => C:\Program Files\Sound+\idsccom_30I.exe [3962880 2016-05-01] ()
    HKLM\...\Run: [WINCOMFKK] => C:\Program Files (x86)\sunnyday\wincom_FKK.exe [3962880 2016-05-01] ()
    HKLM\...\Run: [autoauto] => notepad
    HKLM\...\Run: [cutoauto] => C:\Program Files (x86)\dissertation\zest.exe [41512 2016-05-01] ()
    HKLM\...\Run: [pollen.exeundependable.exe] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
    HKLM\...\Run: [toys] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
    HKLM\...\Run: [interpee] => C:\Program Files (x86)\herc\undependable.exe [9728 2016-05-01] ()
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2015-04-25] (Intel Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Rocket Live! Central 2] => F:\Live! Central\RFLVCentral2.exe [430247 2010-02-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [V0650Mon.exe] => C:\Windows\V0650Mon.exe
    HKLM-x32\...\Run: [C:\Windows\SysWOW64\V0650Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0650Ext.ax
    HKLM-x32\...\Run: [Note-up] => C:\Program Files (x86)\Note-up\note-up.exe [6772736 2015-10-09] (TODO: <Company name>)
    HKLM-x32\...\Run: [comoBoss] => C:\Program Files (x86)\comoBoss\comowin.exe [4048896 2016-04-28] ()
    HKLM-x32\...\Run: [ic-0.1fcc3ebbfe2ffc.exe -start] => C:\Users\Nancy\AppData\Local\Temp\2464222\ic-0.1fcc3ebbfe2ffc.exe [1931264 2016-05-01] () <===== ATTENTION
    HKLM-x32\...\Run: [cpx] => C:\Program Files (x86)\cpx\cpx.exe [641536 2016-03-24] ()
    HKLM-x32\...\Run: [msrtn32] => C:\Program Files (x86)\msrtn32\msrtn32.exe [1141760 2016-04-18] ()
    HKLM-x32\...\Run: [ospd_us_014010315] => C:\Program Files (x86)\ospd_us_014010315\ospd_us_014010315.exe [3970560 2016-05-01] ()
    HKLM-x32\...\Run: [autoauto] => notepad
    HKLM-x32\...\Run: [cutoauto] => C:\Program Files (x86)\dissertation\zest.exe [41512 2016-05-01] ()
    HKLM-x32\...\Run: [toys] => C:\Program Files (x86)\dissertation\gaol.exe [36864 2016-05-01] (windows)
    HKLM-x32\...\Run: [interpee] => C:\Program Files (x86)\herc\undependable.exe [9728 2016-05-01] ()
    HKLM\...\RunOnce: [IDSCPRODUCT] => C:\Program Files\Sound+\idscservice.exe [665600 2016-05-01] (pZ)
    HKLM\...\RunOnce: [OTUTPRODUCT_ZGGM2] => C:\Program Files (x86)\sunnyday\otutnetwork.exe [666624 2016-05-01] (pZ)
    HKLM-x32\...\RunOnce: [upospd_us_014010315.exe] => C:\Users\Nancy\AppData\Local\ospd_us_014010315\upospd_us_014010315.exe [3316224 2016-05-01] ()
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8204056 2015-04-23] (Piriform Ltd)
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Nancy\AppData\Local\Akamai\netsession_win.exe"
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Dropbox Update] => C:\Users\Nancy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Reflector2] => [X]
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Spotify Web Helper] => C:\Users\Nancy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-27] (Spotify Ltd)
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Spotify] => C:\Users\Nancy\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-04-27] (Spotify Ltd)
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Discord] => C:\Users\Nancy\AppData\Local\Discord\app-0.0.288\Discord.exe [53430456 2016-04-22] (Hammer & Chisel, Inc.)
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [6971200 2016-04-28] (Kakao Corp. )
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Caster] => C:\Program Files\Caster\wizzcaster.exe [172032 2016-05-01] (JUASz)
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [WindowsApplication] => C:\Program Files (x86)\SecuriDex\WindowsApplication.exe [22528 2016-01-20] ()
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Buzzing Dhol] => C:\Windows\Buzzing Dhol\Buzzing Dhol\Buzzing Dhol.exe [699392 2016-04-12] ()
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Run: [Buzzing Dhol.exe] => C:\Windows\Buzzing Dhol\Buzzing Dhol\Buzzing Dhol.exe [699392 2016-04-12] ()
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-01-11]
    ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
    Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-14]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok18949711.lnk [2016-05-01]
    Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok18949711tidied.lnk [2016-05-01]
    Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tidied.lnk [2016-05-01]

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Restriction - ProxySettings)
    ProxyEnable: [HKLM] => Proxy is enabled.
    ProxyEnable: [HKLM-x32] => Proxy is enabled.
    ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
    AutoConfigURL: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{6449D0BE-28E6-4DF4-86E1-E8DBDAB81AD7}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{6449D0BE-28E6-4DF4-86E1-E8DBDAB81AD7}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{84671553-780E-457A-9DD1-AC5CE071EDB5}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{84671553-780E-457A-9DD1-AC5CE071EDB5}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{E8CCB68E-BEC6-4D4C-8BA5-713CB8597C08}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{F9DDD216-3185-4A5C-BE80-E17E653E0231}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{F9DDD216-3185-4A5C-BE80-E17E653E0231}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.globasearch.com/?serie=209&b=3&installkey=8GNFbqDn2bhMTndMZwqT
    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.globasearch.com/?serie=209&b=3&installkey=8GNFbqDn2bhMTndMZwqT
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=209&installkey=8GNFbqDn2bhMTndMZwqT&b=3&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=209&installkey=8GNFbqDn2bhMTndMZwqT&b=3&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=209&installkey=8GNFbqDn2bhMTndMZwqT&b=3&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=209&installkey=8GNFbqDn2bhMTndMZwqT&b=3&q={searchTerms}
    BHO: Oewapboable -> {57DA253B-A70A-4093-95E4-9E0AF6B9BFBE} -> C:\Program Files\Oewapboable\Fiqpoog64.dll [2016-05-01] ()
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2016-01-11] (Oracle Corporation)
    BHO: Addon Class -> {79F768ED-0B12-42EF-8257-36751A0ECF3A} -> C:\Program Files\Faster Web\ShoppingOptimizerBHO.dll [2015-04-06] (Shopping Optimization Solutions LTD)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\x64\dca-bho.dll [2016-03-29] (Compete, Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-11] (Oracle Corporation)
    BHO-x32: Oewapboable -> {57DA253B-A70A-4093-95E4-9E0AF6B9BFBE} -> C:\Program Files\Oewapboable\Fiqpoog.dll [2016-05-01] ()
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-11] (Oracle Corporation)
    BHO-x32: Addon Class -> {79F768ED-0B12-42EF-8257-36751A0ECF3A} -> C:\Program Files (x86)\Faster Web\ShoppingOptimizerBHO.dll [2015-04-06] (Shopping Optimization Solutions LTD)
    BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> E:\Downloads\Arc\Plugins\ArcPluginIE.dll [2015-06-11] (Perfect World Entertainment Inc)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Consumer Input DCA BHO -> {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -> C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll [2016-03-29] (Compete, Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-11] (Oracle Corporation)

    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-11] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-11] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
    FF Plugin-x32: @adobe.com/FlashPlayer -> E:\Downloads\Arc\plugins\NPSWF32.dll [2015-05-19] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-03] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-03] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-11] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-11] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-07-04] (Nexon)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-02] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-02] (NVIDIA Corporation)
    FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> E:\Downloads\Arc\Plugins\npArcPluginFF.dll [2015-06-11] (Perfect World Entertainment Inc)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
    FF Plugin HKU\S-1-5-21-1716612969-2344737603-4151003975-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
    FF HKLM-x32\...\Firefox\Extensions: [jid1-xNAj4KGyf5wyhg@jetpack] - C:\Program Files (x86)\Faster Web\faster-web.xpi
    FF Extension: Faster Web - Make Your Browser FAST! - C:\Program Files (x86)\Faster Web\faster-web.xpi [2015-03-25] [not signed]
    FF HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi
    FF Extension: Consumer Input - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12297.xpi [2016-04-22]

    Chrome:
    =======
    CHR HomePage: Profile 1 -> hxxp://www-searching.com/?pid=s&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,&vp=ch&prd=set_ch
    CHR StartupUrls: Profile 1 -> "hxxp://www-searching.com/?pid=s&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,&vp=ch&prd=set_ch"
    CHR DefaultSearchURL: Profile 1 -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,
    CHR DefaultSearchKeyword: Profile 1 -> www-searching.com
    CHR DefaultSuggestURL: Profile 1 -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    CHR Profile: C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-11]
    CHR Extension: (Google Docs) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-11]
    CHR Extension: (Google Drive) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-11]
    CHR Extension: (YouTube) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-11]
    CHR Extension: (Google Search) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-11]
    CHR Extension: (Google Sheets) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-11]
    CHR Extension: (Google Docs Offline) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-11]
    CHR Extension: (Gmail) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-11]
    CHR Profile: C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1
    CHR Extension: (Google Slides) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-12]
    CHR Extension: (BetterTTV) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-02-25]
    CHR Extension: (Google Docs) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-12]
    CHR Extension: (Google Drive) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-12]
    CHR Extension: (YouTube) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-12]
    CHR Extension: (Google Search) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-12]
    CHR Extension: (Google Sheets) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-12]
    CHR Extension: (Google Docs Offline) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
    CHR Extension: (AdBlock) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-15]
    CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2016-04-15]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
    CHR Extension: (Amazon Assistant for Chrome) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-04-13]
    CHR Extension: (Gmail) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-12]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    S2 82BC71A2-A94C-4559-9C9F-E2D36BF7F6F7; C:\Program Files\Oewapboable\Telbepuc.exe [275808 2016-05-01] ()
    S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
    S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    S2 AppVerifier; C:\ProgramData\App-verifier\AppVerifier.exe [38912 2016-04-25] (AppVerifier) [File not signed]
    S3 ArcService; E:\Downloads\Arc\ArcService.exe [88400 2015-06-11] (Perfect World Entertainment Inc)
    S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-04-26] (BitRaider, LLC)
    S2 consumerinput_update; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2016-05-01] (ConsumerInput)
    S3 consumerinput_updatem; C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe [105944 2016-05-01] (ConsumerInput)
    S2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2015-08-06] () [File not signed] <==== ATTENTION
    S2 Fejku; C:\Users\Nancy\AppData\Roaming\Reuopreux\Reuopreux.exe [174944 2016-05-01] ()
    S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
    S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
    S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2015-04-25] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
    S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-03] (Intel Corporation)
    S2 LhfuwForm; C:\Program Files\Oewapboable\LhfuwForm.exe [536928 2016-05-01] ()
    S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)
    S2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-05-01] (DotC United Inc)
    S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
    S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
    S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
    S2 Oewapboable Updater; C:\Program Files\Oewapboable\Puhmi.exe [268128 2016-05-01] ()
    S2 postgresql-x64-9.2; C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe [89600 2013-04-01] (PostgreSQL Global Development Group) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 windowsmanagementservice; C:\Users\Nancy\AppData\Local\Temp\20160502\ct.exe [852992 2016-03-21] (Google Inc.) [File not signed]
    S2 WinDriveSvc; C:\Program Files (x86)\windriveuse\WinDriveSync.exe [140984 2016-03-31] (Slideway Inc.)
    S2 WinDriveSvc2; C:\Program Files (x86)\windriveuse\WinDriveSync_.exe [140984 2016-03-31] (Slideway Inc.)
    S2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
    S2 Wyaqki; "C:\Users\Nancy\AppData\Roaming\MoppoNutko\Gimcabr.exe" -cms [X]
     
  2. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-04-28] (BitRaider)
    R1 bsdpf64; C:\Windows\system32\Drivers\bsdpf64.sys [27456 2016-05-01] ()
    R1 bsdpr64; C:\Windows\system32\Drivers\bsdpr64.sys [26944 2016-05-01] ()
    R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [82240 2016-05-01] (Cherimoya Ltd)
    S3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA)
    R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2015-04-25] (Intel Corporation)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-05-24] (Echobit, LLC)
    R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation)
    S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
    R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
    R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-05-01] (DotC United Inc)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
    S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
    S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation )
    S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1362576 2012-09-14] (Realtek Semiconductor Corporation )
    S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [32792 2015-06-30] (SteelSeries ApS)
    R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [51400 2016-01-28] (SteelSeries ApS)
    S3 V0650Vid; C:\Windows\System32\DRIVERS\V0650Vid.sys [393536 2010-04-01] (Creative Technology Ltd.)
    S3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows (R) Win 7 DDK provider)
    S3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2015-05-09] (Windows (R) Win 7 DDK provider)
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
    S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
    S3 X6va031; \??\C:\Windows\SysWOW64\Drivers\X6va031 [X]
    S3 X6va060; \??\C:\Windows\SysWOW64\Drivers\X6va060 [X]
    S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-05-01 20:55 - 2016-05-01 20:55 - 00000000 ____D C:\FRST
    2016-05-01 20:48 - 2016-05-01 20:48 - 00110582 _____ C:\Windows\ntbtlog.txt
    2016-05-01 20:48 - 2016-05-01 20:48 - 00000000 ____D C:\Windows\LastGood
    2016-05-01 20:45 - 2016-05-01 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
    2016-05-01 20:34 - 2016-05-01 20:45 - 00003810 _____ C:\Windows\System32\Tasks\3409948
    2016-05-01 20:34 - 2016-05-01 20:45 - 00000000 ____D C:\Users\Nancy\AppData\Local\ospd_us_014010315
    2016-05-01 20:34 - 2016-05-01 20:34 - 00900510 _____ C:\Users\Nancy\AppData\Local\setupone.exe
    2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
    2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 ____D C:\Program Files (x86)\scantily
    2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 ____D C:\Program Files (x86)\ospd_us_014010315
    2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 ____D C:\Program Files (x86)\InternetPlus
    2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 ____D C:\Program Files (x86)\herc
    2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 ____D C:\Program Files (x86)\domingo
    2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 ____D C:\Program Files (x86)\dissertation
    2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 ____D C:\Program Files (x86)\disassociation
    2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 ____D C:\a
    2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 _____ C:\Users\Nancy\AppData\Local\tr5b.txt
    2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 _____ C:\Users\Nancy\AppData\Local\stxtname.txt
    2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 _____ C:\Users\Nancy\AppData\Local\run.txt
    2016-05-01 20:34 - 2016-05-01 20:34 - 00000000 _____ C:\Users\Nancy\AppData\Local\aatxtname.txt
    2016-05-01 20:33 - 2016-05-01 20:45 - 00000000 ____D C:\Users\Nancy\AppData\Local\mstrn32
    2016-05-01 20:33 - 2016-05-01 20:45 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-05-01 20:33 - 2016-05-01 20:33 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
    2016-05-01 20:33 - 2016-05-01 20:33 - 00000000 ____D C:\Windows\Buzzing Dhol
    2016-05-01 20:33 - 2016-05-01 20:33 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\wardmain
    2016-05-01 20:33 - 2016-05-01 20:33 - 00000000 ____D C:\Users\Nancy\AppData\Local\cpx
    2016-05-01 20:33 - 2016-05-01 20:33 - 00000000 ____D C:\Program Files (x86)\regtool
    2016-05-01 20:33 - 2016-05-01 20:33 - 00000000 ____D C:\Program Files (x86)\msrtn32
    2016-05-01 20:33 - 2016-05-01 20:33 - 00000000 ____D C:\Program Files (x86)\dataup
    2016-05-01 20:33 - 2016-05-01 20:33 - 00000000 ____D C:\Program Files (x86)\cpx
    2016-05-01 20:32 - 2016-05-01 20:32 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\c
    2016-05-01 20:32 - 2016-05-01 20:32 - 00000000 ____D C:\ProgramData\1462149135
    2016-05-01 20:32 - 2016-05-01 20:32 - 00000000 ____D C:\Program Files (x86)\S5
    2016-05-01 20:31 - 2016-05-01 20:32 - 00000000 ____D C:\Program Files (x86)\windriveuse
    2016-05-01 20:31 - 2016-05-01 20:31 - 00000000 ____D C:\Program Files\Faster Web
    2016-05-01 20:31 - 2016-05-01 20:31 - 00000000 ____D C:\Program Files (x86)\Faster Web
    2016-05-01 20:29 - 2016-05-01 20:29 - 00041512 _____ C:\Windows\responsiveness.exe
    2016-05-01 20:29 - 2016-05-01 20:29 - 00036864 _____ C:\Windows\imperceptibly.exe
    2016-05-01 20:29 - 2016-05-01 20:29 - 00008704 _____ C:\Windows\mongolians.exe
    2016-05-01 20:29 - 2016-05-01 20:29 - 00008192 _____ C:\Windows\cicada.exe
    2016-05-01 20:29 - 2016-05-01 20:29 - 00006656 _____ C:\Windows\dll.dll
    2016-05-01 20:29 - 2016-05-01 20:29 - 00000190 _____ C:\appverifier.txt
    2016-05-01 20:28 - 2016-05-01 20:28 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow0061C778
    2016-05-01 20:28 - 2016-05-01 20:28 - 00000000 ____D C:\Users\Nancy\AppData\Local\tuto_monetize_120160501
    2016-05-01 20:27 - 2016-05-01 20:33 - 00000000 ____D C:\Program Files (x86)\SecuriDex
    2016-05-01 20:27 - 2016-05-01 20:27 - 06494208 _____ C:\Users\Nancy\AppData\Roaming\agent.dat
    2016-05-01 20:27 - 2016-05-01 20:27 - 01626777 _____ C:\Users\Nancy\AppData\Roaming\StrongQvoeco.tst
    2016-05-01 20:27 - 2016-05-01 20:27 - 00934400 _____ C:\Users\Nancy\AppData\Roaming\StrongQvoeco.exe
    2016-05-01 20:27 - 2016-05-01 20:27 - 00934400 _____ C:\Users\Nancy\AppData\Roaming\Blackfax.exe
    2016-05-01 20:27 - 2016-05-01 20:27 - 00848437 _____ C:\Users\Nancy\AppData\Roaming\Kontough.bin
    2016-05-01 20:27 - 2016-05-01 20:27 - 00356864 _____ C:\ProgramData\smp2.exe
    2016-05-01 20:27 - 2016-05-01 20:27 - 00126464 _____ C:\Users\Nancy\AppData\Roaming\noah.dat
    2016-05-01 20:27 - 2016-05-01 20:27 - 00126464 _____ C:\Users\Nancy\AppData\Roaming\lobby.dat
    2016-05-01 20:27 - 2016-05-01 20:27 - 00072717 _____ C:\Users\Nancy\AppData\Roaming\Blackfax.tst
    2016-05-01 20:27 - 2016-05-01 20:27 - 00065568 _____ C:\Users\Nancy\AppData\Roaming\Config.xml
    2016-05-01 20:27 - 2016-05-01 20:27 - 00054272 _____ C:\Users\Nancy\AppData\Roaming\ApplicationHosting.dat
    2016-05-01 20:27 - 2016-05-01 20:27 - 00018432 _____ C:\Users\Nancy\AppData\Roaming\Main.dat
    2016-05-01 20:27 - 2016-05-01 20:27 - 00005568 _____ C:\Users\Nancy\AppData\Roaming\md.xml
    2016-05-01 20:27 - 2016-05-01 20:27 - 00000000 ____H C:\Windows\system32\BIT589F.tmp
    2016-05-01 20:27 - 2016-05-01 20:27 - 00000000 ____D C:\Windows\system32\iup
    2016-05-01 20:27 - 2016-05-01 20:27 - 00000000 ____D C:\Users\Nancy\AppData\Local\csdi_monetize_220160428
    2016-05-01 20:27 - 2016-05-01 20:27 - 00000000 ____D C:\Program Files\Caster
    2016-05-01 20:27 - 2016-05-01 20:27 - 00000000 ____D C:\Program Files (x86)\sunnyday
    2016-05-01 20:27 - 2016-05-01 20:27 - 00000000 ____D C:\Program Files (x86)\comoBoss
    2016-05-01 20:26 - 2016-05-01 20:27 - 00000000 ____D C:\Program Files\Sound+
    2016-05-01 20:26 - 2016-05-01 20:26 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sound+ 1.0
    2016-05-01 20:26 - 2016-05-01 20:26 - 00000000 ____D C:\Users\Nancy\AppData\Local\csdi_monetize_120160501
    2016-05-01 20:25 - 2016-05-01 20:34 - 00000458 _____ C:\Windows\Tasks\CIMT_S-1-5-21-1716612969-2344737603-4151003975-1000.job
    2016-05-01 20:25 - 2016-05-01 20:30 - 00000492 _____ C:\Windows\Tasks\CIMT_daily_S-1-5-21-1716612969-2344737603-4151003975-1000.job
    2016-05-01 20:25 - 2016-05-01 20:27 - 00127488 _____ C:\Users\Nancy\AppData\Roaming\Installer.dat
    2016-05-01 20:25 - 2016-05-01 20:27 - 00016992 _____ C:\Users\Nancy\AppData\Roaming\InstallationConfiguration.xml
    2016-05-01 20:25 - 2016-05-01 20:25 - 00027456 _____ C:\Windows\system32\Drivers\bsdpf64.sys
    2016-05-01 20:25 - 2016-05-01 20:25 - 00026944 _____ C:\Windows\system32\Drivers\bsdpr64.sys
    2016-05-01 20:25 - 2016-05-01 20:25 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Reuopreux
    2016-05-01 20:25 - 2016-05-01 20:25 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow\Company
    2016-05-01 20:25 - 2016-05-01 20:25 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2016-05-01 20:25 - 2016-05-01 20:25 - 00000000 ____D C:\Users\Nancy\AppData\Local\Tempfolder
    2016-05-01 20:25 - 2016-05-01 20:25 - 00000000 ____D C:\Users\Nancy\AppData\Local\Shortcut Installer
    2016-05-01 20:25 - 2016-05-01 20:25 - 00000000 ____D C:\uninst
    2016-05-01 20:25 - 2016-05-01 20:25 - 00000000 ____D C:\Program Files\OewapboableUn
    2016-05-01 20:25 - 2016-05-01 20:25 - 00000000 ____D C:\Program Files\Oewapboable
    2016-05-01 20:24 - 2016-05-01 20:45 - 00000964 _____ C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job
    2016-05-01 20:24 - 2016-05-01 20:29 - 00000968 _____ C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job
    2016-05-01 20:24 - 2016-05-01 20:25 - 00000000 ____D C:\Program Files (x86)\Consumer Input
    2016-05-01 20:24 - 2016-05-01 20:24 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Note-UP
    2016-05-01 20:24 - 2016-05-01 20:24 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\efo
    2016-05-01 20:24 - 2016-05-01 20:24 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Advancedpccare.net
    2016-05-01 20:24 - 2016-05-01 20:24 - 00000000 ____D C:\Users\Nancy\AppData\Local\Consumer Input
    2016-05-01 20:24 - 2016-05-01 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC-Care
    2016-05-01 20:24 - 2016-05-01 20:24 - 00000000 ____D C:\ProgramData\App-verifier
    2016-05-01 20:24 - 2016-05-01 20:24 - 00000000 ____D C:\ProgramData\advancedpccare.net
    2016-05-01 20:24 - 2016-05-01 20:24 - 00000000 ____D C:\Program Files\Advanced PC-Care
    2016-05-01 20:24 - 2016-05-01 20:24 - 00000000 ____D C:\Program Files (x86)\Setup Support for Consumer Input DH
    2016-05-01 20:24 - 2016-05-01 20:24 - 00000000 ____D C:\Program Files (x86)\Note-up
    2016-05-01 20:23 - 2016-05-01 20:23 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\NUIns
    2016-05-01 20:23 - 2016-05-01 20:23 - 00000000 ____D C:\Program Files (x86)\5CE2A480-1462148628-11DD-92D9-086266457D78
    2016-05-01 20:22 - 2016-05-01 20:22 - 02633341 _____ C:\Windows\chromebrowser.exe
    2016-05-01 19:16 - 2016-05-01 20:25 - 00082240 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
    2016-04-30 22:19 - 2016-04-30 22:19 - 00000000 ____D C:\Windows\System32\Tasks\Apple
    2016-04-30 22:19 - 2016-04-30 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2016-04-30 22:19 - 2016-04-30 22:19 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2016-04-30 22:19 - 2016-04-30 22:19 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2016-04-28 17:02 - 2016-04-28 17:02 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\RocketFish
    2016-04-28 17:02 - 2016-04-28 17:02 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Creative
    2016-04-28 17:02 - 2016-04-28 17:02 - 00000000 ____D C:\ProgramData\Creative
    2016-04-28 16:59 - 2016-04-28 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rocketfish
    2016-04-28 16:59 - 2016-04-28 16:59 - 00000000 ____D C:\Program Files (x86)\Creative
    2016-04-28 16:59 - 2010-03-26 13:37 - 00173056 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CtClsFlt.sys
    2016-04-28 16:59 - 2009-05-28 10:49 - 00224768 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\CtAudDrv.sys
    2016-04-28 16:59 - 2006-09-19 13:56 - 00057656 ____N C:\Windows\system32\Drivers\FilterPC.bmp
    2016-04-28 16:58 - 2010-07-21 09:01 - 00045056 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\V0650Pin.dll
    2016-04-28 16:58 - 2010-07-21 09:01 - 00044544 _____ (Creative Technology Ltd.) C:\Windows\system32\V0650Pin.dll
    2016-04-28 16:58 - 2010-07-21 09:01 - 00028672 _____ (Creative Technology Ltd.) C:\Windows\V0650Mon.exe
    2016-04-28 16:58 - 2010-06-28 15:50 - 00268800 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\V0650Afx.sys
    2016-04-28 16:58 - 2010-04-01 09:00 - 00393536 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\V0650Vid.sys
    2016-04-28 16:58 - 2010-03-26 09:00 - 00069632 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\V0650Ext.crl
    2016-04-28 16:58 - 2010-03-26 09:00 - 00058880 _____ (Creative Technology Ltd.) C:\Windows\system32\V0650Ext.crl
    2016-04-28 16:58 - 2010-03-22 14:19 - 00045056 _____ (Creative Technology Ltd) C:\Windows\SysWOW64\V0650AF.dll
    2016-04-28 16:58 - 2010-03-22 14:19 - 00045056 _____ (Creative Technology Ltd) C:\Windows\system32\V0650AF.dll
    2016-04-28 16:58 - 2010-03-12 20:00 - 00004195 _____ C:\Windows\VF0650.uns
    2016-04-28 16:58 - 2010-02-26 10:00 - 00134656 _____ (Creative Technology Ltd.) C:\Windows\system32\V0650Ext.ax
    2016-04-28 16:58 - 2010-02-26 10:00 - 00114688 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\V0650Ext.ax
    2016-04-28 16:58 - 2010-02-11 10:00 - 00032768 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\V0650Hwx.dll
    2016-04-28 16:58 - 2010-02-11 10:00 - 00023040 _____ (Creative Technology Ltd.) C:\Windows\system32\V0650Hwx.dll
    2016-04-28 16:58 - 2009-09-25 15:27 - 00108032 _____ (Creative Technology Ltd.) C:\Windows\CtDrvIns.exe
    2016-04-28 16:58 - 2009-09-03 16:47 - 00285696 _____ (Creative Technology Ltd.) C:\Windows\system32\CTAFX64.dll
    2016-04-28 16:58 - 2009-06-26 13:40 - 00036864 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\CtCamMgr.dll
    2016-04-28 16:58 - 2009-06-26 13:40 - 00029184 _____ (Creative Technology Ltd.) C:\Windows\system32\CtCamMgr.dll
    2016-04-28 16:58 - 2007-08-23 19:46 - 00020480 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\CtCamPin.crl
    2016-04-28 16:58 - 2007-08-23 19:46 - 00010752 _____ (Creative Technology Ltd.) C:\Windows\system32\CtCamPin.crl
    2016-04-28 16:58 - 2006-09-19 13:56 - 00057656 _____ C:\Windows\system32\Drivers\V0650PC.bmp
    2016-04-28 00:15 - 2016-04-28 01:05 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Audacity
    2016-04-28 00:15 - 2016-04-28 00:15 - 00001023 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
    2016-04-28 00:15 - 2016-04-28 00:15 - 00000000 ____D C:\Users\Nancy\AppData\Local\Audacity
    2016-04-28 00:15 - 2016-04-28 00:15 - 00000000 ____D C:\Program Files (x86)\Audacity
    2016-04-27 23:10 - 2016-04-27 23:10 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
    2016-04-27 23:10 - 2016-04-27 23:10 - 00000000 ____D C:\Program Files\Blackmagic Design
    2016-04-27 23:09 - 2016-05-01 20:45 - 00000000 ____D C:\Users\postgres
    2016-04-27 23:09 - 2016-04-27 23:09 - 00000020 ___SH C:\Users\postgres\ntuser.ini
    2016-04-27 23:09 - 2016-04-27 23:09 - 00000000 _SHDL C:\Users\postgres\My Documents
    2016-04-27 23:09 - 2016-03-15 21:50 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Macromedia
    2016-04-27 23:09 - 2011-04-12 04:28 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Media Center Programs
    2016-04-27 23:08 - 2016-04-27 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.2
    2016-04-27 23:08 - 2016-04-27 23:08 - 00000000 ____D C:\Program Files\PostgreSQL
    2016-04-27 23:07 - 2016-04-27 23:07 - 00000000 ___HD C:\temp
    2016-04-27 22:49 - 2016-04-27 22:51 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\HandBrake
    2016-04-27 22:49 - 2016-04-27 22:49 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\HandBrake Team
    2016-04-27 22:31 - 2016-04-27 22:31 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
    2016-04-27 22:31 - 2016-04-27 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
    2016-04-27 22:31 - 2016-04-27 22:31 - 00000000 ____D C:\Program Files\Handbrake
    2016-04-19 22:15 - 2016-04-19 22:15 - 00005120 _____ C:\Users\Nancy\AppData\Local\ddnow.exe
    2016-04-19 22:14 - 2016-04-19 22:14 - 00005632 _____ C:\Users\Nancy\AppData\Local\ddnow4.exe
    2016-04-16 19:07 - 2016-04-16 19:07 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow\Dodge Roll
    2016-04-15 13:21 - 2016-04-15 13:21 - 00000000 ____D C:\ProgramData\Blackmagic Design
    2016-04-15 13:20 - 2016-04-15 13:20 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow\Apple Computer
    2016-04-14 23:55 - 2016-04-14 23:55 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-04-12 19:38 - 2016-04-12 19:38 - 00006144 _____ C:\Users\Nancy\AppData\Local\cap.exe
    2016-04-12 19:37 - 2016-04-12 19:37 - 00006144 _____ C:\Users\Nancy\AppData\Local\cap4.exe
    2016-04-12 18:52 - 2016-04-04 14:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-04-12 18:52 - 2016-04-04 14:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-04-12 18:52 - 2016-04-02 09:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-04-12 18:52 - 2016-03-31 15:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-04-12 18:52 - 2016-03-31 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-04-12 18:52 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-04-12 18:52 - 2016-03-30 20:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-04-12 18:52 - 2016-03-30 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2016-04-12 18:52 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-04-12 18:52 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-04-12 18:52 - 2016-03-30 20:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2016-04-12 18:52 - 2016-03-30 20:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-04-12 18:52 - 2016-03-30 20:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2016-04-12 18:52 - 2016-03-30 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2016-04-12 18:52 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-04-12 18:52 - 2016-03-30 20:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-04-12 18:52 - 2016-03-30 20:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2016-04-12 18:52 - 2016-03-30 20:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-04-12 18:52 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-04-12 18:52 - 2016-03-30 20:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2016-04-12 18:52 - 2016-03-30 20:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-04-12 18:52 - 2016-03-30 20:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2016-04-12 18:52 - 2016-03-30 20:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2016-04-12 18:52 - 2016-03-30 20:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-04-12 18:52 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-04-12 18:52 - 2016-03-30 20:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-04-12 18:52 - 2016-03-30 20:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2016-04-12 18:52 - 2016-03-30 19:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2016-04-12 18:52 - 2016-03-30 19:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2016-04-12 18:52 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-04-12 18:52 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-04-12 18:52 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-04-12 18:52 - 2016-03-30 19:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2016-04-12 18:52 - 2016-03-30 19:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-04-12 18:52 - 2016-03-30 19:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-04-12 18:52 - 2016-03-30 19:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-04-12 18:52 - 2016-03-30 19:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-04-12 18:52 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-04-12 18:52 - 2016-03-30 19:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-04-12 18:52 - 2016-03-30 19:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-04-12 18:52 - 2016-03-30 19:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-04-12 18:52 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-04-12 18:52 - 2016-03-30 19:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-04-12 18:52 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-04-12 18:52 - 2016-03-30 19:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-04-12 18:52 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-04-12 18:52 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-04-12 18:52 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-04-12 18:52 - 2016-03-30 19:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2016-04-12 18:52 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-04-12 18:52 - 2016-03-30 19:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-04-12 18:52 - 2016-03-30 19:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-04-12 18:52 - 2016-03-30 19:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-04-12 18:52 - 2016-03-30 19:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-04-12 18:52 - 2016-03-30 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-04-12 18:52 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-04-12 18:52 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-04-12 18:52 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-04-12 18:52 - 2016-03-30 19:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-04-12 18:52 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-04-12 18:52 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-04-12 18:52 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-04-12 18:52 - 2016-03-30 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-04-12 18:52 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-04-12 18:52 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-04-12 18:52 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-04-12 18:52 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-04-12 18:52 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-04-12 18:52 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-04-12 18:52 - 2016-03-29 13:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-04-12 18:52 - 2016-03-23 10:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2016-04-12 18:52 - 2016-03-17 19:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-04-12 18:52 - 2016-03-17 19:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2016-04-12 18:52 - 2016-03-17 19:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-04-12 18:52 - 2016-03-17 19:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-04-12 18:52 - 2016-03-17 19:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-04-12 18:52 - 2016-03-17 19:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-04-12 18:52 - 2016-03-17 18:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-04-12 18:52 - 2016-03-17 18:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2016-04-12 18:52 - 2016-03-17 18:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2016-04-12 18:52 - 2016-03-17 18:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2016-04-12 18:52 - 2016-03-17 18:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-04-12 18:52 - 2016-03-17 18:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-04-12 18:52 - 2016-03-17 18:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-04-12 18:52 - 2016-03-17 18:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-04-12 18:52 - 2016-03-17 18:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-04-12 18:52 - 2016-03-17 18:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2016-04-12 18:52 - 2016-03-17 18:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-04-12 18:52 - 2016-03-17 18:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-04-12 18:52 - 2016-03-17 18:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-04-12 18:52 - 2016-03-17 18:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2016-04-12 18:52 - 2016-03-17 18:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-04-12 18:52 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2016-04-12 18:52 - 2016-03-17 18:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2016-04-12 18:52 - 2016-03-17 18:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-04-12 18:52 - 2016-03-17 18:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-04-12 18:52 - 2016-03-17 18:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-04-12 18:52 - 2016-03-17 18:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-04-12 18:52 - 2016-03-17 18:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-04-12 18:52 - 2016-03-17 18:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2016-04-12 18:52 - 2016-03-17 18:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-04-12 18:52 - 2016-03-17 18:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
     
  3. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2016-04-12 18:52 - 2016-03-17 18:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2016-04-12 18:52 - 2016-03-17 18:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-04-12 18:52 - 2016-03-17 18:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2016-04-12 18:52 - 2016-03-17 18:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-04-12 18:52 - 2016-03-17 18:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-04-12 18:52 - 2016-03-17 18:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-04-12 18:52 - 2016-03-17 18:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2016-04-12 18:52 - 2016-03-17 18:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-04-12 18:52 - 2016-03-17 18:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-04-12 18:52 - 2016-03-17 18:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-04-12 18:52 - 2016-03-17 18:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-04-12 18:52 - 2016-03-17 18:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-04-12 18:52 - 2016-03-17 18:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-04-12 18:52 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2016-04-12 18:52 - 2016-03-17 18:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-04-12 18:52 - 2016-03-17 18:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-04-12 18:52 - 2016-03-17 18:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-04-12 18:52 - 2016-03-17 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-04-12 18:52 - 2016-03-17 18:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-04-12 18:52 - 2016-03-17 18:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 17:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2016-04-12 18:52 - 2016-03-17 17:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2016-04-12 18:52 - 2016-03-17 17:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2016-04-12 18:52 - 2016-03-17 17:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-04-12 18:52 - 2016-03-17 17:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2016-04-12 18:52 - 2016-03-17 17:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-04-12 18:52 - 2016-03-17 17:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-04-12 18:52 - 2016-03-17 17:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-04-12 18:52 - 2016-03-17 17:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-04-12 18:52 - 2016-03-17 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-04-12 18:52 - 2016-03-17 17:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-04-12 18:52 - 2016-03-17 17:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-04-12 18:52 - 2016-03-17 17:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2016-04-12 18:52 - 2016-03-17 17:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2016-04-12 18:52 - 2016-03-17 17:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2016-04-12 18:52 - 2016-03-17 17:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2016-04-12 18:52 - 2016-03-17 17:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-04-12 18:52 - 2016-03-17 17:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 17:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 17:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 17:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-04-12 18:52 - 2016-03-17 14:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-04-12 18:52 - 2016-03-17 14:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-04-12 18:52 - 2016-03-17 14:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-04-12 18:52 - 2016-03-17 14:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-04-12 18:52 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
    2016-04-12 18:52 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
    2016-04-12 18:52 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
    2016-04-12 18:52 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
    2016-04-12 18:52 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
    2016-04-12 18:52 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
    2016-04-12 18:52 - 2016-03-11 14:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-04-12 18:52 - 2016-03-11 14:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2016-04-12 18:52 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2016-04-12 18:52 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2016-04-12 18:52 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2016-04-12 18:52 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2016-04-12 18:52 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
    2016-04-12 18:52 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
    2016-04-12 18:52 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
    2016-04-12 18:52 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2016-04-12 18:52 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
    2016-04-12 18:52 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
    2016-04-10 19:34 - 2016-04-10 19:34 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow\CampoSanto
    2016-04-06 21:35 - 2016-04-06 21:35 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\KakaoTalk.lnk
    2016-04-06 21:35 - 2016-04-06 21:35 - 00000000 ____D C:\Users\Nancy\AppData\Local\Kakao
    2016-04-06 21:35 - 2016-04-06 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KakaoTalk
    2016-04-06 21:35 - 2016-04-06 21:35 - 00000000 ____D C:\Program Files (x86)\Kakao
    2016-04-05 08:26 - 2016-04-05 08:26 - 00007680 _____ C:\Users\Nancy\AppData\Local\tinstall.exe
    2016-04-05 08:25 - 2016-04-05 08:25 - 00007680 _____ C:\Users\Nancy\AppData\Local\tinstall4.exe
    2016-04-04 17:39 - 2016-04-04 17:39 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\CELSYS_EN
    2016-04-04 17:39 - 2016-04-04 17:39 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\CELSYS
    2016-04-04 17:35 - 2016-04-04 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CLIP STUDIO
    2016-04-04 17:35 - 2016-04-04 17:35 - 00000000 ____D C:\ProgramData\CELSYS_EN
    2016-04-04 17:35 - 2016-04-04 17:35 - 00000000 ____D C:\Program Files\CELSYS
    2016-04-04 13:02 - 2016-04-04 13:02 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Smith Micro
    2016-04-04 13:02 - 2016-04-04 13:02 - 00000000 ____D C:\ProgramData\FEA3F5DE-0F10-454D-B6C0-55E35B170A9D
    2016-04-04 13:02 - 2016-04-04 13:02 - 00000000 ____D C:\ProgramData\69B6DBD2-8E05-476F-B662-CF8D235FD499
    2016-04-04 13:01 - 2016-04-04 13:01 - 00000000 ____D C:\ProgramData\Smith Micro

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-05-01 20:52 - 2009-07-14 01:13 - 00783646 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-05-01 20:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
    2016-05-01 20:45 - 2016-01-30 21:43 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\discord
    2016-05-01 20:45 - 2016-01-30 17:08 - 00000000 ____D C:\Users\Nancy\AppData\Local\Spotify
    2016-05-01 20:45 - 2016-01-30 17:07 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Spotify
    2016-05-01 20:45 - 2015-12-13 14:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-05-01 20:45 - 2015-04-26 15:53 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Skype
    2016-05-01 20:45 - 2015-04-25 22:24 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-05-01 20:45 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-05-01 20:32 - 2016-03-15 21:14 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\uTorrent
    2016-05-01 20:30 - 2016-03-15 21:15 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow\uTorrent
    2016-05-01 20:28 - 2009-07-14 00:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-05-01 20:28 - 2009-07-14 00:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-05-01 20:27 - 2015-04-26 18:14 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-05-01 20:25 - 2015-04-26 16:12 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Adobe
    2016-05-01 20:05 - 2015-12-13 14:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-05-01 19:52 - 2015-05-04 21:47 - 00000000 ____D C:\Users\Nancy\AppData\Local\Adobe
    2016-05-01 01:35 - 2015-06-16 12:17 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000Core.job
    2016-05-01 01:28 - 2015-06-16 12:17 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000UA.job
    2016-04-30 23:04 - 2015-05-09 21:38 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\OBS
    2016-04-30 22:19 - 2015-11-11 20:14 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2016-04-30 22:08 - 2015-04-26 16:00 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Mumble
    2016-04-28 18:54 - 2015-04-26 19:00 - 00000000 ____D C:\Users\Nancy\AppData\Local\osu!
    2016-04-28 17:26 - 2015-05-24 13:44 - 00000000 ____D C:\Users\Nancy\AppData\Local\CrashDumps
    2016-04-28 16:59 - 2015-04-25 21:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-04-28 16:52 - 2015-04-25 20:48 - 00000000 ____D C:\Users\Nancy
    2016-04-28 14:51 - 2015-05-04 21:50 - 00000000 ____D C:\ProgramData\Adobe
    2016-04-28 14:41 - 2016-01-30 16:04 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-04-28 14:41 - 2015-04-26 15:53 - 00000000 ____D C:\ProgramData\Skype
    2016-04-27 23:07 - 2015-05-04 21:49 - 00000000 ____D C:\Program Files (x86)\Adobe
    2016-04-27 22:45 - 2015-05-04 22:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2016-04-27 22:00 - 2015-10-17 16:51 - 00000000 ____D C:\Users\Nancy\AppData\Local\TERA
    2016-04-22 17:57 - 2016-03-09 22:59 - 00000000 ____D C:\Users\Nancy\AppData\Local\Discord
    2016-04-22 17:57 - 2016-01-30 21:43 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
    2016-04-22 17:57 - 2015-05-20 12:13 - 00000000 ____D C:\Users\Nancy\AppData\Local\SquirrelTemp
    2016-04-21 15:05 - 2010-11-20 23:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2016-04-16 16:00 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2016-04-15 13:13 - 2015-04-26 20:24 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2016-04-15 13:10 - 2016-03-13 13:41 - 00000000 ____D C:\Users\Nancy\AppData\Local\Windows Live
    2016-04-14 23:55 - 2015-04-26 15:54 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Dropbox
    2016-04-13 12:53 - 2016-03-15 18:51 - 00000000 ____D C:\Windows\system32\appraiser
    2016-04-13 12:53 - 2009-07-14 00:45 - 04953336 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-04-13 01:34 - 2015-04-26 15:55 - 00000000 ____D C:\Windows\system32\MRT
    2016-04-13 01:31 - 2015-04-26 15:55 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-04-11 19:07 - 2015-12-13 14:54 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-04-03 19:22 - 2016-03-20 19:18 - 00000000 ____D C:\Users\Nancy\AppData\Local\UNDERTALE
    2016-04-02 11:24 - 2015-04-26 15:57 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

    ==================== Files in the root of some directories =======

    2016-02-05 13:23 - 2016-03-10 23:44 - 0000033 _____ () C:\Users\Nancy\AppData\Roaming\AdobeWLCMCache.dat
    2016-05-01 20:27 - 2016-05-01 20:27 - 6494208 _____ () C:\Users\Nancy\AppData\Roaming\agent.dat
    2016-05-01 20:27 - 2016-05-01 20:27 - 0054272 _____ () C:\Users\Nancy\AppData\Roaming\ApplicationHosting.dat
    2016-05-01 20:27 - 2016-05-01 20:27 - 0934400 _____ () C:\Users\Nancy\AppData\Roaming\Blackfax.exe
    2016-05-01 20:27 - 2016-05-01 20:27 - 0072717 _____ () C:\Users\Nancy\AppData\Roaming\Blackfax.tst
    2016-05-01 20:27 - 2016-05-01 20:27 - 0065568 _____ () C:\Users\Nancy\AppData\Roaming\Config.xml
    2016-05-01 20:25 - 2016-05-01 20:27 - 0016992 _____ () C:\Users\Nancy\AppData\Roaming\InstallationConfiguration.xml
    2016-05-01 20:25 - 2016-05-01 20:27 - 0127488 _____ () C:\Users\Nancy\AppData\Roaming\Installer.dat
    2016-05-01 20:27 - 2016-05-01 20:27 - 0848437 _____ () C:\Users\Nancy\AppData\Roaming\Kontough.bin
    2016-05-01 20:27 - 2016-05-01 20:27 - 0126464 _____ () C:\Users\Nancy\AppData\Roaming\lobby.dat
    2016-05-01 20:27 - 2016-05-01 20:27 - 0018432 _____ () C:\Users\Nancy\AppData\Roaming\Main.dat
    2016-05-01 20:27 - 2016-05-01 20:27 - 0005568 _____ () C:\Users\Nancy\AppData\Roaming\md.xml
    2016-05-01 20:27 - 2016-05-01 20:27 - 0126464 _____ () C:\Users\Nancy\AppData\Roaming\noah.dat
    2016-05-01 20:27 - 2016-05-01 20:27 - 0934400 _____ () C:\Users\Nancy\AppData\Roaming\StrongQvoeco.exe
    2016-05-01 20:27 - 2016-05-01 20:27 - 1626777 _____ () C:\Users\Nancy\AppData\Roaming\StrongQvoeco.tst
    2015-05-10 16:06 - 2015-05-24 22:48 - 0030598 _____ () C:\Users\Nancy\AppData\Roaming\VoiceMeeterDefault.xml
    2016-05-01 20:34 - 2016-05-01 20:34 - 0000000 _____ () C:\Users\Nancy\AppData\Local\aatxtname.txt
    2016-04-12 19:38 - 2016-04-12 19:38 - 0006144 _____ () C:\Users\Nancy\AppData\Local\cap.exe
    2016-04-12 19:37 - 2016-04-12 19:37 - 0006144 _____ () C:\Users\Nancy\AppData\Local\cap4.exe
    2016-04-19 22:15 - 2016-04-19 22:15 - 0005120 _____ () C:\Users\Nancy\AppData\Local\ddnow.exe
    2016-04-19 22:14 - 2016-04-19 22:14 - 0005632 _____ () C:\Users\Nancy\AppData\Local\ddnow4.exe
    2016-03-18 01:00 - 2016-03-18 01:00 - 0000000 _____ () C:\Users\Nancy\AppData\Local\ok223.txt
    2016-05-01 20:34 - 2016-05-01 20:34 - 0000000 _____ () C:\Users\Nancy\AppData\Local\run.txt
    2016-05-01 20:34 - 2016-05-01 20:34 - 0900510 _____ () C:\Users\Nancy\AppData\Local\setupone.exe
    2016-05-01 20:34 - 2016-05-01 20:34 - 0000000 _____ () C:\Users\Nancy\AppData\Local\stxtname.txt
    2016-04-05 08:26 - 2016-04-05 08:26 - 0007680 _____ () C:\Users\Nancy\AppData\Local\tinstall.exe
    2016-04-05 08:25 - 2016-04-05 08:25 - 0007680 _____ () C:\Users\Nancy\AppData\Local\tinstall4.exe
    2016-05-01 20:34 - 2016-05-01 20:34 - 0000000 _____ () C:\Users\Nancy\AppData\Local\tr5b.txt
    2015-04-25 21:23 - 2015-04-25 21:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2016-05-01 20:27 - 2016-05-01 20:27 - 0356864 _____ () C:\ProgramData\smp2.exe

    Files to move or delete:
    ====================
    C:\Users\Nancy\AppData\Local\Temp\2464222\ic-0.1fcc3ebbfe2ffc.exe
    C:\ProgramData\smp2.exe
    C:\Users\Nancy\avcodec-53.dll
    C:\Users\Nancy\avformat-53.dll
    C:\Users\Nancy\avutil-51.dll
    C:\Users\Nancy\brwc_swtor.exe
    C:\Users\Nancy\icudt.dll
    C:\Users\Nancy\launcher.exe
    C:\Users\Nancy\launcherDiag.exe
    C:\Users\Nancy\launcherRestartMsg.exe
    C:\Users\Nancy\libcef.dll
    C:\Users\Nancy\SWTORLaunch.dll


    Some files in TEMP:
    ====================
    C:\Users\Nancy\AppData\Local\Temp\3KL1WNNPBJ.exe
    C:\Users\Nancy\AppData\Local\Temp\6Z6JE2HZNU.exe
    C:\Users\Nancy\AppData\Local\Temp\acc.exe
    C:\Users\Nancy\AppData\Local\Temp\ads.exe
    C:\Users\Nancy\AppData\Local\Temp\appstart.exe
    C:\Users\Nancy\AppData\Local\Temp\CodecFixDivx.exe
    C:\Users\Nancy\AppData\Local\Temp\compete.exe
    C:\Users\Nancy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyuln_g.dll
    C:\Users\Nancy\AppData\Local\Temp\dxdiag.exe
    C:\Users\Nancy\AppData\Local\Temp\install.exe
    C:\Users\Nancy\AppData\Local\Temp\io1.exe
    C:\Users\Nancy\AppData\Local\Temp\jre-8u66-windows-au.exe
    C:\Users\Nancy\AppData\Local\Temp\MediaPlayer__11426.exe
    C:\Users\Nancy\AppData\Local\Temp\msconfig.exe
    C:\Users\Nancy\AppData\Local\Temp\NGMDll.dll
    C:\Users\Nancy\AppData\Local\Temp\NGMResource.dll
    C:\Users\Nancy\AppData\Local\Temp\nvSCPAPI.dll
    C:\Users\Nancy\AppData\Local\Temp\nvStInst.exe
    C:\Users\Nancy\AppData\Local\Temp\sdf5CC0.exe
    C:\Users\Nancy\AppData\Local\Temp\unicows.dll
    C:\Users\Nancy\AppData\Local\Temp\Uninstall.exe
    C:\Users\Nancy\AppData\Local\Temp\xmlUpdater.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll
    [2015-04-25 22:33] - [2015-04-25 22:33] - 0357888 ____A (Microsoft Corporation) 2E8E6DF90941E44933758EE6FD59F5E5

    C:\Windows\SysWOW64\dnsapi.dll
    [2015-04-25 22:33] - [2015-04-25 22:33] - 0270336 ____A (Microsoft Corporation) A1B543AAC34C74A6CE69455C3EC9B34D

    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-04-20 16:19

    ==================== End of FRST.txt ============================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,902   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    [​IMG] You're not saying what your computer issues are.

    [​IMG] Why did you run FRST from safe mode.

    [​IMG] I still need Addition.txt log.
     
  5. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    Oh, I am sorry! I did this in a hurry because the webpage kept sending me to other websites. When I turn on my computer, it goes to the desktop for a few seconds until a windows 10 blue screen comes up even though I have windows 7. When that happened, I couldn't click or do anything which is why I went into safe mode to run FSRT.

    Here's the addition log! ^^

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-05-2016
    Ran by Nancy (2016-05-01 20:55:28)
    Running from E:\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2015-04-26 00:48:40)
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1716612969-2344737603-4151003975-500 - Administrator - Disabled)
    Guest (S-1-5-21-1716612969-2344737603-4151003975-501 - Limited - Disabled)
    Nancy (S-1-5-21-1716612969-2344737603-4151003975-1000 - Administrator - Enabled) => C:\Users\Nancy
    postgres (S-1-5-21-1716612969-2344737603-4151003975-1001 - Limited - Enabled) => C:\Users\postgres

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
    100% Orange Juice (HKLM-x32\...\Steam App 282800) (Version: - Orange_Juice)
    60 Seconds! (HKLM\...\Steam App 368360) (Version: - Robot Gentleman)
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    Advanced PC-Care (HKLM\...\B7A64AC7-B828-4D74-98B2-097AFA836948_is1) (Version: 1.0.0.7375 - advancedpccare.net)
    Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
    Atom (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\atom) (Version: 1.5.4 - GitHub Inc.)
    Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
    Awesomenauts (HKLM\...\Steam App 204300) (Version: - Ronimo Games)
    BioShock (HKLM\...\Steam App 7670) (Version: - 2K Boston)
    BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
    BitTorrent (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\BitTorrent) (Version: 7.9.3.40634 - BitTorrent Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Borderlands (HKLM\...\Steam App 8980) (Version: - Gearbox Software)
    Borderlands 2 (HKLM\...\Steam App 49520) (Version: - Gearbox Software)
    Buzzing Dhol 9.1.1 (HKLM-x32\...\Buzzing Dhol 9.1.1) (Version: 9.1.1 - Buzzing Dhol)
    Caster (HKLM\...\{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1}) (Version: 1.0 - Caster)
    Cat Goes Fishing (HKLM\...\Steam App 343780) (Version: - Cat5Games)
    CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
    CLIP STUDIO PAINT 1.5.4 (HKLM-x32\...\{88B5A062-DDA1-4F62-A4DD-95D0C4F19979}) (Version: 1.5.4 - CELSYS)
    Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
    comoBoss version 1.1 (HKLM-x32\...\comoBoss_is1) (Version: 1.1 - aze) <==== ATTENTION
    Consumer Input (remove only) (HKLM-x32\...\Consumer Input Installer) (Version: - Compete Inc.) <==== ATTENTION
    Consumer Input DH (HKLM-x32\...\Setup Support for Consumer Input DH) (Version: 1.0 - Sono Control Inc.) <==== ATTENTION
    Consumer Input Update Helper (x32 Version: 1.3.25.309 - Compete Inc.) Hidden <==== ATTENTION
    Cook, Serve, Delicious! (HKLM\...\Steam App 247020) (Version: - Vertigo Gaming Inc.)
    Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
    Counter-Strike: Source (HKLM\...\Steam App 240) (Version: - Valve)
    Crimzon Clover WORLD IGNITION (HKLM\...\Steam App 285440) (Version: - YOTSUBANE)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
     
  6. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    DaVinci Resolve (HKLM\...\{9B4515CC-A703-49D2-85E6-5348CA30534D}) (Version: 12.5.0032 - Blackmagic Design)
    Deadly Premonition: The Director's Cut (HKLM-x32\...\Steam App 247660) (Version: - Rising Star Games)
    Dear Esther (HKLM\...\Steam App 203810) (Version: - The Chinese Room)
    Discord (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Discord) (Version: 0.0.288 - Hammer & Chisel, Inc.)
    Dropbox (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
    Enter the Gungeon (HKLM\...\Steam App 311690) (Version: - Dodge Roll)
    Fallout: New Vegas (HKLM\...\Steam App 22380) (Version: - Obsidian Entertainment)
    Faster Web (HKLM-x32\...\Faster Web) (Version: 8.8.8.8 - Faster Web)
    FileZilla Client 3.10.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
    Firewatch (HKLM\...\Steam App 383870) (Version: - Campo Santo)
    Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
    Intel(R) Chipset Device Software (x32 Version: 10.0.17 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.1.1000 - Intel Corporation)
    Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3920 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
    Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
    Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
    Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
    Journal (HKLM\...\Steam App 261680) (Version: - Locked Door Puzzle)
    KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.1.3.1173 - Kakao Corp.)
    Keep Talking and Nobody Explodes (HKLM\...\Steam App 341800) (Version: - Steel Crate Games)
    Krita Desktop (x64) 2.9.6.3 (HKLM\...\{075BFD2E-33CB-4251-93CD-CD644A40C891}) (Version: 2.9.6.3 - Krita Foundation)
    Left 4 Dead 2 (HKLM\...\Steam App 550) (Version: - Valve)
    LibreOffice 4.4.3.2 (HKLM-x32\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
    Logitech Gaming Software 8.76 (HKLM\...\Logitech Gaming Software) (Version: 8.76.155 - Logitech Inc.)
    Long Live The Queen (HKLM\...\Steam App 251990) (Version: - Hanako Games)
    METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version: - Konami Digital Entertainment)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Moobot Assistant (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\40790fab0e175d6b) (Version: 1.0.0.1 - Knudsen Apps)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mumble 1.2.13 (HKLM-x32\...\{AB6B69F9-1A90-44EC-AE6C-A6BEA2C4F0CB}) (Version: 1.2.13 - Thorvald Natvig)
    MURDERED: SOUL SUSPECT™ (HKLM-x32\...\Steam App 233290) (Version: - Airtight Games)
    NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
    Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
    Note-up (HKLM-x32\...\Note-up) (Version: - Note-up) <==== ATTENTION
    Note-UP (HKLM-x32\...\NUIns) (Version: - QUAHOG LIMITED) <==== ATTENTION
    NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.87 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
    NVIDIA Graphics Driver 358.87 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.87 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
    NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
    OneSoftPerDay 025.014010315 (HKLM-x32\...\ospd_us_014010315_is1) (Version: - ONESOFTPERDAY) <==== ATTENTION
    Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    osu! (HKLM-x32\...\{904a59ce-aa0f-4709-bbea-702b9ed44afc}) (Version: latest - ppy Pty Ltd)
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    PostgreSQL 9.2 (HKLM\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group)
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7354 - Realtek Semiconductor Corp.)
    Resident Evil Revelations 2 / Biohazard Revelations 2 (HKLM-x32\...\Steam App 287290) (Version: - CAPCOM Co., Ltd.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Rocketfish HD Webcam (1.01.01.00) (HKLM\...\Rocketfish VF0650) (Version: - Rocketfish)
    Rocketfish Live! Central (HKLM-x32\...\Rocketfish Live! Central) (Version: 2.00.55 - Creative Technology Ltd)
    s5mark (HKLM-x32\...\s5mark) (Version: 2.0.2 - s5mark) <==== ATTENTION
    Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
    SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
    shopperz (HKLM-x32\...\{57ABDEF4-AC53-4D99-9B22-83C925A1F830}) (Version: 2.0.0.477 - shopperz) <==== ATTENTION
    Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
    Sleeping Dogs: Definitive Edition (HKLM\...\Steam App 307690) (Version: - United Front Games)
    Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - United Front Games)
    Sound+ (HKLM\...\SoundPlus) (Version: 1.0 - )
    Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
    Spotify (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB)
    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
    Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
    Stardew Valley (HKLM\...\Steam App 413150) (Version: - ConcernedApe)
    SteelSeries Engine 3.6.3 (HKLM\...\SteelSeries Engine 3) (Version: 3.6.3 - SteelSeries ApS)
    Stray Cat Crossing Demo (HKLM-x32\...\Steam App 398600) (Version: - Jurlo)
    Strider (HKLM-x32\...\Steam App 235210) (Version: - Double Helix Games)
    Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
    sunnyday version 1.1 (HKLM-x32\...\sunnyday_is1) (Version: 1.1 - sunnyday) <==== ATTENTION
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
    TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
    Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
    The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
    The Knobbly Crook: Chapter I - The Horse You Sailed In On (HKLM\...\Steam App 378300) (Version: - Gnarled Scar Manipulations)
    The Typing of The Dead: Overkill (HKLM\...\Steam App 246580) (Version: - Modern Dream)
    There's Poop In My Soup (HKLM\...\Steam App 449540) (Version: - Rudder Games)
    TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version: - Nadeo)
    TwitchAlerts (HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\...\fb3f6ca9b67f53a3) (Version: 1.0.0.8 - TwitchAlerts)
    Undertale (HKLM\...\Steam App 391540) (Version: - tobyfox)
    VASSAL (3.2.15) (HKLM\...\VASSAL (3.2.15)) (Version: 3.2.15 - vassalengine.org)
    Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-3 - Wacom Technology Corp.)
    wardmain (HKLM-x32\...\{5d2072a8-011e-4602-e6e3-925eeda9b86a}) (Version: 1.0.0 - molecny) <==== ATTENTION
    WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
    WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
    White Night (HKLM\...\Steam App 301560) (Version: - OSome Studio)
    Window Drive Manager (HKLM-x32\...\Window Drive Manager) (Version: 1.56 - Slideway Inc.)
    Windows Driver Package - Microsoft (xusb21) XnaComposite (08/13/2009 2.1.0.1349) (HKLM\...\0AEBEF6F936CFE16E003F7E141631FAB754D9816) (Version: 08/13/2009 2.1.0.1349 - Microsoft)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
    CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\wardmain\ryseas.dll () <==== ATTENTION
    CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
    CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Nancy\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {118B3AD1-1177-467F-AC83-C4FBBFD0C0D2} - System32\Tasks\ASUS\I-Setup211247 => C:\Windows\Intel_Chipset_Win7-8-8-1_V10016\AsusSetup.exe [2015-04-25] (ASUSTeK Computer Inc.)
    Task: {2EACD216-55C3-44AC-B06E-8334BA428602} - System32\Tasks\ASUS\I-Setup234056 => C:\Windows\Install\AsusSetup.exe [2013-08-22] (ASUSTeK Computer Inc.)
    Task: {3D6215F6-CA1C-44D3-850F-8F6C34D30575} - \DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000Core -> No File <==== ATTENTION
    Task: {5A016C69-5B92-4B48-8479-6259452DB079} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION
    Task: {5CF0C7F0-B350-4C6E-9DAC-C3A5E2E3FA21} - \AdobeAAMUpdater-1.0-Silent-Knight-Nancy -> No File <==== ATTENTION
    Task: {789202B6-A930-4D0A-B986-ED2184841BF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {8FABE58C-337B-4497-9CB2-DEE46E457F82} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
    Task: {96F9CC98-6ADA-4F9E-AE13-A3C9F558E89A} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
    Task: {A73C705E-F94B-4A76-8E05-C6810F0AD3BC} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION
    Task: {AADA29C5-78EC-44E3-81B9-89136AA2A0B0} - System32\Tasks\3409948 => C:\Program Files (x86)\herc\undependable.exe [2016-05-01] () <==== ATTENTION
    Task: {BD032AD3-7BAE-4321-BFEB-3C2A016114F3} - \CCleanerSkipUAC -> No File <==== ATTENTION
    Task: {C185284E-5925-4C1F-A479-452FCE58FA25} - \CIMT_daily_S-1-5-21-1716612969-2344737603-4151003975-1000 -> No File <==== ATTENTION
    Task: {CB6C034A-D3D3-4924-B225-58CFC7513C9F} - \DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000UA -> No File <==== ATTENTION
    Task: {D2E81F2D-65CE-4E13-BCE6-D165F409370B} - System32\Tasks\ASUS\I-Setup211559 => C:\Windows\MEI-Win7-8-8-1_VER10001204\AsusSetup.exe [2015-04-25] (ASUSTeK Computer Inc.)
    Task: {E635D6C0-8D46-4A30-8878-E23C4291A457} - \PaintTool SAI -> No File <==== ATTENTION
    Task: {E99EEC14-BB1C-4282-A4C1-A6BDB0A775BE} - \CIMT_S-1-5-21-1716612969-2344737603-4151003975-1000 -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\CIMT_daily_S-1-5-21-1716612969-2344737603-4151003975-1000.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
    Task: C:\Windows\Tasks\CIMT_S-1-5-21-1716612969-2344737603-4151003975-1000.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
    Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
    Task: C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe <==== ATTENTION
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000Core.job => C:\Users\Nancy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1716612969-2344737603-4151003975-1000UA.job => C:\Users\Nancy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     
  7. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
    Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
    Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
    Shortcut: C:\Users\Nancy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-03-02 10:43 - 2015-03-02 10:43 - 00099288 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2016-04-07 10:04 - 2016-05-01 20:33 - 00162304 _____ () C:\Users\Nancy\AppData\Roaming\wardmain\ryseas.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\TEMP:3CAE2A70 [130]
    AlternateDataStreams: C:\ProgramData\TEMP:887F3A41 [222]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpf64.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpr64.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpf64.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpr64.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2016-05-01 20:27 - 00001626 ____A C:\Windows\system32\Drivers\etc\hosts

    107.178.255.88 www.google-analytics.com
    107.178.255.88 www.statcounter.com
    107.178.255.88 statcounter.com
    107.178.255.88 ssl.google-analytics.com
    107.178.255.88 partner.googleadservices.com
    107.178.255.88 google-analytics.com
    107.178.248.130 static.doubleclick.net
    107.178.247.130 connect.facebook.net
    107.178.255.88 www.google-analytics.com
    107.178.255.88 www.statcounter.com
    107.178.255.88 statcounter.com
    107.178.255.88 ssl.google-analytics.com
    107.178.255.88 partner.googleadservices.com
    107.178.255.88 google-analytics.com
    107.178.248.130 static.doubleclick.net
    107.178.247.130 connect.facebook.net127.0.0.1 down.baidu2016.com
    127.0.0.1 123.sogou.com
    127.0.0.1 www.czzsyzgm.com
    127.0.0.1 www.czzsyzxl.com
    127.0.0.1 union.baidu2019.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 104.197.191.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{CA850337-2A4C-4A8A-82AF-4C9E5727EBAF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{82743C46-D2C3-4214-AF5C-74464C141BBF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{CA860072-5BEC-4590-82FC-9A49F1955FD4}] => (Allow) C:\Users\Nancy\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{4FED180B-FE31-4DBA-B6D9-6E0E8F2DF569}] => (Allow) C:\Users\Nancy\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{0BB38351-AF8C-4915-9F15-EAB77AA59307}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{34BF9E6B-6BFA-43B1-A789-4030CB3BA1B6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{55FCA881-379A-45B4-A749-ED73A23BFEC0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{636AA001-6352-4AD6-8BD8-625A8D6E26EA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{58491868-C389-44C9-AC99-84548ADED842}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
    FirewallRules: [{45FFC5C0-B3F2-4F31-B61F-24DF9E431B25}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
    FirewallRules: [{9C259B5D-A70B-4268-9B1B-AECAF35E5755}] => (Allow) E:\Steam\Steam.exe
    FirewallRules: [{AF2E69B4-7D33-4BBA-9153-5C38CB9B4BF4}] => (Allow) E:\Steam\Steam.exe
    FirewallRules: [TCP Query User{1B5E3003-2C00-46BF-A199-24A6CD4CE12A}C:\users\nancy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\nancy\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{BD2AFC90-1715-4EF1-8894-6735610383E2}C:\users\nancy\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\nancy\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{C925A17E-8ED8-4C9E-9C35-6B17303FE87E}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
    FirewallRules: [{28A534B4-FD1E-4A8B-ADF6-EB01326D5F48}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
    FirewallRules: [{252B4E47-A5D2-4BD2-9F9C-302415DDD533}] => (Allow) E:\steam games\steamapps\common\Terraria\Terraria.exe
    FirewallRules: [{D2562BF8-9FF3-40ED-935E-720665EF43EF}] => (Allow) E:\steam games\steamapps\common\Terraria\Terraria.exe
    FirewallRules: [TCP Query User{134F1368-92DF-459C-B5BE-17F5DB8E0F35}E:\steam games\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\steam games\steamapps\common\terraria\terrariaserver.exe
    FirewallRules: [UDP Query User{AF8CCDD7-BA7F-47C6-AD05-9051856BAA14}E:\steam games\steamapps\common\terraria\terrariaserver.exe] => (Allow) E:\steam games\steamapps\common\terraria\terrariaserver.exe
    FirewallRules: [TCP Query User{985D84D5-BBD5-45CF-A48B-60952E272062}C:\users\nancy\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\nancy\appdata\local\akamai\netsession_win.exe
    FirewallRules: [UDP Query User{56F755E0-8216-44D5-BFF7-15FC70F9C2DB}C:\users\nancy\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\nancy\appdata\local\akamai\netsession_win.exe
    FirewallRules: [{A7787897-2158-4E09-A0B2-5AFC86E1958B}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\NMService.exe
    FirewallRules: [{A800E5AD-57E7-4F89-9BB0-EF30DB6AAC8D}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\NMService.exe
    FirewallRules: [TCP Query User{D8D32F7B-04B8-410B-A5CA-588624FF8A33}E:\steam games\steamapps\common\vindictus\en-us\vindictus.exe] => (Allow) E:\steam games\steamapps\common\vindictus\en-us\vindictus.exe
    FirewallRules: [UDP Query User{63B64796-AC28-4634-9AC5-BA82E30CBB04}E:\steam games\steamapps\common\vindictus\en-us\vindictus.exe] => (Allow) E:\steam games\steamapps\common\vindictus\en-us\vindictus.exe
    FirewallRules: [{E5DB4A09-3C4E-469D-9062-E7DFC315C512}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
    FirewallRules: [{EDB4D55E-6B92-432B-BF60-EFE045A9820B}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
    FirewallRules: [{8883127C-8E0E-4AC1-96A5-C1AA8C975F6B}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{3C7594B7-D47E-4C44-A177-04B8384E4CD9}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{4CFC0D5D-70CA-4CEB-A24B-ABF6548787C8}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{A3C5A3B7-A2FB-4D39-9E50-BC0B63FFBAC5}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{AB87F5D0-7208-4C6D-A6F1-DFF718135C51}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{9741A865-4CF4-4BA0-98CD-F6C538D5D783}] => (Allow) C:\Users\Nancy\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{1EF8B1A6-D86F-41CC-BFB6-BDDC2984BD1A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{3EA4F37F-8696-4707-AECF-DB1D7228CBB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{3C017C47-C3E8-4AFF-8CD1-B464CE8BFDAF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{0B6F73F5-7E34-4043-B338-777039677803}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{4A6538E3-D7C3-43D2-9C51-78658E43673C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{122E4204-2A28-42A7-947A-F5C21B630506}] => (Allow) E:\steam games\steamapps\common\Saints Row IV\SaintsRowIV.exe
    FirewallRules: [{44E0B86E-13C3-449A-B272-3B2B42043C21}] => (Allow) E:\steam games\steamapps\common\Saints Row IV\SaintsRowIV.exe
    FirewallRules: [{8714BDFF-35C2-4F4F-9F25-902AD96CCCB9}] => (Allow) E:\steam games\steamapps\common\Stray Cat Crossing Demo\Game.exe
    FirewallRules: [{D5B337C0-8DF9-4A5E-B678-7E26E623904A}] => (Allow) E:\steam games\steamapps\common\Stray Cat Crossing Demo\Game.exe
    FirewallRules: [{A0F6C3EB-027A-4A80-9107-D9A7E78C0888}] => (Allow) E:\steam games\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
    FirewallRules: [{2B410402-F832-4B4A-BFA5-D6D9353B581D}] => (Allow) E:\steam games\steamapps\common\RESIDENT EVIL REVELATIONS 2\rerev2.exe
    FirewallRules: [{880E159E-BF42-4A92-B9CE-1556CBEF3C82}] => (Allow) E:\steam games\steamapps\common\Strider\Strider.exe
    FirewallRules: [{E5119782-9C40-4C69-AE0C-207D1684421F}] => (Allow) E:\steam games\steamapps\common\Strider\Strider.exe
    FirewallRules: [{2DF84BDD-C3A8-4157-9B0D-C2FAC8A36A78}] => (Allow) E:\steam games\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe
    FirewallRules: [{757552F0-B94B-4EF2-847B-4D9DA202F6B2}] => (Allow) E:\steam games\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe
    FirewallRules: [{C7546C24-9468-4869-9801-4A9B0B073DD6}] => (Allow) E:\steam games\steamapps\common\Murdered Soul Suspect\Binaries\Win64\Murdered.exe
    FirewallRules: [{423FD44A-696F-4A39-B0E1-8D22796D74DE}] => (Allow) E:\steam games\steamapps\common\Murdered Soul Suspect\Binaries\Win64\Murdered.exe
    FirewallRules: [{FE3D6A81-D325-4FD6-96AA-73EBDE052744}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{64FE28A2-110B-4D5B-96C1-D9073569C9F1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{5D50F614-2C58-4B55-9BB6-F06DB9123E1F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{461BA562-9657-4E5E-AF88-E50296C255EB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{CC3C4DEC-875C-43EB-9428-6236104BFBCC}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\nxsteam.exe
    FirewallRules: [{F5537F0D-F4B3-4899-A657-E3A11E5FB831}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\nxsteam.exe
    FirewallRules: [{F41F2DA8-FAA7-4F9D-BCA7-7AABCEDC94A0}] => (Allow) E:\steam games\steamapps\common\Deadly Premonition The Director's Cut\DPLauncher.exe
    FirewallRules: [{9782D7F5-9ECF-4335-AF78-8DA407AFCC68}] => (Allow) E:\steam games\steamapps\common\Deadly Premonition The Director's Cut\DPLauncher.exe
    FirewallRules: [TCP Query User{17D15F1C-474A-4835-85A4-8DFEC8CEDF14}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [UDP Query User{E03AD1FE-8648-4A66-96ED-493E8E216CA9}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [TCP Query User{F048DA76-C7EA-41A1-B9B3-8AB41FE1FD18}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [UDP Query User{D6832DAB-1CB5-4D50-A0BB-BD137A2886AF}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [TCP Query User{9966FC91-89D1-43CD-B996-E9D435BAE01F}E:\steam games\steamapps\common\terraria\terrariaserver.exe] => (Block) E:\steam games\steamapps\common\terraria\terrariaserver.exe
    FirewallRules: [UDP Query User{3701F295-8530-47FE-B1AA-200D784F9726}E:\steam games\steamapps\common\terraria\terrariaserver.exe] => (Block) E:\steam games\steamapps\common\terraria\terrariaserver.exe
    FirewallRules: [{C0D954A0-D9FB-4594-BF2F-0C5460CE8BD6}] => (Allow) C:\Torrentex\Torrentex.exe
    FirewallRules: [{4202B8D2-0112-4DF4-968C-6E13C0654755}] => (Allow) C:\Torrentex\Torrentex.exe
    FirewallRules: [{328DEFC2-2997-4929-9AC1-B299D77AE402}] => (Allow) E:\steam games\steamapps\common\App Game Kit 2\Tier 1\Editor\bin\AGK.exe
    FirewallRules: [{E8681420-7968-4720-B57E-475B99097A1B}] => (Allow) E:\steam games\steamapps\common\App Game Kit 2\Tier 1\Editor\bin\AGK.exe
    FirewallRules: [{B6FF7BCF-F859-45F1-9F17-76B536595486}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\nxsteam.exe
    FirewallRules: [{62C10A6E-C013-4038-A0B8-1C6942861696}] => (Allow) E:\steam games\steamapps\common\Vindictus\en-US\nxsteam.exe
    FirewallRules: [{72D5F959-C4BB-4DC0-9721-B2AC04993238}] => (Allow) E:\steam games\steamapps\common\D4 Dark Dreams Don't Die\D4.exe
    FirewallRules: [{B2F6E4BE-A031-423C-A606-DA000DE3D470}] => (Allow) E:\steam games\steamapps\common\D4 Dark Dreams Don't Die\D4.exe
    FirewallRules: [{0AF5151C-BC5E-40B0-AB64-D5114DAB918D}] => (Allow) E:\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{3EDC88AB-9310-43A8-9CF1-D553406870BE}] => (Allow) E:\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{2565A482-E68B-414E-B135-438745C98B59}] => (Allow) E:\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{2CC559F4-58F8-4504-A672-963AF7858841}] => (Allow) E:\Star Wars-The Old Republic\launcher.exe
    FirewallRules: [{90095932-23A4-43B3-8349-CDC5038113D0}] => (Allow) E:\steam games\steamapps\common\MGS_TPP\mgsvtpp.exe
    FirewallRules: [{FD963F31-17B7-4952-A22D-8F207E2AF136}] => (Allow) E:\steam games\steamapps\common\MGS_TPP\mgsvtpp.exe
    FirewallRules: [{C8D6FDDC-E4CB-4A04-B229-1B9E043BE04F}] => (Allow) E:\steam games\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
    FirewallRules: [{44490872-1279-4E55-BFDD-B6AE43F8D32A}] => (Allow) E:\steam games\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
    FirewallRules: [{25BB77C6-AC0E-487A-916F-ECE5504F7203}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{EFCFBEA7-4476-4129-AD73-3EF6D9F02818}C:\users\nancy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nancy\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{804D0F0E-7928-4376-AEE3-2872DCADFCDF}C:\users\nancy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nancy\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{28D511A6-AA8B-43E4-8092-7B810B25D9A4}] => (Allow) E:\steam games\steamapps\common\100 Orange Juice\100orange.exe
    FirewallRules: [{D089CA47-9CA6-4EBD-BE41-8FB788DCC8EA}] => (Allow) E:\steam games\steamapps\common\100 Orange Juice\100orange.exe
    FirewallRules: [{7018B7E0-0969-4443-8CF5-B0891A68819A}] => (Allow) E:\steam games\steamapps\common\Warframe\Tools\Launcher.exe
    FirewallRules: [{59000A7E-5F9A-449A-AD20-050206839613}] => (Allow) E:\steam games\steamapps\common\Warframe\Tools\Launcher.exe
    FirewallRules: [{3CE3BD18-7C96-4DEF-B4BE-7CCF842C1676}] => (Allow) E:\steam games\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
    FirewallRules: [{EE2BFA29-3687-4E5A-BA78-0E15F1BC0C57}] => (Allow) E:\steam games\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
    FirewallRules: [{75E4AE9E-984F-4CB3-96E9-A6F7E96B5EC2}] => (Allow) E:\steam games\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
    FirewallRules: [{E64C92D9-C9B7-4E02-AAF6-1B02805B8C80}] => (Allow) E:\steam games\steamapps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
    FirewallRules: [{C974C8BE-0B87-4490-AA66-3A001EE3E995}] => (Allow) E:\steam games\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
    FirewallRules: [{2CA2FE66-9A4C-429D-AB9B-287C57535FFB}] => (Allow) E:\steam games\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
    FirewallRules: [{313B8372-EAEA-44D6-960F-0B8E4C147BA4}] => (Allow) E:\steam games\steamapps\common\SleepingDogs\HKShip.exe
    FirewallRules: [{531F9CED-9BC6-45FA-BDC2-3B2B5BEB285E}] => (Allow) E:\steam games\steamapps\common\SleepingDogs\HKShip.exe
    FirewallRules: [TCP Query User{7F717E6B-324C-4524-BC2D-E310BABD5479}C:\users\nancy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nancy\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{1A27D61D-4A2A-41D7-9B5A-02491C56AE0E}C:\users\nancy\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nancy\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{26B9624E-FA34-4E5E-999B-92D6503242ED}] => (Allow) E:\steam games\steamapps\common\The Forest\TheForest.exe
    FirewallRules: [{A602FB3A-AEE0-4C4A-B350-E5258EE1143F}] => (Allow) E:\steam games\steamapps\common\The Forest\TheForest.exe
    FirewallRules: [{CE673219-D543-41C7-90D5-14576F9051B2}] => (Allow) E:\steam games\steamapps\common\App Game Kit 2\Tier 1\Editor\bin\AGK.exe
    FirewallRules: [{92E983B0-31A6-4550-9B6C-5EB5BB7CA3E5}] => (Allow) E:\steam games\steamapps\common\App Game Kit 2\Tier 1\Editor\bin\AGK.exe
    FirewallRules: [{ACFC0827-9F5F-45B0-8D4F-488C77F7F7CF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{5785979C-50C6-46E7-B70E-2CEFB9F292C3}] => (Allow) LPort=2869
    FirewallRules: [{7EAF4EC3-BACD-495D-8E35-5660A74FF5AD}] => (Allow) LPort=1900
    FirewallRules: [{C1AE23A2-65EB-49B2-86E2-86F54961CF74}] => (Allow) C:\Users\Nancy\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{5910248F-4F3F-401B-AA24-E4524316F063}] => (Allow) C:\Users\Nancy\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{45B985BB-AB8A-4EF5-A6D0-0DCAD49ACF31}] => (Allow) C:\Users\Nancy\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{F96E36E3-8857-49FC-917A-2CC010A6B0B7}] => (Allow) C:\Users\Nancy\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{3E974270-70D2-454B-9321-0CE4212EA450}] => (Allow) C:\Users\Nancy\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{54BD21DE-2210-4FAA-B534-F4D1B3AF9A7D}] => (Allow) C:\Users\Nancy\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{7945D5CA-8950-4FB5-9A0F-1A0E49C3C374}] => (Allow) E:\steam games\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
    FirewallRules: [{FE9905EC-F275-4C09-9B65-A2040EB9E087}] => (Allow) E:\steam games\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
    FirewallRules: [{F5860BBA-308D-4DA8-98F8-731C551BBB4D}] => (Allow) E:\steam games\steamapps\common\The Knobbly Crook Chapter I\Knobbly Crook.exe
    FirewallRules: [{10E24C0B-7754-45EB-97F8-9022CDE8878B}] => (Allow) E:\steam games\steamapps\common\The Knobbly Crook Chapter I\Knobbly Crook.exe
    FirewallRules: [{F3060FC9-480E-49B1-B724-5B6CE61999B6}] => (Allow) E:\steam games\steamapps\common\Undertale\UNDERTALE.exe
    FirewallRules: [{6FE94E7C-BC0F-4A37-ACFA-4392294DD965}] => (Allow) E:\steam games\steamapps\common\Undertale\UNDERTALE.exe
    FirewallRules: [{E874A4A5-7860-4403-B5C2-971E8A76E0C5}] => (Allow) F:\SteamLibrary\steamapps\common\Firewatch\Firewatch.exe
    FirewallRules: [{882E45CA-B8A3-4B77-870F-0A9608433017}] => (Allow) F:\SteamLibrary\steamapps\common\Firewatch\Firewatch.exe
    FirewallRules: [{1E319306-A72E-4938-8FC4-65C698DE5CC9}] => (Allow) F:\SteamLibrary\steamapps\common\There's Poop In My Soup\PoopInMySoup.exe
    FirewallRules: [{2FCF3C33-7D5E-4A13-964F-BF89A4BF77A2}] => (Allow) F:\SteamLibrary\steamapps\common\There's Poop In My Soup\PoopInMySoup.exe
    FirewallRules: [{0A836CF1-5229-4074-AEFB-7E9E7D474F40}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{AB26598F-BCAC-4151-9BC4-1CA3E1B7B549}] => (Allow) F:\quicktime\QuickTimePlayer.exe
    FirewallRules: [{47EA068B-6CC5-484C-A6E2-1D8FA06E7EE3}] => (Allow) F:\quicktime\QuickTimePlayer.exe
    FirewallRules: [{78CEDC61-EF1A-413A-B6F8-3CC7AAC710CE}] => (Allow) F:\quicktime\QuickTimePlayer.exe
    FirewallRules: [{EF914AC4-29A5-4C8D-9E3A-473B8E91C9DF}] => (Allow) F:\quicktime\QuickTimePlayer.exe
    FirewallRules: [TCP Query User{1782FC31-3120-4554-BBEF-1E405292D9F2}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Allow) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
    FirewallRules: [UDP Query User{F29A427A-4E9A-4EDD-86BC-26D097D861E8}C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe] => (Allow) C:\program files (x86)\kakao\kakaotalk\kakaotalk.exe
    FirewallRules: [{8A3B2752-9A65-45E1-9BF0-5933AA951DCF}] => (Allow) F:\SteamLibrary\steamapps\common\Enter the Gungeon\EtG.exe
    FirewallRules: [{F14711B0-3AB5-4E82-A292-955743BF41BC}] => (Allow) F:\SteamLibrary\steamapps\common\Enter the Gungeon\EtG.exe
    FirewallRules: [{C065E9D8-2F11-48F3-96C9-2277E38C6B71}] => (Allow) F:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
    FirewallRules: [{C4C392C1-E0AF-4A6A-B3EE-01EAC5C31460}] => (Allow) F:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
    FirewallRules: [{AF70A690-3203-4D33-8055-C9086A772ABD}] => (Allow) F:\SteamLibrary\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
    FirewallRules: [{652C422F-CF3A-48B1-9737-1394CF804CB4}] => (Allow) F:\SteamLibrary\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
    FirewallRules: [TCP Query User{EF13DCA4-BACD-4427-BA56-172D7BDFFF76}F:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) F:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe
    FirewallRules: [UDP Query User{EEFF4213-8BDF-4EA9-847E-D15064180E86}F:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) F:\steamlibrary\steamapps\common\awesomenauts\awesomenauts.exe
    FirewallRules: [{4CC24044-89D4-4602-854C-55B6DC38B33A}] => (Allow) F:\SteamLibrary\steamapps\common\Dear Esther\dearesther.exe
    FirewallRules: [{E0BA2255-BD30-4687-853B-EDA7F1A7AB52}] => (Allow) F:\SteamLibrary\steamapps\common\Dear Esther\dearesther.exe
    FirewallRules: [{5F3E392B-ECD4-4151-8FAE-4A19D580AA82}] => (Allow) F:\SteamLibrary\steamapps\common\LongLiveTheQueen\LongLiveTheQueen.exe
    FirewallRules: [{C267D727-3C67-49A8-B23C-C1614DC42648}] => (Allow) F:\SteamLibrary\steamapps\common\LongLiveTheQueen\LongLiveTheQueen.exe
    FirewallRules: [{564C8FC9-DC5C-43D3-9D59-FEE0A4D8338C}] => (Allow) E:\steam games\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
    FirewallRules: [{6EF1EA4A-3589-43E5-967B-CC75FCE830B3}] => (Allow) E:\steam games\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
    FirewallRules: [{00CD6E04-6FF7-410E-B5A2-4B3AFA4941F9}] => (Allow) F:\SteamLibrary\steamapps\common\White Night\Bin\Win32\WNight.exe
    FirewallRules: [{60DCC1C1-6744-4CC6-A7BC-ACE31C8B2C83}] => (Allow) F:\SteamLibrary\steamapps\common\White Night\Bin\Win32\WNight.exe
    FirewallRules: [{FC20C8E5-8212-4A69-A654-542233587F2C}] => (Allow) F:\SteamLibrary\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
    FirewallRules: [{900CE209-A07B-4656-8B66-066327C28F9F}] => (Allow) F:\SteamLibrary\steamapps\common\Typing of the Dead Overkill\HOTD_NG.exe
    FirewallRules: [{5F66E185-1762-49EE-BA85-7D72A5C9F018}] => (Allow) F:\SteamLibrary\steamapps\common\60 Seconds!\60Seconds.exe
    FirewallRules: [{22320615-E1BB-4EE4-B69B-CC41DBE6A410}] => (Allow) F:\SteamLibrary\steamapps\common\60 Seconds!\60Seconds.exe
    FirewallRules: [{DABC689E-0E74-488F-895C-C6A2A13BDAE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{DEBBAD97-14C7-477D-92CA-B7084ECB513F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{CF937966-9D54-4296-B4C3-31759B23E38D}] => (Allow) F:\SteamLibrary\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
    FirewallRules: [{5A430152-248F-462F-846D-0FAF710A3E9E}] => (Allow) F:\SteamLibrary\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
    FirewallRules: [{8266CCCB-04C2-4B6A-ADB1-9010E7AD1FFC}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
    FirewallRules: [{F4C6F506-C023-43EE-B630-86912420621A}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands\Binaries\Borderlands.exe
    FirewallRules: [{B633E87A-3FF6-483B-859B-8FAE48A94DE2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
    FirewallRules: [{C59DF322-709F-4E30-89EA-8A5D846177F1}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
    FirewallRules: [{DCD7B397-9C0C-458A-9617-4B2C7AA047DA}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
    FirewallRules: [{CAF858B0-9C5D-4749-81C0-033A6392F196}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
    FirewallRules: [{8039991B-0897-4DBA-9F67-91965FA7D014}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
    FirewallRules: [{D7B85D2E-968E-468C-827E-1B89723B1068}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
    FirewallRules: [{EC19B3B2-DC9A-4497-87B4-81504F94B043}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
    FirewallRules: [{D187F224-9265-4FAA-8496-D53BE1052A95}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
    FirewallRules: [{8440F183-436D-4182-B3D8-F144371BF66E}] => (Allow) F:\SteamLibrary\steamapps\common\Cat Goes Fishing\Cat Goes Fishing.exe
    FirewallRules: [{5BB7F5CC-5288-4CDA-A017-BC82BEF60DA0}] => (Allow) F:\SteamLibrary\steamapps\common\Cat Goes Fishing\Cat Goes Fishing.exe
    FirewallRules: [{11A81325-D3AD-4763-8214-88A003969434}] => (Allow) F:\SteamLibrary\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
    FirewallRules: [{5F8B873D-548C-4F0D-AD83-5449C2D4B039}] => (Allow) F:\SteamLibrary\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
    FirewallRules: [{3976F162-3E7A-4990-87B5-C604E3DDCA1A}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [{EFA44272-9251-4BE1-97E8-3A67A6FF189E}] => (Allow) F:\SteamLibrary\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
    FirewallRules: [{2F27D29A-C785-438C-9D65-8B24E9D30D11}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [{D6224275-058F-45EB-972D-D0A0D97BEE6F}] => (Allow) F:\SteamLibrary\steamapps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [{CE0CE3D9-DDB5-49AA-90EC-56B21869500E}] => (Allow) F:\SteamLibrary\steamapps\common\Crimzon Clover\CrimzonClover_WI.exe
    FirewallRules: [{533BEB7D-B1C8-4D70-ADF8-9A2F7C050186}] => (Allow) F:\SteamLibrary\steamapps\common\Crimzon Clover\CrimzonClover_WI.exe
    FirewallRules: [{6D9F1EE0-9D89-4C82-8C6D-3D9764FB299A}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
    FirewallRules: [{79B7E3B6-3339-4CD9-8816-49FB0A31BD02}] => (Allow) F:\SteamLibrary\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
    FirewallRules: [{643D0578-8A69-4905-A8D3-0DF154B0D55E}] => (Allow) F:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
    FirewallRules: [{102A614F-9886-4CE3-BA01-748B24B982EC}] => (Allow) F:\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
    FirewallRules: [{86EA2F91-3170-45B7-87BE-9EDF14D5F9F7}] => (Allow) F:\SteamLibrary\steamapps\common\Journal\Journal.exe
    FirewallRules: [{E3EDAF87-F223-42D1-9D87-E517CCBD7EED}] => (Allow) F:\SteamLibrary\steamapps\common\Journal\Journal.exe
    FirewallRules: [{C49029D8-B5DD-458C-9952-2E1407950793}] => (Allow) F:\SteamLibrary\steamapps\common\Keep Talking and Nobody Explodes\ktane.exe
    FirewallRules: [{60CA01AA-E52C-4D89-A20E-3F6DAAC2DA6F}] => (Allow) F:\SteamLibrary\steamapps\common\Keep Talking and Nobody Explodes\ktane.exe
    FirewallRules: [{B1BAEE1C-E62B-47CB-B4D1-A52BAF100417}] => (Allow) F:\SteamLibrary\steamapps\common\SleepingDogsDefinitiveEdition\sdhdship.exe
    FirewallRules: [{D23216F8-3BBE-4D49-80B6-93F65D81F4A5}] => (Allow) F:\SteamLibrary\steamapps\common\SleepingDogsDefinitiveEdition\sdhdship.exe
    FirewallRules: [{D47598EA-F172-4AA8-9D87-721D82CC3075}] => (Allow) F:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{1D19A12F-F54C-417B-9032-96A0914E14AF}] => (Allow) F:\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
    FirewallRules: [{2A02F79A-A4B9-420A-9085-4F29CFDD848B}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳攮數
    FirewallRules: [{1D120B5E-BAA7-4512-90A0-5A0433394B0D}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩牤癩略敳睜湩牤癩略敳⹟硥e
    FirewallRules: [{37B4C348-9AE0-40BA-A938-A11716788080}] => (Allow) C:\Users\Nancy\AppData\Local\ddnowyes.exe
    FirewallRules: [{CF246BA3-16CE-418D-B639-A3117D5C4F40}] => (Allow) C:\Users\Nancy\AppData\Local\Temp\setup.exe
    FirewallRules: [{B527EDEA-467D-4D31-ABA8-311A185EFF94}] => (Allow) C:\Users\Nancy\AppData\Local\39164305.exe
    FirewallRules: [{05B25E18-E8BF-44B3-A2A8-91FEE02B7976}] => (Allow) C:\Users\Nancy\AppData\Local\tinstall.exe
    FirewallRules: [{CFF3917F-840A-423B-96DA-44B9F39BD8CE}] => (Allow) C:\Users\Nancy\AppData\Local\cap.exe
    FirewallRules: [{BA142D32-1705-4F23-A89F-CFE050A2CF34}] => (Allow) C:\Users\Nancy\AppData\Local\ddnow.exe
     
  8. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    ==================== Restore Points =========================

    28-04-2016 20:16:26 Installed DirectX
    30-04-2016 14:59:13 Windows Update
    30-04-2016 18:57:19 Installed DirectX
    01-05-2016 20:25:40 Revo Uninstaller's restore point - KNCTR
    01-05-2016 20:33:00 Revo Uninstaller's restore point - SecuriDex1.12

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: Security Processor Loader Driver
    Description: Security Processor Loader Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: spldr
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    Name: VB-Audio VoiceMeeter AUX VAIO
    Description: VB-Audio VoiceMeeter AUX VAIO
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: VB-Audio VoiceMeeter AUX VAIO
    Description: VB-Audio VoiceMeeter AUX VAIO
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/01/2016 08:50:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/01/2016 08:30:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/01/2016 08:28:11 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3920, time stamp: 0x53f57150
    Faulting module name: igfxCUIService.exe, version: 6.15.10.3920, time stamp: 0x53f57150
    Exception code: 0xc0000005
    Fault offset: 0x00000000000172b9
    Faulting process id: 0x498
    Faulting application start time: 0xigfxCUIService.exe0
    Faulting application path: igfxCUIService.exe1
    Faulting module path: igfxCUIService.exe2
    Report Id: igfxCUIService.exe3

    Error: (05/01/2016 08:25:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary bsdpr64 service.

    System Error:
    Access is denied.
    .

    Error: (05/01/2016 08:25:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary bsdpf64 service.

    System Error:
    Access is denied.
    .

    Error: (05/01/2016 08:24:10 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
    Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (05/01/2016 08:24:10 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
    Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (05/01/2016 07:43:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/01/2016 07:42:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: igfxCUIService.exe, version: 6.15.10.3920, time stamp: 0x53f57150
    Faulting module name: igfxCUIService.exe, version: 6.15.10.3920, time stamp: 0x53f57150
    Exception code: 0xc0000005
    Fault offset: 0x00000000000172b9
    Faulting process id: 0x494
    Faulting application start time: 0xigfxCUIService.exe0
    Faulting application path: igfxCUIService.exe1
    Faulting module path: igfxCUIService.exe2
    Report Id: igfxCUIService.exe3

    Error: (04/30/2016 02:56:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
  9. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    System errors:
    =============
    Error: (05/01/2016 08:54:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/01/2016 08:54:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/01/2016 08:54:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/01/2016 08:54:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/01/2016 08:54:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/01/2016 08:54:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/01/2016 08:50:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/01/2016 08:50:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/01/2016 08:50:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
    %%1068

    Error: (05/01/2016 08:50:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1068


    CodeIntegrity:
    ===================================
    Date: 2016-05-01 20:27:22.088
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-05-01 20:27:22.053
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-05-01 20:27:15.159
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-05-01 20:27:14.539
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-05-01 20:27:13.455
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-05-01 20:27:13.138
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
    Percentage of memory in use: 15%
    Total physical RAM: 8135 MB
    Available physical RAM: 6879.81 MB
    Total Virtual: 16268.2 MB
    Available Virtual: 15098.31 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:111.69 GB) (Free:23.02 GB) NTFS
    Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (Nancy) (Fixed) (Total:465.66 GB) (Free:150.9 GB) NTFS
    Drive f: (GAEMS :D) (Fixed) (Total:931.51 GB) (Free:781.85 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 83E89C3F)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 17FE5D81)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B4A6920C)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  10. Broni

    Broni Malware Annihilator Posts: 52,902   +344

    [​IMG] Uninstall following unwanted programs:

    comoBoss
    Consumer Input
    Consumer Input DH
    Consumer Input Update Helper
    Note-up
    Note-UP
    OneSoftPerDay
    s5mark
    shopperz
    sunnyday
    wardmain


    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  11. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    I do all of this in safe mode, right? Or at least the first step of uninstalling the programs? I can't get into my desktop at the moment :(
     
  12. Broni

    Broni Malware Annihilator Posts: 52,902   +344

    Yes. After unisntalling those programs try normal mode again.
    If still no go, stay in safe mode.
     
  13. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    I had to do this in safe mode:

    RogueKiller V12.1.5.0 [May 2 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode with network support
    User : Nancy [Administrator]
    Started from : E:\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 05/02/2016 23:06:48

    ¤¤¤ Processes : 1 ¤¤¤
    [PUP|VT.Unknown] (SVC) cherimoya -- system32\drivers\cherimoya.sys[x] -> Found

    ¤¤¤ Registry : 42 ¤¤¤
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\SoundPlus -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\CompeteInc -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\MPC -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Tutorials -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79F768ED-0B12-42EF-8257-36751A0ECF3A} (C:\Program Files\Faster Web\ShoppingOptimizerBHO.dll) -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79F768ED-0B12-42EF-8257-36751A0ECF3A} (C:\Program Files\Faster Web\ShoppingOptimizerBHO.dll) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Sound+ : "C:\Program Files\Sound+\Sound+.exe" [-] -> Not selected
    [VT.PUP.Optional.EoRezo] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | IDSCCOM30I : "C:\Program Files\Sound+\idsccom_30I.exe" [-] -> Deleted
    [VT.PUP.Optional.EoRezo] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | WINCOMFKK : "C:\Program Files (x86)\sunnyday\wincom_FKK.exe" [-] -> Deleted
    [VT.Unknown] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | cutoauto : "C:\Program Files (x86)\dissertation\zest.exe" [-] -> Not selected
    [VT.Unknown] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | pollen.exeundependable.exe : "C:\Program Files (x86)\dissertation\gaol.exe" [-] -> Not selected
    [VT.Unknown] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | interpee : "C:\Program Files (x86)\herc\undependable.exe" [-] -> Not selected
    [Suspicious.Path|VT.Gen:Variant.Graftor.282099] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ic-0.1fcc3ebbfe2ffc.exe -start : C:\Users\Nancy\AppData\Local\Temp\2464222\ic-0.1fcc3ebbfe2ffc.exe -start [-][x] -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | cpx : "C:\Program Files (x86)\cpx\cpx.exe" -starup [-][x] -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | msrtn32 : "C:\Program Files (x86)\msrtn32\msrtn32.exe" -startup=smartcpx -check=60 [-][x][x] -> Not selected
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1716612969-2344737603-4151003975-1000\Software\Microsoft\Windows\CurrentVersion\Run | Discord : C:\Users\Nancy\AppData\Local\Discord\app-0.0.288\Discord.exe [7] -> Not selected
    [PUP] (X64) HKEY_USERS\S-1-5-21-1716612969-2344737603-4151003975-1000\Software\Microsoft\Windows\CurrentVersion\Run | Itibiti.exe : C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [x] -> Not selected
    [VT.Rogue.TechSupportScam] (X64) HKEY_USERS\S-1-5-21-1716612969-2344737603-4151003975-1000\Software\Microsoft\Windows\CurrentVersion\Run | WindowsApplication : C:\Program Files (x86)\SecuriDex\WindowsApplication.exe [-] -> Deleted
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1716612969-2344737603-4151003975-1000\Software\Microsoft\Windows\CurrentVersion\Run | Discord : C:\Users\Nancy\AppData\Local\Discord\app-0.0.288\Discord.exe [7] -> Not selected
    [PUP] (X86) HKEY_USERS\S-1-5-21-1716612969-2344737603-4151003975-1000\Software\Microsoft\Windows\CurrentVersion\Run | Itibiti.exe : C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [x] -> Not selected
    [VT.Rogue.TechSupportScam] (X86) HKEY_USERS\S-1-5-21-1716612969-2344737603-4151003975-1000\Software\Microsoft\Windows\CurrentVersion\Run | WindowsApplication : C:\Program Files (x86)\SecuriDex\WindowsApplication.exe [-] -> ERROR [2]
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | IDSCPRODUCT : "C:\Program Files\Sound+\idscservice.exe" [-] -> Not selected
    [VT.UDS:DangerousObject.Multi.Generic] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | OTUTPRODUCT_8KXYV : "C:\Program Files (x86)\sunnyday\otutnetwork.exe" [-] -> Deleted
    [Suspicious.Path|VT.Unknown] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Fejku ("C:\Users\Nancy\AppData\Roaming\Reuopreux\Reuopreux.exe" -cms) -> Not selected
    [PUP|VT.PUP.Optional.MorePowerfulCleaner] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MPCProtectService ("C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe") -> ERROR [5]
    [PUP|Suspicious.Path|VT.PUP.Optional.CTProxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\windowsmanagementservice ("C:\Users\Nancy\AppData\Local\Temp\20160502\ct.exe" /svc) -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Wyaqki ("C:\Users\Nancy\AppData\Roaming\MoppoNutko\Gimcabr.exe" -cms) -> Not selected
    [PUP|VT.PUP.Optional.MorePowerfulCleaner] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPCProtectService ("C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe") -> ERROR [5]
    [PUP|Suspicious.Path|VT.PUP.Optional.CTProxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\windowsmanagementservice ("C:\Users\Nancy\AppData\Local\Temp\20160502\ct.exe" /svc) -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wyaqki ("C:\Users\Nancy\AppData\Roaming\MoppoNutko\Gimcabr.exe" -cms) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\consumerinput_update (C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe /svc) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\consumerinput_updatem (C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe /medsvc) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Wyaqki ("C:\Users\Nancy\AppData\Roaming\MoppoNutko\Gimcabr.exe" -cms) -> Not selected
    [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8877;https=127.0.0.1:8877 -> Not selected
    [PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8877;https=127.0.0.1:8877 -> Not selected
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.globasearch.com/?serie=209&b=3&installkey=8GNFbqDn2bhMTndMZwqT -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1716612969-2344737603-4151003975-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.globasearch.com/?serie=209&b=3&installkey=8GNFbqDn2bhMTndMZwqT -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1716612969-2344737603-4151003975-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.globasearch.com/?serie=209&b=3&installkey=8GNFbqDn2bhMTndMZwqT -> Not selected
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 4 ¤¤¤
    [PUP][File] C:\Windows\System32\drivers\cherimoya.sys -> Deleted
    [PUP][Folder] C:\Program Files (x86)\5CE2A480-1462148628-11DD-92D9-086266457D78 -> Deleted
    [PUP][File] C:\Program Files (x86)\5CE2A480-1462148628-11DD-92D9-086266457D78\Uninstall.exe -> Deleted
    [PUP][File] C:\Program Files (x86)\5CE2A480-1462148628-11DD-92D9-086266457D78\vnsa50EE.tmp -> Deleted
    [Tr.DNSPatcher|VT.Unknown][File] C:\Windows\System32\dnsapi.dll -> Replaced at reboot ( @src Microsoft Cloud)
    [Tr.DNSPatcher|VT.Unknown][File] C:\Windows\SysWOW64\dnsapi.dll -> Replaced at reboot ( @src Microsoft Cloud)

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Samsung SSD 850 EVO 120G SCSI Disk Device +++++
    --- User ---
    [MBR] f5af157e4ae16f9f10c5ed6796877e58
    [BSP] 368db2e99ac676e1f213dc5046c58dd1 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WDC WD5000AZLX-00CL5 SCSI Disk Device +++++
    --- User ---
    [MBR] 2fced5392cb00da71c48faf21e0e13b0
    [BSP] 2567b928404555fdad940e73d0c7ad1a : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: WDC WD10EZEX-00BN5A0 SCSI Disk Device +++++
    --- User ---
    [MBR] 44834567765e5a040870b1e366530bda
    [BSP] aaa5b515921cf4e952eefc2771c834bb : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK
     
  14. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    Here is the malware text log
     

    Attached Files:

  15. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    # AdwCleaner v5.115 - Logfile created 02/05/2016 at 23:59:42
    # Updated 01/05/2016 by Xplode
    # Database : 2016-05-01.2 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : Nancy - SILENT-KNIGHT
    # Running from : E:\Desktop\adwcleaner_5.115.exe
    # Option : Clean
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\ProgramData\App-verifier
    [#] Folder Deleted : C:\ProgramData\Application Data\App-verifier
    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC-Care
    [-] Folder Deleted : C:\Program Files (x86)\msrtn32
    [-] Folder Deleted : C:\Users\Nancy\AppData\Local\Temp\MPC
    [-] Folder Deleted : C:\Program Files\Advanced PC-Care

    ***** [ Files ] *****

    [-] File Deleted : C:\END
    [-] File Deleted : C:\appverifier.txt
    [-] File Deleted : C:\Users\Public\Desktop\Advanced PC-Care.lnk
    [-] File Deleted : C:\Users\Nancy\launcher.exe
    [-] File Deleted : E:\Desktop\Continue installation .lnk
    [-] File Deleted : E:\\END
    [#] File Deleted : E:\Desktop\Continue installation .lnk
    [#] File Deleted : E:\\END

    ***** [ DLLs ] *****

    [-] File Disinfected : C:\Windows\System32\dnsapi.dll
    [-] File Disinfected : C:\Windows\SysWOW64\dnsapi.dll

    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
    [-] Key Deleted : HKCU\Software\DAILYPCCLEAN
    [-] Key Deleted : HKCU\Software\IM
    [-] Key Deleted : HKCU\Software\MICROSOFT\OTUT
    [-] Key Deleted : HKCU\Software\Wizzlabs
    [-] Key Deleted : HKCU\Software\molecny
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\AppVerifier
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\bestpriceninja.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdncache-a.akamaihd.net
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hdapp1008-a.akamaihd.net
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\land.pckeeper.software
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pckeeper.software
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pstatic.bestpriceninja.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\video.hi.ru
    [-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
    [#] Value Deleted : HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]

    ***** [ Web browsers ] *****

    [-] [C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
    [-] [C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www-searching.com/?pid=s&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,&vp=ch&prd=set_ch
    [-] [C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,
    [-] [C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www-searching.com/?pid=s&s=G52ztutbl11AO,fb680527-04f7-4407-a27a-8c0d34b15c74,&vp=ch&prd=set_ch

    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [4473 bytes] - [02/05/2016 23:59:42]
    C:\AdwCleaner\AdwCleaner[S1].txt - [4788 bytes] - [02/05/2016 23:58:28]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4619 bytes] ##########
     
  16. Broni

    Broni Malware Annihilator Posts: 52,902   +344

    Please observe forum rules.
    All logs have to be pasted not attached.


    I still need JRT log.
     
  17. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    So something bad has happened :(. I ran the JRT program the 1st time and it created a huge log but I forgot to run it as admin. I thought that would be important, so I closed it and ran it as admin and now the log is close to empty and says file system: 0 and registry: 0. I would post it on here if I could but internet explorer has been deleted after this and I'm blocked from using chrome. I don't know what to do now >_<
     
  18. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    Malware text log:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/2/2016
    Scan Time: 11:29 PM
    Logfile: malware scan log.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.05.03.01
    Rootkit Database: v2016.04.17.01
    License: Trial
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Nancy

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 411596
    Time Elapsed: 4 min, 4 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 121
    PUP.Optional.Yelloader, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Dataup, Quarantined, [7805b71a1a7fae884d65918241c1758b],
    Adware.PennyBee, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Fejku, Quarantined, [9fde577a7326fc3adfe8d162b9495da3],
    PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCProtectService, Delete-on-Reboot, [b3ca3c95a5f4261007db788046bb2ad6],
    PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKpt, Delete-on-Reboot, [7409547db1e8c0764a572ed032cfdc24],
    Trojan.WinDriveUse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinDriveSvc, Quarantined, [3c41c60ba5f4280e86caa38b35cd7b85],
    Trojan.WinDriveUse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinDriveSvc2, Quarantined, [e598d7fafe9b092dd0800529c042af51],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\CLASSES\CLSID\{79F768ED-0B12-42EF-8257-36751A0ECF3A}, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{79F768ED-0B12-42EF-8257-36751A0ECF3A}, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\CLASSES\TYPELIB\{DC432F91-0963-46C4-A4FD-77568960DCE9}, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\CLASSES\INTERFACE\{5B4F3851-2F84-4D94-B435-ADECF283BF96}, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5B4F3851-2F84-4D94-B435-ADECF283BF96}, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{5B4F3851-2F84-4D94-B435-ADECF283BF96}, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DC432F91-0963-46C4-A4FD-77568960DCE9}, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{DC432F91-0963-46C4-A4FD-77568960DCE9}, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\CLASSES\ShoppingOptimizer.Addon.1, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\CLASSES\ShoppingOptimizer.Addon, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingOptimizer.Addon, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ShoppingOptimizer.Addon, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{79F768ED-0B12-42EF-8257-36751A0ECF3A}, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{79F768ED-0B12-42EF-8257-36751A0ECF3A}, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ShoppingOptimizer.Addon.1, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\CLASSES\WOW6432NODE\ShoppingOptimizer.Addon.1, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{79F768ED-0B12-42EF-8257-36751A0ECF3A}, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{79F768ED-0B12-42EF-8257-36751A0ECF3A}, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\CLASSES\CLSID\{79F768ED-0B12-42EF-8257-36751A0ECF3A}\INPROCSERVER32, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\CLASSES\APPID\{EF6177BB-4B35-4A5B-9EE8-DE8AA6328442}, Quarantined, [b9c4fbd66b2e4ee83f117484b74b46ba],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{EF6177BB-4B35-4A5B-9EE8-DE8AA6328442}, Quarantined, [b9c4fbd66b2e4ee83f117484b74b46ba],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{EF6177BB-4B35-4A5B-9EE8-DE8AA6328442}, Quarantined, [b9c4fbd66b2e4ee83f117484b74b46ba],
    Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}, Quarantined, [c0bd4d8498010135072b26dc4db622de],
    Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, Quarantined, [c0bd4d8498010135072b26dc4db622de],
    Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, Quarantined, [c0bd4d8498010135072b26dc4db622de],
    Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, Quarantined, [c0bd4d8498010135072b26dc4db622de],
    Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, Quarantined, [c0bd4d8498010135072b26dc4db622de],
    Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, Quarantined, [c0bd4d8498010135072b26dc4db622de],
    Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17}, Quarantined, [c0bd4d8498010135072b26dc4db622de],
    Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}, Quarantined, [c0bd4d8498010135072b26dc4db622de],
    Adware.Kajajugt, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, Quarantined, [c0bd4d8498010135072b26dc4db622de],
    Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{14EF423E-3EE8-44AE-9337-07AC3F27B744}, Quarantined, [c0bd4d8498010135072b26dc4db622de],
    Adware.Kajajugt, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}, Quarantined, [c0bd4d8498010135072b26dc4db622de],
    Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}, Quarantined, [abd2e2ef10891e189f2e26dabe45ed13],
    Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\prsetup.DynamicNS, Quarantined, [abd2e2ef10891e189f2e26dabe45ed13],
    Trojan.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\CLASSES\prsetup.DynamicNS, Quarantined, [abd2e2ef10891e189f2e26dabe45ed13],
    Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\prsetup.DynamicNS, Quarantined, [abd2e2ef10891e189f2e26dabe45ed13],
    Trojan.ProxyHijacker, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{C379EAD1-CB34-4B09-AF6B-7E587F8BCD80}, Quarantined, [abd2e2ef10891e189f2e26dabe45ed13],
    PUP.Optional.ConsumerInput, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [7c01b31e6237132382b6cf213dc5c53b],
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [423bb41dcccdb581c477fafe53af45bb],
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [423bb41dcccdb581c477fafe53af45bb],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [f58838999801f343f1821f498a7a29d7],
    PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [f58838999801f343f1821f498a7a29d7],
    PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [f58838999801f343f1821f498a7a29d7],
    PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [f58838999801f343f1821f498a7a29d7],
    PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [f58838999801f343f1821f498a7a29d7],
    PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [f58838999801f343f1821f498a7a29d7],
    PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [f58838999801f343f1821f498a7a29d7],
    PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{E7BC34A2-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [f58838999801f343f1821f498a7a29d7],
    PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [f58838999801f343f1821f498a7a29d7],
    PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [f58838999801f343f1821f498a7a29d7],
    PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\NTService.Control.1, Quarantined, [f58838999801f343f1821f498a7a29d7],
    PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\CLASSES\NTService.Control.1, Quarantined, [f58838999801f343f1821f498a7a29d7],
    PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\NTService.Control.1, Quarantined, [f58838999801f343f1821f498a7a29d7],
    PUP.Optional.Yelloader, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E7BC34A3-BA86-11CF-84B1-CBC2DA68BF6C}, Quarantined, [f58838999801f343f1821f498a7a29d7],
    Adware.EoRezo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\sunnyday_is1, Quarantined, [5d203b964d4c9d995242277f24e0f808],
    PUP.Optional.IDSCProduct, HKLM\SOFTWARE\CLASSES\CLSID\{5013A5D0-34A9-489F-BF9A-3A0E34D8902B}, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    PUP.Optional.IDSCProduct, HKLM\SOFTWARE\CLASSES\CLSID\{B43F10EC-BD1C-48D5-A123-3DCA3321C187}, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SoundPlus, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    Trojan.WinDriveUse, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Window Drive Manager, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    PUP.Optional.AdvancedPCCare, HKLM\SOFTWARE\advancedpccare.net, Quarantined, [6f0ecd040f8a44f29880b2dc08fc768a],
    Trojan.WinDriveUse, HKLM\SOFTWARE\okwindriveuse, Quarantined, [f885834ee5b40d29b4d116a3a85c629e],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\CLASSES\APPID\ShoppingOptimizerBHO.DLL, Quarantined, [67165b76c4d5de581c011b4e31d339c7],
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E, Quarantined, [a8d5fcd5f2a7c57194959505c63e2cd4],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\ShoppingOptimizerBHO.DLL, Quarantined, [f8852fa2debb56e0968787e2e71d04fc],
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E, Quarantined, [2c5168698514bc7a8d9c5f3b9e669e62],
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A016C69-5B92-4B48-8479-6259452DB079}, Delete-on-Reboot, [06772fa2a1f89d994f5096229e66e61a],
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A73C705E-F94B-4A76-8E05-C6810F0AD3BC}, Delete-on-Reboot, [423b1eb3b5e431055b447147c0441ce4],
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C185284E-5925-4C1F-A479-452FCE58FA25}, Delete-on-Reboot, [1766ae235049fe38a6f8ad0bf70dc739],
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E99EEC14-BB1C-4282-A4C1-A6BDB0A775BE}, Delete-on-Reboot, [7eff8e43c2d79f97029cbff9a0641ae6],
    PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\3409948, Delete-on-Reboot, [d9a45978c8d1ce6842cf8223778df60a],
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CIMT_daily_S-1-5-21-1716612969-2344737603-4151003975-1000, Delete-on-Reboot, [fd8089485d3ccd69aebded3f6e960ef2],
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CIMT_S-1-5-21-1716612969-2344737603-4151003975-1000, Delete-on-Reboot, [bebfa52c06934beb78f4e14b3dc7e21e],
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ConsumerInputUpdateTaskMachineCore, Delete-on-Reboot, [3a43d8f99306cc6ab4b9ed3fa361a35d],
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ConsumerInputUpdateTaskMachineUA, Delete-on-Reboot, [82fbd4fd09904ee8432a40ec679d6a96],
    PUP.Optional.Loader, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\PaintTool SAI, Delete-on-Reboot, [5a23c40dcacf132341c191beec17629e],
    PUP.Optional.IDSCProduct, HKLM\SOFTWARE\SOUNDPLUS, Quarantined, [0f6e28a90792ed49d95018a1af5509f7],
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CompeteInc, Quarantined, [56277e5384150d2993b652cb06febb45],
    Trojan.WinDriveUse, HKLM\SOFTWARE\WOW6432NODE\okwindriveuse, Quarantined, [9fde7c557f1af343424341786b998878],
    PUP.Optional.SecuriDex, HKLM\SOFTWARE\WOW6432NODE\SecuriDex, Quarantined, [e89505cc2e6b2e083b7be061808340c0],
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\ShoppingOptimizerBHO.DLL, Quarantined, [156820b1a2f7280e968743263ec627d9],
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E, Quarantined, [99e429a83564e0563eebc2d8a163ba46],
    PUP.Optional.GlobalSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [473601d093066ec828702f20f40f31cf],
    PUP.Optional.BuzzingDhol, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Buzzing Dhol 9.1.1, Quarantined, [6a1340919603d95d9d60585212f204fc],
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}, Quarantined, [acd17e53831643f3442a111b778dc739],
    PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC, Delete-on-Reboot, [c3baeee37c1d59ddf62afcb5d133639d],
    PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, Quarantined, [a1dc04cd891048ee8e7c1e3e1fe5c23e],
    PUP.Optional.AppVerifier, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppVerifier, Quarantined, [334a38992871e254d04a206e0400d729],
    Rootkit.Cherimoya.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cherimoya, Quarantined, [126b30a17e1bf73fc1c7d0dcb3515aa6],
    PUP.Optional.ConsumerInput, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Compete, Quarantined, [b0cd6f626b2ec274bd1d405d35cf7a86],
    PUP.Optional.AdvancedPCCare, HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\advancedpccare.net, Quarantined, [86f72da4a4f5c373d44305890bf9768a],
    PUP.Optional.IDSCProduct, HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\MICROSOFT\IDSC, Quarantined, [522b61707f1a41f5c0f2fbbf73915aa6],
    PUP.Optional.Clicker.ChrPRST, HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\BF813C93_0, Quarantined, [dca1963bd3c673c3a07d73d3a85bd32d],
    PUP.Optional.GlobalSearch.ShrtCln, HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [94e9cf02d3c683b3bbdc4b045fa4cf31],
    PUP.Optional.Hicosmea, HKU\S-1-5-21-1716612969-2344737603-4151003975-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}, Quarantined, [bbc215bc0693e84e602d3ce28480c53b],
    PUP.Optional.FasterWeb, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Faster Web, Quarantined, [106d626fe4b538fe6e0a53edac57b24e],

    Registry Values: 40
    PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Sound+, "C:\Program Files\Sound+\Sound+.exe", Quarantined, [c2bb8c452772f0467f239b9215ed5fa1]
    PUP.Optional.DotDo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cutoauto, "C:\Program Files (x86)\dissertation\zest.exe", Quarantined, [3f3eb91833665dd9aaad05311be7c43c]
    PUP.Optional.DotDo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cutoauto, "C:\Program Files (x86)\dissertation\zest.exe", Quarantined, [3f3eb91833665dd9aaad05311be7c43c]
    PUP.Optional.DotDo.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|interpee, "C:\Program Files (x86)\herc\undependable.exe", Quarantined, [b0cd8948e8b1be782464959453aff808]
    PUP.Optional.DotDo.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|interpee, "C:\Program Files (x86)\herc\undependable.exe", Quarantined, [b0cd8948e8b1be782464959453aff808]
    PUP.Optional.Yelloader, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|msrtn32, "C:\Program Files (x86)\msrtn32\msrtn32.exe" -startup=smartcpx -check=60, Quarantined, [631a577a7b1e290d08a9ff1418eacb35]
    PUP.Optional.CPX, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|cpx, "C:\Program Files (x86)\cpx\cpx.exe" -starup, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9]
    PUP.Optional.Caster, HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Caster, C:\Program Files\Caster\wizzcaster.exe, Quarantined, [3b427a57d6c31a1cc2b8d1e605ffda26]
    PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|IDSCPRODUCT, "C:\Program Files\Sound+\idscservice.exe", Quarantined, [5825efe2c0d962d423e61b9eb74dac54]
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E|ProductName, Consumer Input Update Helper, Quarantined, [a8d5fcd5f2a7c57194959505c63e2cd4]
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E|ProductName, Consumer Input Update Helper, Quarantined, [2c5168698514bc7a8d9c5f3b9e669e62]
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}|AppPath, C:\Program Files (x86)\Consumer Input\InternetExplorer, Quarantined, [1865ce03c5d43ff7fe92194e7094f10f]
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5A016C69-5B92-4B48-8479-6259452DB079}|Path, \ConsumerInputUpdateTaskMachineCore, Delete-on-Reboot, [06772fa2a1f89d994f5096229e66e61a]
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A73C705E-F94B-4A76-8E05-C6810F0AD3BC}|Path, \ConsumerInputUpdateTaskMachineUA, Delete-on-Reboot, [423b1eb3b5e431055b447147c0441ce4]
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C185284E-5925-4C1F-A479-452FCE58FA25}|Path, \CIMT_daily_S-1-5-21-1716612969-2344737603-4151003975-1000, Delete-on-Reboot, [1766ae235049fe38a6f8ad0bf70dc739]
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E99EEC14-BB1C-4282-A4C1-A6BDB0A775BE}|Path, \CIMT_S-1-5-21-1716612969-2344737603-4151003975-1000, Delete-on-Reboot, [7eff8e43c2d79f97029cbff9a0641ae6]
    PUM.Optional.ProxyHijacker, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8877;https=127.0.0.1:8877, Quarantined, [334aa52c3a5f0e28163e68dc31d2fe02]
    PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|autoauto, notepad, Quarantined, [c6b7e9e8e9b0d75fc9994ff5d231db25]
    PUP.Optional.IDSCProduct, HKLM\SOFTWARE\SOUNDPLUS|InstallPath, C:\Program Files\Sound+, Quarantined, [0f6e28a90792ed49d95018a1af5509f7]
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E|ProductName, Consumer Input Update Helper, Quarantined, [99e429a83564e0563eebc2d8a163ba46]
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}|AppPath, C:\Program Files (x86)\Consumer Input\InternetExplorer, Quarantined, [fc8110c1c6d3a4924d432344d33110f0]
    PUP.Optional.GlobalSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.globasearch.com/?serie=209&installkey=8GNFbqDn2bhMTndMZwqT&b=3&q={searchTerms}, Quarantined, [473601d093066ec828702f20f40f31cf]
    PUM.Optional.ProxyHijacker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:8877;https=127.0.0.1:8877, Quarantined, [5627ede40990a294bb99de668e7510f0]
    PUP.Optional.OneSoftPerDay, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ospd_us_014010315, Quarantined, [bdc0fdd40594a78f9955c880b1535fa1],
    PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|autoauto, notepad, Quarantined, [fb82349d92070c2a243e92b2b152da26]
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}|DisplayName, Consumer Input Update Helper, Quarantined, [acd17e53831643f3442a111b778dc739]
    PUP.Optional.iDealsShoppingOptimizer, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|jid1-xNAj4KGyf5wyhg@jetpack, C:\Program Files (x86)\Faster Web\faster-web.xpi, Quarantined, [d7a615bc712867cf52d9b38929db8779]
    PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC|Location, C:\Program Files (x86)\MPC Cleaner, Delete-on-Reboot, [c3baeee37c1d59ddf62afcb5d133639d]
    PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 71A1DCA5-1785-45A1-83CA-00FC5CF9442E, Quarantined, [a1dc04cd891048ee8e7c1e3e1fe5c23e]
    PUP.Optional.DataUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\DATAUP|ImagePath, C:\Program Files (x86)\dataup\dataup.exe, Quarantined, [334af1e0881138fea8909110669e718f]
    PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKPT|Description, MPC Driver, Delete-on-Reboot, [2855973abddc80b64ed3981952b2c23e]
    PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCPROTECTSERVICE|ImagePath, "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe", Delete-on-Reboot, [b8c5a03195046cca946c72409e669c64]
    Trojan.WinDriveUse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDRIVESVC|DisplayName, Window Drive Manager, Quarantined, [6f0eeae7a2f761d51e68a514aa5a718f]
    Trojan.WinDriveUse, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDRIVESVC2|DisplayName, Window Drive Manager2, Quarantined, [e994ce033f5ac076d9ae9e1b7a8aa858]
    PUP.Optional.IDSCProduct, HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\MICROSOFT\IDSC|partner, installcapital, Quarantined, [522b61707f1a41f5c0f2fbbf73915aa6]
    PUP.Optional.Clicker.ChrPRST, HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\AUDIO\POLICYCONFIG\PROPERTYSTORE\bf813c93_0, {0.0.0.00000000}.{57a97c05-2550-483e-aa4e-bfd10e0bd8f2}|\Device\HarddiskVolume2\Program Files (x86)\msrtn32\cdhtr.exe%b{00000000-0000-0000-0000-000000000000}, Quarantined, [dca1963bd3c673c3a07d73d3a85bd32d]
    PUP.Optional.GlobalSearch.ShrtCln, HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.globasearch.com/?serie=209&installkey=8GNFbqDn2bhMTndMZwqT&b=3&q={searchTerms}, Quarantined, [94e9cf02d3c683b3bbdc4b045fa4cf31]
    PUM.Optional.LowRiskFileTypes, HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ASSOCIATIONS|LowRiskFileTypes, .avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;, Quarantined, [fb82e1f0881159dd3f509af655af768a]
    PUP.Optional.BuzzingDhol, HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Buzzing Dhol, C:\Windows\Buzzing Dhol\Buzzing Dhol\Buzzing Dhol.exe, Quarantined, [8eefc50cdbbe1d199068b3f711f38080]
    PUP.Optional.BuzzingDhol, HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Buzzing Dhol.exe, C:\Windows\Buzzing Dhol\Buzzing Dhol\Buzzing Dhol.exe, Quarantined, [8eefc50cdbbe1d199068b3f711f38080]
     
  19. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    Registry Data: 7
    Hijack.GlobaSearch.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.globasearch.com/?serie=209&b=3&installkey=8GNFbqDn2bhMTndMZwqT, Good: (www.google.com), Bad: (http://www.globasearch.com/?serie=209&b=3&installkey=8GNFbqDn2bhMTndMZwqT),Replaced,[5f1e18b93b5e39fdbbd2bc920df814ec]
    Hijack.GlobaSearch.C, HKU\S-1-5-21-1716612969-2344737603-4151003975-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.globasearch.com/?serie=209&b=3&installkey=8GNFbqDn2bhMTndMZwqT, Good: (www.google.com), Bad: (http://www.globasearch.com/?serie=209&b=3&installkey=8GNFbqDn2bhMTndMZwqT),Replaced,[443923ae465316201973173743c2b947]
    Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{6449D0BE-28E6-4DF4-86E1-E8DBDAB81AD7}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[87f6a130f3a652e45dc8282bff0649b7]
    Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{84671553-780E-457A-9DD1-AC5CE071EDB5}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[a3da20b1e8b18caaa283d87bb35238c8]
    Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[4c31f0e101983303f92c4c0759ac827e]
    Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{E8CCB68E-BEC6-4D4C-8BA5-713CB8597C08}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[215c2aa7e9b05dd9ce57391a40c52bd5]
    Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{F9DDD216-3185-4A5C-BE80-E17E653E0231}|NameServer, 104.197.191.4, Good: (), Bad: (104.197.191.4),Replaced,[0c71f9d8c4d5b48247de0053c93c10f0]

    Folders: 64
    PUP.Optional.CPX, C:\Program Files (x86)\cpx, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\PepperFlash, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.Yelloader, C:\Program Files (x86)\dataup, Quarantined, [f58838999801f343f1821f498a7a29d7],
    PUP.Optional.VBates, C:\Users\Nancy\AppData\LocalLow\Company\Product\1.0, Quarantined, [6b124f82b9e0280e643e88e40103956b],
    PUP.Optional.VBates, C:\Users\Nancy\AppData\LocalLow\Company\Product, Quarantined, [6b124f82b9e0280e643e88e40103956b],
    PUP.Optional.FreeTheMediaPlayer, C:\Users\Nancy\AppData\Local\Shortcut Installer, Quarantined, [fa83dff2a6f384b205694261c341ea16],
    Adware.EoRezo, C:\Program Files (x86)\sunnyday, Quarantined, [5d203b964d4c9d995242277f24e0f808],
    PUP.Optional.MorePowerfulCleaner, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC, Quarantined, [255823aea2f7c86e9bbcbeebe91ba55b],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner, Delete-on-Reboot, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Exe, Delete-on-Reboot, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config, Delete-on-Reboot, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB, Delete-on-Reboot, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers, Delete-on-Reboot, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image, Delete-on-Reboot, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon, Delete-on-Reboot, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon, Delete-on-Reboot, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon, Delete-on-Reboot, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT, Delete-on-Reboot, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin, Delete-on-Reboot, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Cleaner, Delete-on-Reboot, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\CrashReport, Delete-on-Reboot, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\News, Delete-on-Reboot, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Tray, Delete-on-Reboot, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Uninstall, Delete-on-Reboot, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+\config, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache\GPUCache, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache1, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache1\GPUCache, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\plugins, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\Update, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Rogue.RegTool, C:\Program Files (x86)\regtool, Quarantined, [512c834e1287ff37ae0a22e4d82b936d],
    PUP.Optional.Mstrn, C:\Users\Nancy\AppData\Local\mstrn32, Quarantined, [90edd8f9ddbc54e263b19e792ed5a55b],
    PUP.Optional.Mstrn, C:\Users\Nancy\AppData\Local\mstrn32\dump, Quarantined, [90edd8f9ddbc54e263b19e792ed5a55b],
    PUP.Optional.ConvertAd, C:\Users\Nancy\AppData\Roaming\NUIns, Quarantined, [daa3369b772282b4f9ce88b15aa92fd1],
    PUP.Optional.VBates, C:\Users\Nancy\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}, Quarantined, [bbc211c08019df57ce8957e3be452ed2],
    PUP.Optional.VBates, C:\Users\Nancy\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}, Quarantined, [bbc211c08019df57ce8957e3be452ed2],
    PUP.Optional.VBates, C:\Users\Nancy\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5, Quarantined, [bbc211c08019df57ce8957e3be452ed2],
    PUP.Optional.AdvancedPCCare, C:\ProgramData\advancedpccare.net, Quarantined, [89f47061b7e251e50aecc179659e3cc4],
    PUP.Optional.AdvancedPCCare, C:\ProgramData\advancedpccare.net\Advanced PC-Care, Quarantined, [89f47061b7e251e50aecc179659e3cc4],
    PUP.Optional.AdvancedPCCare, C:\Users\Nancy\AppData\Roaming\Advancedpccare.net, Quarantined, [324bcf028f0a1c1a39bd96a44ab90ff1],
    PUP.Optional.AdvancedPCCare, C:\Users\Nancy\AppData\Roaming\Advancedpccare.net\Advanced PC-Care, Quarantined, [324bcf028f0a1c1a39bd96a44ab90ff1],
    PUP.Optional.VBates.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}, Quarantined, [186516bbff9acc6a60ba8cb063a03cc4],
    PUP.Optional.VBates.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}, Quarantined, [186516bbff9acc6a60ba8cb063a03cc4],
    PUP.Optional.VBates.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5, Quarantined, [186516bbff9acc6a60ba8cb063a03cc4],
    PUP.Optional.FasterWeb, C:\Program Files\Faster Web, Quarantined, [ea93eae76e2bf93df5837cc4996ab848],
    PUP.Optional.FasterWeb, C:\Program Files (x86)\Faster Web, Quarantined, [106d626fe4b538fe6e0a53edac57b24e],
    PUP.Optional.BuzzingDhol, C:\Windows\Buzzing Dhol, Quarantined, [80fd14bd3564f1458d760b3631d2f40c],
    PUP.Optional.BuzzingDhol, C:\Windows\Buzzing Dhol\Buzzing Dhol, Quarantined, [80fd14bd3564f1458d760b3631d2f40c],
    PUP.Optional.IDSCProduct, C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sound+ 1.0, Quarantined, [027b01d06138fd392929241d51b22ed2],
    PUP.Optional.Tuto4PC, C:\Users\Nancy\AppData\Local\tuto_monetize_120160501, Quarantined, [9ce1a031d9c0de584a11b38e62a11de3],
    PUP.Optional.Tuto4PC, C:\Users\Nancy\AppData\Local\tuto_monetize_120160501\tuto_monetize_120160501, Quarantined, [9ce1a031d9c0de584a11b38e62a11de3],
    PUP.Optional.Tuto4PC, C:\Users\Nancy\AppData\Local\tuto_monetize_120160501\tuto_monetize_120160501\1.10, Quarantined, [9ce1a031d9c0de584a11b38e62a11de3],
    PUP.Optional.Tuto4PC, C:\Users\Nancy\AppData\Local\csdi_monetize_120160501, Quarantined, [bac3626f504966d05ffc7cc53ec58878],
    PUP.Optional.Tuto4PC, C:\Users\Nancy\AppData\Local\csdi_monetize_120160501\csdi_monetize_120160501, Quarantined, [bac3626f504966d05ffc7cc53ec58878],
    PUP.Optional.Tuto4PC, C:\Users\Nancy\AppData\Local\csdi_monetize_120160501\csdi_monetize_120160501\1.10, Quarantined, [bac3626f504966d05ffc7cc53ec58878],
    PUP.Optional.Tuto4PC, C:\Users\Nancy\AppData\Local\csdi_monetize_220160428, Quarantined, [631ab51cfd9c9c9a8bd083be867d4ab6],
    PUP.Optional.Tuto4PC, C:\Users\Nancy\AppData\Local\csdi_monetize_220160428\csdi_monetize_220160428, Quarantined, [631ab51cfd9c9c9a8bd083be867d4ab6],
    PUP.Optional.Tuto4PC, C:\Users\Nancy\AppData\Local\csdi_monetize_220160428\csdi_monetize_220160428\1.10, Quarantined, [631ab51cfd9c9c9a8bd083be867d4ab6],
    PUP.Optional.Clicker.ChrPRST, C:\Users\Nancy\AppData\Local\cpx, Quarantined, [bfbeb51c97024de90465fc81d92c31cf],

    Files: 513
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+\Sound+.exe, Quarantined, [c2bb8c452772f0467f239b9215ed5fa1],
    PUP.Optional.DotDo, C:\Program Files (x86)\dissertation\zest.exe, Quarantined, [3f3eb91833665dd9aaad05311be7c43c],
    PUP.Optional.DotDo.PrxySvrRST, C:\Program Files (x86)\herc\undependable.exe, Quarantined, [b0cd8948e8b1be782464959453aff808],
    PUP.Optional.Yelloader, C:\Program Files (x86)\msrtn32\msrtn32.exe, Quarantined, [631a577a7b1e290d08a9ff1418eacb35],
    PUP.Optional.Yelloader, C:\Program Files (x86)\dataup\dataup.exe, Quarantined, [7805b71a1a7fae884d65918241c1758b],
    Adware.PennyBee, C:\Users\Nancy\AppData\Roaming\Reuopreux\Reuopreux.exe, Quarantined, [9fde577a7326fc3adfe8d162b9495da3],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe, Quarantined, [b3ca3c95a5f4261007db788046bb2ad6],
    PUP.Optional.MorePowerfulCleaner, C:\Windows\System32\drivers\MPCKpt.sys, Quarantined, [7409547db1e8c0764a572ed032cfdc24],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\WinDriveSync.exe, Quarantined, [3c41c60ba5f4280e86caa38b35cd7b85],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\WinDriveSync_.exe, Quarantined, [e598d7fafe9b092dd0800529c042af51],
    PUP.Optional.iDealsShoppingOptimizer, C:\Program Files\Faster Web\ShoppingOptimizerBHO.dll, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    PUP.Optional.iDealsShoppingOptimizer, C:\Program Files (x86)\Faster Web\ShoppingOptimizerBHO.dll, Quarantined, [a8d5a22f5445a6902c3a3a3229dce31d],
    Rootkit.Agent, C:\ProgramData\RogueKiller\Quarantine\FB138145402BC518.vir, Quarantined, [c7b611c06435b482cd0737fc828059a7],
    PUP.Optional.Linkury, C:\Users\Nancy\AppData\Roaming\Kontough.bin, Quarantined, [4d309c35d6c347ef20ab3afeab5a1fe1],
    Adware.ConvertAd, C:\Users\Nancy\AppData\Roaming\NUIns\NUIns.exe, Quarantined, [2657e6eb841594a2f0e1b45bbe44fd03],
    Adware.ConvertAd, C:\Users\Nancy\AppData\Roaming\NUIns\Uninstall.exe, Quarantined, [cdb079581188d462b41db05fee145fa1],
    PUP.Optional.EoRezo, C:\Program Files\Sound+\idsccom_30I.exe, Quarantined, [e39aa92871286acc8b20de28e51b649c],
    PUP.Optional.Yelloader, C:\Program Files (x86)\regtool\regtool.exe, Quarantined, [116c3998633626108bf77bbeb052c739],
    Rogue.TechSupportScam, C:\Program Files (x86)\SecuriDex\WindowsApplication.exe, Quarantined, [6a13458c9dfc0432ddb79f80b34fd32d],
    PUP.Optional.EoRezo, C:\Program Files (x86)\sunnyday\wincom_FKK.exe, Quarantined, [2c51478aeeabfd398b20c73f718fb848],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\windrivetask.exe, Quarantined, [90edf1e0f0a9ba7c53fd0f1f8280ae52],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\windrivetask_.exe, Quarantined, [e09d0fc2f4a5aa8cfb55f43a31d17888],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\WinDriveUse.exe, Quarantined, [b9c4ae23e5b4a1955df3b678cc36c838],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\WinDriveUse_.exe, Quarantined, [225b5f720a8fca6c5ff145e9ab5709f7],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll64.dll, Quarantined, [b6c79140a7f2b28441a11eda22dfc33d],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\BrowserPlugIn.dll, Quarantined, [730af7da8a0f45f1439fbb3d25dc0000],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Cleaner.dll, Quarantined, [433acd0452470d29b32fda1e49b8fb05],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Database.dll, Quarantined, [3b421fb2b0e991a570725e9ad130fa06],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LogReport.dll, Quarantined, [d8a59a378d0c59dd8b57b5437091b848],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LpcManager.dll, Quarantined, [3e3fb51c039695a1707228d0b44ded13],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MainFrame.dll, Quarantined, [7d0068696f2aea4ca83a8b6d768b0df3],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Monitor.dll, Quarantined, [ceafc40d4a4f2511a73b8474b34e46ba],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPC.exe, Quarantined, [790424ad5e3b14225c86ae4a7f82a060],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCAutoClean.exe, Quarantined, [77064889aaef3bfba33f97612dd444bc],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCNews.exe, Quarantined, [5924a1300c8d4beb2cb616e2c14008f8],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Quarantined, [6c11ede49efbd5617a68ef09fe03758b],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCSecurity.exe, Quarantined, [90ed14bdb0e9f541944ef9ff4db4bf41],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCSetting.exe, Quarantined, [15687a574554a78fecf6df19ac55f20e],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCTray.exe, Quarantined, [037aede4227769cd647ecf29b849e020],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe, Quarantined, [e994fdd426731e186d758177e71a31cf],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Report.dll, Quarantined, [770607ca11881323578b788035cc53ad],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi.dll, Quarantined, [b1ccfdd43366cc6a4d95a850b051a957],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi64.dll, Quarantined, [93eab41d5c3d4de9756d01f736cb7c84],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeProtect.dll, Quarantined, [a7d6f1e09603b87e7d65698f08f943bd],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SetupFrame.dll, Quarantined, [4b3202cf1386c3735a883fb9b849c43c],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TrayFrame.dll, Quarantined, [e4994b866d2cdc5ab72b6c8cc33ea35d],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Uninstall.exe, Quarantined, [dca1cf02990089ad33af7583cc3516ea],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\UninstallFrame.dll, Quarantined, [037af0e188117bbb00e24dab6a97b24e],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\UninstDelete.exe, Quarantined, [1a634190ff9a1c1a2fb39464a65bd22e],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Update.dll, Quarantined, [98e56f62bcddf046c31f6098d22ff60a],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\UpdateHost.exe, Quarantined, [512ca62b069354e20cd658a030d1ba46],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Upgrade.dll, Quarantined, [780531a042576bcbb52d1cdcfb06de22],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Web.dll, Quarantined, [4538cb063960df5732b076827d8431cf],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\WinService.dll, Quarantined, [e796379acacff73f31b149afd8293ec2],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XBus.dll, Quarantined, [1a6379580396d165984a39bfd928817f],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XProcessBus.dll, Quarantined, [e697be13b5e445f1d11114e417ea39c7],
    PUP.Optional.Yelloader, C:\Program Files (x86)\msrtn32\cdhtr.exe, Quarantined, [c8b502cfc8d1ca6c3779c54e58aa7f81],
    PUP.Optional.Yelloader, C:\Program Files (x86)\msrtn32\rthdcpd.exe, Quarantined, [5726b21feeab22141c930a0957ab738d],
    PUP.Optional.DotDo.PrxySvrRST, C:\Program Files (x86)\herc\settings.dll, Quarantined, [5e1f8b465643261096813303936f718f],
    PUP.Optional.S5Mark, C:\$Recycle.Bin\S-1-5-21-1716612969-2344737603-4151003975-1000\$RJLEUAG\ur.exe, Quarantined, [89f4fcd5564361d5e2a88b813fc63fc1],
    PUP.Optional.Hicosmea, C:\$Recycle.Bin\S-1-5-21-1716612969-2344737603-4151003975-1000\$RSDU111\apntob.dll, Quarantined, [b9c4bd1489105bdbd8c282ab30d29f61],
    PUP.Optional.Hicosmea, C:\$Recycle.Bin\S-1-5-21-1716612969-2344737603-4151003975-1000\$RSDU111\ryseas.dll, Quarantined, [720b30a187127cbadcbfd4599072ac54],
    PUP.Optional.SystemHealer, C:\Users\Nancy\AppData\Local\Temp\awh5BA9.tmp, Quarantined, [c0bd40918d0cf04673e9566b51b03ec2],
    PUP.Optional.BuzzingDhol, C:\Users\Nancy\AppData\Local\Temp\awh5BF9.tmp, Quarantined, [6716993829702b0bb2ede91525dc50b0],
    PUP.Optional.SystemHealer, C:\Users\Nancy\AppData\Local\Temp\awhDE01.tmp, Quarantined, [93ea834e8a0fcd691a42a51c1fe2ad53],
    PUP.Optional.NoteUp, C:\Users\Nancy\AppData\Local\Temp\nsf515E.tmp, Quarantined, [5429527f1881c274e77f2a4c14ed8d73],
    PUP.Optional.Goobzo, C:\Users\Nancy\AppData\Local\Temp\SMW1989.tmp, Quarantined, [1667963b32671a1c22f1cd4f9e64b749],
    Adware.ConvertAd, C:\Users\Nancy\AppData\Local\Temp\nsvA17F.tmp, Quarantined, [0f6eae238f0a2f07b21f69a679898a76],
    PUP.Optional.DNSio, C:\Users\Nancy\AppData\Local\Temp\io1.exe, Quarantined, [bdc0a8298b0ea98df3f6b2c1eb151ce4],
    Trojan.Dropper.IR, C:\Users\Nancy\AppData\Local\Temp\appstart.exe, Quarantined, [1b62f0e1d5c448eea9692b09f111ba46],
    Trojan.Injector.VB, C:\Users\Nancy\AppData\Local\Temp\dxdiag.exe, Quarantined, [d9a4eee3dfbad660af120f6224dc1ce4],
    PUP.Optional.IStartSurf, C:\Users\Nancy\AppData\Local\Temp\CodecFixDivx.exe, Quarantined, [35486b663c5d84b2739fc4642dd5ca36],
    PUP.Optional.Compete, C:\Users\Nancy\AppData\Local\Temp\compete.exe, Quarantined, [7d001ab78514300683df1a595aabdf21],
    PUP.Optional.StartSurf, C:\Users\Nancy\AppData\Local\Temp\002591e3.a, Quarantined, [8cf1824f0b8ed66063e7d611738e7888],
    Adware.IStartSurf, C:\Users\Nancy\AppData\Local\Temp\002599b0.a, Quarantined, [d3aac50c465320164a1544c4f210738d],
    PUP.Optional.Amonetize, C:\Users\Nancy\AppData\Local\Temp\sdf5CC0.exe, Quarantined, [c6b77d54a1f859dda875df55659ddb25],
    PUP.Optional.IDSCProduct, C:\Users\Nancy\AppData\Local\Temp\3KL1WNNPBJ.exe, Quarantined, [c8b56c65603925117929200d0ef48878],
    PUP.Optional.TrailerWatch, C:\Users\Nancy\AppData\Local\Temp\awhDF5C.tmp, Quarantined, [136af1e07128d16580a69d810df5db25],
    Adware.Downloader, C:\Users\Nancy\AppData\Local\Temp\KTRKZ7NO4\KTRKZ7NO4.exe, Quarantined, [6c116d64c5d4ce68db481324d32f33cd],
    PUP.Optional.DNSio, C:\Users\Nancy\AppData\Local\Temp\2464222\ic-0.0b550131c855c8.exe, Quarantined, [1e5f9938aeebe74f6485a5ce60a0cb35],
    PUP.Optional.PennyBee, C:\Users\Nancy\AppData\Local\Temp\2464222\ic-0.21715ad1c05638.exe, Quarantined, [46379a378d0c1a1c0316914c19e89c64],
    PUP.Optional.ConsumerInput, C:\Users\Nancy\AppData\Local\Temp\2464222\ic-0.6e45cea7ff5f28.exe, Quarantined, [7efff7da1d7c81b5990f1a57eb1a5ca4],
    PUP.Optional.WeatherChicken, C:\Users\Nancy\AppData\Local\Temp\2464222\ic-0.8659194f46e84.exe, Quarantined, [225bc011c2d7d46256ab41f0eb1716ea],
    Adware.Agent, C:\Users\Nancy\AppData\Local\Temp\nsm53EB.tmp\ttwifi.exe, Quarantined, [245900d1603903335f41c758bd45916f],
    PUP.Optional.Amonetize, C:\Users\Nancy\AppData\Local\Temp\nsr4433.tmp\amisid.exe, Quarantined, [6c11fcd596032115cbaad38d2fd26c94],
    PUP.Optional.ConsumerInput, C:\Users\Nancy\AppData\Local\Temp\is-2SEJD.tmp\c10w.exe, Quarantined, [3d40bb161e7bf3435a268e4155ac02fe],
    PUP.Optional.RVPlatform, C:\Users\Nancy\AppData\Local\Temp\is-3GA3E.tmp\dm.exe, Quarantined, [89f4666b653452e4c13a7fd9ab55db25],
    PUP.Optional.Tuto4PC, C:\Users\Nancy\AppData\Local\Temp\is-CKFTK.tmp\cibtdm.exe, Quarantined, [e99413bef2a7c86e08b7452750b0b947],
    PUP.Optional.SecuriDex, C:\Users\Nancy\AppData\Local\Temp\NAK6E3AOG\NAK6E3AOG.exe, Quarantined, [ef8e24add9c0ce68a601ab8a659d936d],
    PUP.Optional.Tuto4PC, C:\Users\Nancy\AppData\Local\Temp\QS1LM4JKH\QS1LM4JKH.exe, Quarantined, [39443a978118181e860942e0af53c23e],
    PUP.Optional.Tuto4PC, C:\Users\Nancy\AppData\Local\Temp\DRU893N7E\DRU893N7E.exe, Quarantined, [f38a468b5d3c56e0ace38b9750b222de],
    PUP.Optional.S5Mark, C:\Users\Nancy\AppData\Local\Temp\1462149135\s5mark_install_629.exe, Quarantined, [93eac70ad2c715212b5e26e66f9619e7],
    PUP.Optional.S5Mark, C:\Users\Nancy\AppData\Local\Temp\1462149135\s5mark_install_629.zip, Quarantined, [1964735e65345ed8b5d45cb034d158a8],
    PUP.Optional.CTProxy, C:\Users\Nancy\AppData\Local\Temp\20160502\ct.exe, Quarantined, [1a63d4fd702967cf6c3cfb23e41e12ee],
    Adware.Agent, C:\Users\Nancy\AppData\Local\Temp\7Z90WUR72\ttwifi.exe, Quarantined, [d5a849881188d462653b30ef61a1c838],
    Trojan.Dropper.IR, C:\Users\Nancy\AppData\Local\Temp\_ir_sf_temp_6\after.exe, Quarantined, [c2bbf8d96732a98d75c49c98cb37bb45],
    PUP.Optional.OpenCandy, C:\Users\Nancy\AppData\Local\Temp\HYD2B38.tmp.1458090878\HTA\install.1458090878.zip, Quarantined, [3f3e20b1e9b0999decfb102ac83df30d],
    PUP.Optional.OpenCandy, C:\Users\Nancy\AppData\Local\Temp\HYD2B38.tmp.1458090878\HTA\3rdparty\OCComSDK.dll, Quarantined, [d5a8f7da603932047f68db5f48bd4bb5],
    PUP.Optional.OpenCandy, C:\Users\Nancy\AppData\Local\Temp\HYD4DA6.tmp.1436641308\HTA\install.1436641308.zip, Quarantined, [bdc0349df9a0d165fbfe8dd8d431f010],
    PUP.Optional.MorePowerfulCleaner, C:\Users\Nancy\AppData\Local\Temp\I3J3HFYEX\CI1B8JOXS.exe, Quarantined, [205dfdd46d2c171fedf5f503ad546997],
    PUP.Optional.CheckOffer, C:\Users\Nancy\AppData\Local\Temp\is-SMT0F.tmp\temporal_setup.exe, Quarantined, [235a13be7920fb3bc62c1b0f986929d7],
    Adware.Agent.WFI, C:\Users\Nancy\AppData\Local\Temp\is-UMCE8.tmp\IDH.dll, Quarantined, [bfbe3f92a5f466d0afa016fd0ff3d62a],
    Adware.PennyBee, C:\Windows\Temp\bobca\Gimcabr.exe, Quarantined, [6d10a0315b3ee2541612ee1f53af738d],
    Adware.PennyBee.WnskRST, C:\Windows\Temp\bobca\Kepyje.din, Quarantined, [f984765bf2a78ea8eee834e56f931de3],
    PUP.Optional.DotDo, C:\Users\Nancy\AppData\Local\setupone.exe, Quarantined, [116c567bd6c3a19574e3c6703fc333cd],
    Trojan.Dropper.IR, C:\Windows\chromebrowser.exe, Quarantined, [106da72a8217cf6784b550e4b34fe51b],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\ffmpegsumo.dll, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\cef.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\cef_100_percent.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\cef_200_percent.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\core.dll, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\cpx.exe, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\d3dcompiler_43.dll, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\d3dcompiler_47.dll, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\debug.log, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\icudtl.dat, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\libcef.dll, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\libEGL.dll, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\libGLESv2.dll, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\natives_blob.bin, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\snapshot_blob.bin, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\hi.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\am.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ar.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\bg.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\bn.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ca.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\cs.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\da.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\de.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\el.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\en-GB.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\en-US.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\es-419.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\es.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\et.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\fa.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\fi.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\fil.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\fr.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\gu.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\he.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\hr.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\hu.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\id.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\it.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ja.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\kn.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ko.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\lt.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\lv.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ml.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\mr.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ms.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\nb.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\nl.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\pl.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\pt-BR.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\pt-PT.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ro.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ru.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sk.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sl.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sr.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sv.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\sw.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\ta.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\te.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\th.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\tr.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\uk.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\vi.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\zh-CN.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\locales\zh-TW.pak, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\PepperFlash\manifest.json, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.CPX, C:\Program Files (x86)\cpx\PepperFlash\pepflashplayer.dll, Quarantined, [f28b4a871a7f71c521ea33ee9f6557a9],
    PUP.Optional.ConsumerInput, C:\Windows\Tasks\CIMT_daily_S-1-5-21-1716612969-2344737603-4151003975-1000.job, Quarantined, [a8d5666bb0e9c472f769df4d8a7a659b],
    PUP.Optional.ConsumerInput, C:\Windows\Tasks\CIMT_S-1-5-21-1716612969-2344737603-4151003975-1000.job, Quarantined, [cbb227aa5b3eca6cabb653d9758f49b7],
    PUP.Optional.Yelloader, C:\Program Files (x86)\dataup\dataup.ini, Quarantined, [f58838999801f343f1821f498a7a29d7],
    PUP.Optional.Yelloader, C:\Program Files (x86)\dataup\NTSVC.ocx, Quarantined, [f58838999801f343f1821f498a7a29d7],
    PUP.Optional.NoteUp, C:\Users\Nancy\Desktop\Note-Up.lnk, Quarantined, [1f5e4a87d3c61620e0a9d19a9d6736ca],
    PUP.Optional.NoteUp, C:\Users\postgres\Desktop\Note-Up.lnk, Quarantined, [80fda32eb3e660d698f1412a7d8721df],
    PUP.Optional.VBates, C:\Users\Nancy\AppData\LocalLow\Company\Product\1.0\localStorageIE.txt, Quarantined, [6b124f82b9e0280e643e88e40103956b],
    PUP.Optional.VBates, C:\Users\Nancy\AppData\LocalLow\Company\Product\1.0\1240EF70, Quarantined, [6b124f82b9e0280e643e88e40103956b],
    PUP.Optional.VBates, C:\Users\Nancy\AppData\LocalLow\Company\Product\1.0\localStorageIE_backup.txt, Quarantined, [6b124f82b9e0280e643e88e40103956b],
    Ransom.FileCryptor, C:\Users\Nancy\AppData\Local\Temp\msconfig.exe, Quarantined, [c7b6c20f7326fe387f56029431d33fc1],
    PUP.Optional.FreeTheMediaPlayer, E:\Desktop\FTM+.url, Quarantined, [cab321b00a8f6acc7af3e4bf51b323dd],
    PUP.Optional.FreeTheMediaPlayer, C:\Users\Nancy\AppData\Local\Shortcut Installer\FTM+.ico, Quarantined, [fa83dff2a6f384b205694261c341ea16],
    PUP.Optional.MultiPlug.PrxySvrRST, C:\Windows\System32\Tasks\3409948, Quarantined, [bbc25c759dfcd16590779213c14325db],
    Adware.EoRezo, C:\Program Files (x86)\sunnyday\unins000.dat, Quarantined, [5d203b964d4c9d995242277f24e0f808],
    Adware.EoRezo, C:\Program Files (x86)\sunnyday\otutnetwork.exe, Quarantined, [5d203b964d4c9d995242277f24e0f808],
    Adware.EoRezo, C:\Program Files (x86)\sunnyday\sunnyday-widget.txt, Quarantined, [5d203b964d4c9d995242277f24e0f808],
    Adware.EoRezo, C:\Program Files (x86)\sunnyday\unins000.exe, Quarantined, [5d203b964d4c9d995242277f24e0f808],
    Adware.EoRezo, C:\Program Files (x86)\sunnyday\uninstaller.exe, Quarantined, [5d203b964d4c9d995242277f24e0f808],
    Adware.EoRezo, C:\Program Files (x86)\sunnyday\wincom_FKK.exe, Quarantined, [5d203b964d4c9d995242277f24e0f808],
    Trojan.FakeAlert, C:\Users\Nancy\AppData\Local\Temp\SIDLL54PO4\testversion.exe, Quarantined, [b8c5ce030297d4624d50d8d0c73dad53],
    PUP.Optional.MorePowerfulCleaner, C:\Users\Public\Desktop\MPC Cleaner.lnk, Quarantined, [a5d85180f5a4d561302655544fb57987],
    PUP.Optional.MorePowerfulCleaner, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC\MPC Cleaner.lnk, Quarantined, [255823aea2f7c86e9bbcbeebe91ba55b],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\symsrv.yes, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\snh.dll, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AdbWinApi.dll, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AdbWinUsbApi.dll, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AdcManager.dll, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AndriodServer.dll, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\CeBase.dll, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\CrashReport.exe, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\dbgkpt.dll, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT.manifest, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\msvcm90.dll, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\msvcp90.dll, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\msvcr90.dll, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Support.dll, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\symsrv.dll, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Utility.dll, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\wfhxte.dat, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\xadb.exe, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XSkin.dll, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\ymlct, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Exe\ADC_qd00000.exe, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\Clean.xf, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\PlugIn.xf, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\as.db, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\cf.db, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\run.db, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\st.db, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCBase_32.sys, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt.inf, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt.sys, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt_vista_32.sys, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt_vista_64.sys, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt_xp_32.sys, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q2.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\ad_gray.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\ad_green.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\ad_org.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\ad_red.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g1.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g10.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g11.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g12.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g2.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g3.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g4.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g5.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g6.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g7.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g8.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g9.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q1.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q10.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q11.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q12.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q3.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q4.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q5.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q6.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q7.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q8.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q9.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r1.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r10.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r11.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r12.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r2.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r3.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r4.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r5.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r6.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r7.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r8.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r9.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\sys_gray.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
     
  20. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\sys_green.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\sys_org.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\sys_red.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y1.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y10.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y11.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y12.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y2.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y3.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y4.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y5.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y6.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y7.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y8.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y9.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{08DA4B46-E0EB-4B4D-8C8B-558C967AF6C5}.ico, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{22A8D5A3-F368-4C6B-BF4D-3C901EBCF242}.ico, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{3F9A707D-2C36-4344-8621-B8E4ADC95C18}.ico, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{ADC520A9-B4B3-791E-B149-845C11673CB0}.ico, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{CDA529A9-B1B3-793E-B449-845C11673CB5}.ico, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{D8EC46AF-529F-4636-963B-C086429C73DA}.ico, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{DE37CD8C-DE7B-481F-A676-303ABAFBEE04}.ico, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{EDA029A1-B5BA-793E-B649-875C18673CC5}.ico, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{F154C596-75A9-4028-90E8-9752BD7CA05B}.ico, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{FDA029A2-A5BA-797E-B689-875E18673FC2}.ico, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\toasts_waring.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\adcapp.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\adcweb.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\block.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\home.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\ie.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\search.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\AR_green.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\AR_org.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\AR_red.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\Bp_green.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\Bp_org.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\Bp_red.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SpeedUp_green.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SpeedUp_org.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SpeedUp_red.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SVC_green.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SVC_org.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SVC_red.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\TSK_green.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\TSK_org.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\TSK_red.png, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT\msvcm90.dll, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT\msvcp90.dll, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT\msvcr90.dll, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Cleaner\Lang.xf, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Cleaner\Skin.xf, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\CrashReport\Lang.xf, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\CrashReport\Skin.xf, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\News\Lang.xf, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\News\Skin.xf, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Tray\Lang.xf, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Tray\Skin.xf, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Uninstall\Lang.xf, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Uninstall\Skin.xf, Quarantined, [b3ca933e57422016c4e3c4e5c44007f9],
    PUP.Optional.BuzzingDhol, E:\Desktop\Buzzing Dhol.lnk, Quarantined, [e39a0ec3c8d1f44237c426840202d729],
    PUP.Optional.Linkury, C:\Users\Nancy\AppData\Roaming\ApplicationHosting.dat, Quarantined, [4f2e7c550495bd79a075208fe1230af6],
    PUP.Optional.Linkury, C:\Users\Nancy\AppData\Roaming\md.xml, Quarantined, [b6c7923fdcbd83b38492b9f60ef628d8],
    PUP.Optional.Linkury, C:\Users\Nancy\AppData\Roaming\noah.dat, Quarantined, [235ad9f8881179bd1ef98f20ae56a858],
    PUP.Optional.Linkury, C:\Users\Nancy\AppData\Roaming\lobby.dat, Quarantined, [88f5f2df0b8ebc7adec8189743c1fa06],
    PUP.Optional.Caster, C:\Program Files\Caster\wizzcaster.exe, Quarantined, [3b427a57d6c31a1cc2b8d1e605ffda26],
    PUP.Optional.Goobzo, C:\ProgramData\smp2.exe, Quarantined, [7508577af2a76dc9f9bd6750739110f0],
    PUP.Optional.MultiPlug.PrxySvrRST, C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok18949711.lnk, Quarantined, [80fd25ac059438fe2db1576037cd7789],
    PUP.Optional.IDSCProduct, E:\Desktop\Sound+.lnk, Quarantined, [8df0e5ec2d6ca49232d2d6e337cdef11],
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+\silentunconfigurator.exe, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+\backup_NVIDIA High Definition Audio_VG248-4.reg, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+\backup_Realtek High Definition Audio_Realtek Digital Output.reg, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+\backup_Realtek High Definition Audio_Speakers.reg, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+\backup_Siberia Raw Prism Headset_Headphones.reg, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+\config.conf, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+\idscservice.exe, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+\silentconfigurator.exe, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+\SoundP.dll, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+\Uninstall.exe, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+\uninstaller.exe, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+\config\SoundP.conf, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+\config\SoundP.err, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+\config\SoundPLinks.conf, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
    PUP.Optional.IDSCProduct, C:\Program Files\Sound+\config\SoundPUser.conf, Quarantined, [5825efe2c0d962d423e61b9eb74dac54],
     
  21. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\release.log, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\libGLESv2.dll, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cef.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cef_100_percent.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cef_200_percent.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cef_extensions.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\d3dcompiler_43.dll, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\d3dcompiler_47.dll, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\devtools_resources.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\icudtl.dat, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\libcef.dll, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\libcurl.dll, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\libEGL.dll, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\license.rtf, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\log4cplusU.dll, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\msvcp120.dll, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\msvcr120.dll, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\natives_blob.bin, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\snapshot_blob.bin, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\Uninstall.exe, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\widevinecdmadapter.dll, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\wow_helper.exe, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache\Cookies, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache\Cookies-journal, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache\data_0, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache\data_1, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache\data_2, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache\data_3, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache\index, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache\Visited Links, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache\GPUCache\data_0, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache\GPUCache\data_1, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache\GPUCache\data_2, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache\GPUCache\data_3, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache\GPUCache\index, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache1\Cookies, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache1\Cookies-journal, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache1\data_0, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache1\data_1, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache1\data_2, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache1\data_3, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache1\index, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache1\Visited Links, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache1\GPUCache\data_0, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache1\GPUCache\data_1, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache1\GPUCache\data_2, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache1\GPUCache\data_3, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\cache1\GPUCache\index, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\hi.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\am.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\ar.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\bg.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\bn.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\ca.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\cs.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\da.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\de.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\el.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\en-GB.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\en-US.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\es-419.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\es.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\et.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\fa.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\fi.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\fil.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\fr.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\gu.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\he.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\hr.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\hu.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\id.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\it.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\ja.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\kn.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\ko.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\lt.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\lv.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\ml.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\mr.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\ms.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\nb.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\nl.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\pl.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\pt-BR.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\pt-PT.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\ro.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\ru.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\sk.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\sl.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
     
  22. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\sr.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\sv.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\sw.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\ta.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\te.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\th.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\tr.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\uk.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\vi.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\zh-CN.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\locales\zh-TW.pak, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Trojan.WinDriveUse, C:\Program Files (x86)\windriveuse\plugins\pepflashplayer.dll, Quarantined, [6815745dcecb8aac9dc5b801a95beb15],
    Adware.Agent.Proxy, C:\Users\Nancy\AppData\Local\cap.exe, Quarantined, [c9b48150cecb94a237bcd4e6e71d42be],
    Adware.Agent.Proxy, C:\Users\Nancy\AppData\Local\ddnow.exe, Quarantined, [6f0e656c8613e452698c83379d673fc1],
    Adware.Agent.Proxy, C:\Users\Nancy\AppData\Local\setupone.exe, Quarantined, [2c51438e7524d264de19754523e1966a],
    Adware.Agent.Proxy, C:\Users\Nancy\AppData\Local\tinstall.exe, Quarantined, [7607c20f7a1f181e87725565ed17c739],
    Adware.Agent.Trace, C:\Users\Nancy\AppData\Local\aatxtname.txt, Quarantined, [f28bebe6d6c31026f406427864a00000],
    Adware.Agent.Trace, C:\Users\Nancy\AppData\Local\ok223.txt, Quarantined, [324b3899efaabd79ee0df9c1d52fba46],
    Adware.Agent.Trace, C:\Users\Nancy\AppData\Local\tr5b.txt, Quarantined, [e895339eabee4aec34c8af0ba75dc13f],
    PUP.Optional.AppVerifier, C:\ProgramData\App-verifier\AppVerifier.exe, Quarantined, [334a38992871e254d04a206e0400d729],
    PUP.Optional.BuzzingDhol, C:\Windows\Buzzing Dhol\Buzzing Dhol\Buzzing Dhol.exe, Quarantined, [8eefc50cdbbe1d199068b3f711f38080],
    Rogue.RegTool, C:\Program Files (x86)\regtool\regtool.exe, Quarantined, [512c834e1287ff37ae0a22e4d82b936d],
    PUP.Optional.Mstrn, C:\Users\Nancy\AppData\Local\mstrn32\cookies, Quarantined, [90edd8f9ddbc54e263b19e792ed5a55b],
    PUP.Optional.Mstrn, C:\Users\Nancy\AppData\Local\mstrn32\db.sqlite, Quarantined, [90edd8f9ddbc54e263b19e792ed5a55b],
    PUP.Optional.Mstrn, C:\Users\Nancy\AppData\Local\mstrn32\db.sqlite.bak, Quarantined, [90edd8f9ddbc54e263b19e792ed5a55b],
    PUP.Optional.Mstrn, C:\Users\Nancy\AppData\Local\mstrn32\Setting.ini, Quarantined, [90edd8f9ddbc54e263b19e792ed5a55b],
    PUP.Optional.Mstrn, C:\Users\Nancy\AppData\Local\mstrn32\urls.txt, Quarantined, [90edd8f9ddbc54e263b19e792ed5a55b],
    PUP.Optional.Mstrn, C:\Users\Nancy\AppData\Local\mstrn32\urls.txt.bak, Quarantined, [90edd8f9ddbc54e263b19e792ed5a55b],
    PUP.Optional.ConvertAd, C:\Users\Nancy\AppData\Roaming\NUIns\NUIns.exe, Quarantined, [daa3369b772282b4f9ce88b15aa92fd1],
    PUP.Optional.ConvertAd, C:\Users\Nancy\AppData\Roaming\NUIns\Uninstall.exe, Quarantined, [daa3369b772282b4f9ce88b15aa92fd1],
    PUP.Optional.VBates, C:\Users\Nancy\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js, Quarantined, [bbc211c08019df57ce8957e3be452ed2],
    PUP.Optional.VBates, C:\Users\Nancy\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\tree.js, Quarantined, [bbc211c08019df57ce8957e3be452ed2],
    PUP.Optional.VBates, C:\Users\Nancy\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\wlist.js, Quarantined, [bbc211c08019df57ce8957e3be452ed2],
    PUP.Optional.AdvancedPCCare, C:\ProgramData\advancedpccare.net\Advanced PC-Care\apc.db, Quarantined, [89f47061b7e251e50aecc179659e3cc4],
    PUP.Optional.AdvancedPCCare, C:\ProgramData\advancedpccare.net\Advanced PC-Care\apcstartrepair_en.mp3, Quarantined, [89f47061b7e251e50aecc179659e3cc4],
    PUP.Optional.AdvancedPCCare, C:\Users\Nancy\AppData\Roaming\Advancedpccare.net\Advanced PC-Care\Errorlog.txt, Quarantined, [324bcf028f0a1c1a39bd96a44ab90ff1],
    PUP.Optional.VBates.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}\{FBC0652C-7B29-4FB6-8ADA-91F54B267AD4}\1.5\config.js, Quarantined, [186516bbff9acc6a60ba8cb063a03cc4],
    PUP.Optional.FasterWeb, C:\Program Files (x86)\Faster Web\faster-web.xpi, Quarantined, [106d626fe4b538fe6e0a53edac57b24e],
    PUP.Optional.FasterWeb, C:\Program Files (x86)\Faster Web\uninst.exe, Quarantined, [106d626fe4b538fe6e0a53edac57b24e],
    PUP.Optional.BuzzingDhol, C:\Windows\Buzzing Dhol\Buzzing Dhol\Uninstall.exe, Quarantined, [80fd14bd3564f1458d760b3631d2f40c],
    PUP.Optional.BuzzingDhol, C:\Windows\Buzzing Dhol\Buzzing Dhol\Uninstall.ini, Quarantined, [80fd14bd3564f1458d760b3631d2f40c],
     
  23. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    PUP.Optional.IDSCProduct, C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sound+ 1.0\Sound+.lnk, Quarantined, [027b01d06138fd392929241d51b22ed2],
    PUP.Optional.IDSCProduct, C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sound+ 1.0\Uninstall.lnk, Quarantined, [027b01d06138fd392929241d51b22ed2],
    PUP.Optional.Tuto4PC, C:\Users\Nancy\AppData\Local\tuto_monetize_120160501\tuto_monetize_120160501\1.10\cnf.cyl, Quarantined, [9ce1a031d9c0de584a11b38e62a11de3],
    PUP.Optional.Tuto4PC, C:\Users\Nancy\AppData\Local\csdi_monetize_120160501\csdi_monetize_120160501\1.10\cnf.cyl, Quarantined, [bac3626f504966d05ffc7cc53ec58878],
    PUP.Optional.Tuto4PC, C:\Users\Nancy\AppData\Local\csdi_monetize_220160428\csdi_monetize_220160428\1.10\cnf.cyl, Quarantined, [631ab51cfd9c9c9a8bd083be867d4ab6],
    PUP.Optional.BrowserHijack.ShrtCln, C:\Program Files (x86)\Internet Explorer\iexplore.bat, Good: (), Bad: (http://pagego.ru/?from=mru1"), Replaced,[b3cacd04fd9c0b2b313ef7898b7a8977]
     
  24. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    PUP.Optional.Clicker.ChrPRST, C:\Users\Nancy\AppData\Local\cpx\list.txt, Quarantined, [bfbeb51c97024de90465fc81d92c31cf],
    PUP.Optional.Clicker.ChrPRST, C:\Users\Nancy\AppData\Local\cpx\config.ini, Quarantined, [bfbeb51c97024de90465fc81d92c31cf],
    PUP.Optional.Clicker.ChrPRST, C:\Users\Nancy\AppData\Local\cpx\Cookies, Quarantined, [bfbeb51c97024de90465fc81d92c31cf],
    PUP.Optional.Clicker.ChrPRST, C:\Users\Nancy\AppData\Local\cpx\Cookies-journal, Quarantined, [bfbeb51c97024de90465fc81d92c31cf],
    PUP.Optional.Amonetize, C:\Users\Nancy\AppData\Local\Temp\amipixel.cfg, Quarantined, [3f3e4b86e6b3171faad4394493727789],
    PUP.Optional.Linkury.ACMB1, C:\Users\Nancy\AppData\Roaming\Config.xml, Quarantined, [de9f755c95048aac4b75245900057789],
    PUP.Optional.Linkury.ACMB1, C:\Users\Nancy\AppData\Roaming\InstallationConfiguration.xml, Quarantined, [4c312ba6b7e280b6e5dca7d615f0728e],
    PUP.Optional.HijackHosts.Gen, C:\Windows\System32\iup\khy\jekdi.dat, Quarantined, [bfbeaa27a7f269cde3754f290bfa59a7],
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (107.178.247.130 connect.facebook.net), Replaced,[fb82d2ff0e8bed49b9897a04c83dcb35]
     
  25. Bunbun

    Bunbun TS Rookie Topic Starter Posts: 46

    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (.facebook.net
    107.178.255.88 www.go), Replaced,[81fc31a01f7a91a5fd4599e53bca5da3]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (107.178.248.130 static.doubleclick.net), Replaced,[aad3c20f9aff2e0892b1dba37f8634cc]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (.facebook.net
    107.178.255.88 www.goog), Replaced,[bebf24adf6a30234c97a84fa8e7728d8]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (107.178.255.88 www.google-analytics.com), Replaced,[720b438ebddc79bd380c6e10f411a759]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (nalytics.com
    107.178.255.88 www.s), Replaced,[136a01d0e0b93105d86c5529b94c04fc]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (gle-analytics.com
    107.178.255), Replaced,[2c511db4f8a13bfb0440ec9207fe4cb4]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (.google-analytics.com
    107.178.255.88 w), Replaced,[9ae30ac7a1f8f83e7acaea9460a57d83]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (nalytics.com
    107.178.255.88 www.statcounte), Replaced,[bcc140913a5fc86e7fc5ceb0d4310ff1]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (tics.com
    107.178.255.88 www.statco), Replaced,[84f948895841b97da3a15727867fb54b]
    Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (er.com
    107.178.255.88 ssl.google-analy), Replaced,[fb821fb2e4b549eda2a28ef00ff6956b]

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...